Uday Deshpande, CISO, L & T Group, exposes critical security gaps and solutions

Uday Deshpande, CISO, L & T Group, sheds light on the common vulnerabilities and weaknesses that organizations often overlook or underestimate when it comes to safeguarding their digital assets and sensitive information.
Sneha Jha
  • Updated On Oct 27, 2023 at 12:09 PM IST
Read by: 100 Industry Professionals
Reader Image Read by 100 Industry Professionals

<p><strong>Uday Deshpande, CISO, L & T Group</strong></p>
Uday Deshpande, CISO, L & T Group

Know security. No pain.


No security. Know pain

That’s the cold hard truth CISOs bump up against as they try to thwart security threats. Abiding by rigorously enforced, monitored, and reviewed security practices can help create a holistic security cover and attain visibility into the security environment of your company.

Cyber hygiene and discipline may very well be basic- but if you don’t pay close attention to them, you may be setting your organization up for some nasty, brutish security nightmares.

Uday Deshpande, CISO, L & T Group shines light on common security lapses and best practices to deal with them.

Advt
Security lapse 1

Cyber hygiene in operations: There is a need to practice cyber hygiene knowledge and behavioral response to reduce the cyber risks which can be a result of user behavior in cyberspace in terms of ignorance, or simple negligence when using computers, mobiles, or any digital device that can bring about many problems. There should be an appreciation for software updates, improving enterprise patching practices for general IT systems, and the need to create unique passwords are particularly important components of cyber hygiene.

Similarly, delays in patch deployment create a larger window of opportunity for attackers. Many organizations lack tools to help them measure and assess the effectiveness and timeliness of their patching efforts. Many organizations also struggle to prioritize patching efforts, test patches before deployment, and adhere to policies for how quickly patches need to be applied in different situations.

Good cyber hygiene can promote safe behaviors and can protect against cyber threats to a great extent.

Best practice

Patching and applying system updates as per schedule should be part of the overall hygiene to reduce the attack surface. I see a lot of scope for automation to streamline this.

Security lapse 2

Cyber discipline: Typically, there is a tendency to bypass security controls for various purposes like admin access, open internet access, USB related access due to which the malware gets introduced in our environment, and once they get in, they create havoc.

Best practice

There is a need for adopting the principle of least privilege and assigning those privileges on a ‘need to know’ basis. In a nutshell, there is a need to adopt and apply principles of “Zero Trust” to the core. Also, wherever possible you need to ensure multi-factor authentication (MFA) since that is the most common cause for scammers to get into your systems. Conglomerates have to use this to prevent any possible infiltration into the enterprise environment.

Advt
Other most important best practice from the manufacturing sector perspective is that there should be network segregation and Zero Trust implementation to the core because, in most manufacturing and engineering environments, we rely on a lot of industry automation in the form of industrial robots or equipment automation through IoT-enabled mechanisms. There is an ask from the senior management that you should be able to operate IoT from anywhere but you also need to keep your IoT completely separate.

We have seen the latest examples of cyberattacks where OT & IoT-enabled machines through a third party were compromised so you need to keep your operations-related technology completely independent from your enterprise environment and as much as possible through OT firewall and data diode kind of bulletproof mechanisms so that hackers will not be able to enter those critical operation environments. In an OT environment, it is not confidentiality and integrity but availability that is much more important. Any lapses there have the potential to impact human life and production.

NOTE: This special feature is part of ETCISO's Cybersecurity Awareness Month.



  • Published On Oct 27, 2023 at 12:09 PM IST
Be the first one to comment.
Comment Now

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles
Scan to download App