Digital transformation increases the risk of data breaches at enterprises: Vaidyanathan Iyer, IBM

Digital transformation increases the risk of data breaches at enterprises: Vaidyanathan Iyer, IBM
Vaidyanathan Iyer
28 Aug, 2019

Digital transformation, multi-cloud environments and migration to the cloud have increased the chances of data breaches at enterprises, Vaidyanathan Iyer, security software leader for India and South Asia at IBM, told TechCircle.

As enterprises increasingly move away from working in isolated environments, the likelihood of such breaches occurring more frequently are natural, Iyer said, adding however, that this is an interim phenomenon.

"When someone is disrupting oneself in terms of business and operational processes and someone is attacking, a breach happens. You cannot define enterprise security anymore because there are several possibilities of breaches," he said. Increasingly, employees are using multiple apps from multiple devices and locations while the suppliers and partners of enterprises are logging into the system using different cloud providers adding to the risk.

"It is an open world. That is adding up. People are accepting that there will be data breaches and are looking at response mechanisms. They understand that it is not going to be zero-incident," he explained, indicating that despite the risks, enterprises are far from dissuaded from aggressively looking at digitisation.

According to a recent study released by the Armonk-headquartered software services and consulting gaint last month, the time to identify data breaches has grown to seven months from about six months earlier. However, it also noted that the time taken to contain the breach has also reduced. While the incidence of data breaches has increased, the willingness on the part of enterprises to acknowledge the problem has made it easier for technology companies to improve their response management capabilities.

"Companies are trying to recoup from the breaches better, which shows the level of maturity at enterprises adopting digital technologies," Iyer said.

The average cost of a data breach in India has increased by 7.3% to Rs 12.8 crore this year, according to the study cited earlier. Adjusting for currency, the figures are more or less similar to the global average, Iyer said. The report added that Rs 5,019 is the per capita cost per lost or stolen record, an increase of 9.76% from the previous year.

According to Iyer, security has to underpin any digital transformation by analysing the risk and strategising the business priority. He added that the enterprises need to have a comprehensive threat management system in place as well as a recovery system in the eventuality of a breach.

Every enterprise needs to ask a lot of questions before rushing to digitise before they are ready, Iyer cautioned. Some of the key questions include whether there has been an assessment of the business risk of the organisation, are enterprises rushing towards digitisation because of business compulsions, what the company wants to achieve by way of digitisation, and how digital trust can be infused in every digital transaction.

Awareness among customers on digitisation and cybersecurity is prompting enterprises to look beyond products.

"Customers are not talking about products that they want. They want to know about the outcomes in terms of what cyber assurance can we provide. Nobody asks about the firewall anymore. Not just enterprises, even startups who set up on the cloud on day one tell the cloud providers what is the outcome that they want. So we talk about a comprehensive solution, not products, but our capabilities," Iyer said.

According to IBM, since businesses are dynamic and enterprises need to re-evaluate risks often, the implementation of a product is not in the hands of the cloud solution provider but in the hands of the provider. "More often than not, data breaches happen because of an enterprise's security posture rather than an inherent lacuna in the cloud. The threat level for companies will be different according to their industries or exposure or nature of the business or the threat management system the company has put in place," Iyer said.

IBM has seen a double-digit growth in revenues in India as it sees a lot of consumption in consultancy services as well. With customer awareness being high and smart cities and internet of things (IoT) picking up along with financial sector transformation, the business is growing rapidly, Iyer said.