A Chief 'Transformation' Officer's Perspective On Data Security In Today's Tech Landscape

Having completed his Engineering from IIT Kharagpur and PG Diploma in Finance & Economics from IIM Calcutta, Sudip is a seasoned business profes-sional with over three decades of experience across diverse IT functions. Prior to joining Zscaler in 2020, he has successfully handled key roles across companies such as Reliance Capital, Reliance General Insurance, GE Money, Roamware, Price water house Coopers and Tata Metaliks, to name few.

In a recent conversation with Indranil Chakraborthy(Editor, Siliconindia), Sudip shared his insights on cyber security and data privacy in today’s rapidly evolving technology landscape. Below are the excerpts from the exclusive interview –

What are the growing implications if Generative AI on data protection policies and strategies?

The emergence of ChatGPT through Open AI has revolutionized the way in which people look at data. Right from normal text to multimedia content or coding to help software developers, Generative AI has enabled professionals to become more productive. While Generative AI does offer a host of advantages & benefits to businesses across almost every industry, there is also a disturbing side for this disruptive technology. For instance, the content being generating using this technology can be used for both good and bad things. As a result, Generative AI in the hands of wrong people can have destructive consequences.

How are companies implementing best practices to reduce risk and become more agile through Generative AI?

Banning the use of Generative AI is a wrong decision if the companies decide to do so because they will have to risk losing-out on today’s millennial gen-z workforce. Thus, it is very important for companies to give their employees access to Generative AI tools, but ensure they are used in a safe manner. In security, everything begins with having a clear visibility of all the process and function in which these Generative AI tools are being for. This can be achieved by putting-in stringent data security practices such as fingerprinting applications, access controls, and many others.

Why are cybercriminals increasingly opting for encryption-less ransomware in recent times?

The first piece of the ransomware attack is to destabilize the victim environment by encrypting data file and endpoints such as laptops, servers and others. Later, the criminals demand for ransom in return for the decryption key that will enable you unlock the files/assets and get back data. However, this method of cyberattack has transformed drastically in recent times, where in today, criminals are targeting the data that they can gain access to instead of encrypting that data and demanding for ransom. This is because in most cases, that data consists of sensitive information and even have IP rights added on to it, thus making it more valuable than the ransom itself. Additionally, encrypting a file remotely also requires a lot of coding, which can actually be avoided by acquiring data first and then blackmailing the victim. As a result, encryption-less attacks are growing at an alarming rate lately.

Briefly explain the importance of implementing data security as the core during event product development process.

The sheer volume and types of cyber threats that we are witnessing recently are growing in numbers larger than ever before. Earlier, enterprises followed a closed door approach towards data, wherein they had their own on-premise data centers, applications and equipment which were all guarded by a perimeter of firewall and other technologies. However today, with digital, their data is spread across various sources, including on public cloud such as AWS, Azure or Google. Also, it is now important for companies to have interfaces with other companies such as their technology partners, service provider and others. This increases those companies’ visibility on the internet and makes them a potential target for cyber criminals. As a result, businesses today look at cybersecurity as the core practice of their business function and ensure to implement stringent data security at every levels of the process cycle.