EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.
At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.
In the third episode of our ongoing series ‘Navigating cyber threats,’ part of Cybersecurity Awareness Month special, we delve into the emerging cyber threats and ways to tackle them. EY India Cybersecurity Consulting Director Piyush Kumar Jha joins us to discuss the current cyber threat landscape for organizations, emerging threats, the role of threat intelligence, and security challenges related to remote work. Piyush shares relevant insights on staying informed and protected in this ever-changing landscape and highlights upcoming innovations and advancements in cybersecurity.
Key takeaways
Ransomware, deepfakes, and state-sponsored attacks pose significant cybersecurity risks, requiring vigilant cybersecurity measures for individuals and organizations.
Organizations must incorporate threat intelligence in cybersecurity strategies as it aids early threat detection and can suggest countermeasures to strengthen cybersecurity.
A distributed workforce demands attention to endpoint security, data privacy, and evolving security trends for robust protection.
Staying ahead in cybersecurity means embracing innovation, threat intelligence, and adopting a proactive approach to safeguard against the ever-evolving cyber threats.
Piyush Kumar Jha
EY India Cybersecurity Consulting Director
For your convenience, a full text transcript of this podcast is available on the link below: Read the transcript
If you would like to listen to our podcasts on the go:
Tarannum: Welcome to the EY India Insights podcast. We are running a series - Navigating cyber threats as part of the Cybersecurity Awareness Month special. In this series, we explore how leaders can effectively approach the cybersecurity challenges of today and tomorrow. By the end of 2024, global cyberattack costs are forecasted to exceed US$10.5 trillion, emphasizing the urgent need to prioritize cybersecurity at personal, organizational and government levels.
In this episode, we will not only discuss the emerging threats but also upcoming trends in the cybersecurity domain. I am your host that Tarannum Khan, and our guest today is Piyush Kumar Jha, Cybersecurity Consulting Director at EY India. With over 14 years of diverse experience, he specializes in enterprise security architecture, cyberthreat management, cyber maturity assessment and technology solution effectiveness. Piyush currently leads cybersecurity engagements globally across various technology, media, and telecom sectors.
Welcome to our podcast, Piyush. How are you doing today? Piyush Kumar Jha: Thank you, Tarannum. I am doing well and thank you for having me here. Tarannum: Can you give us an overview of the current cyber threat landscape? And what are the emerging cyber threats that individuals and organizations should be aware of? Piyush Kumar Jha: We all know that the technological landscape is constantly changing across the globe, which is paving the way for various (cyber) threats to emanate from various sources and for several reasons.
There are numerous emerging cyber threats in today's world which are actually are causing concerns due to their potential impact on a) individuals, b) organizations, and c) even nations. Some of the most concerning threats which I would like to highlight are the ransomware attacks, which continue to evolve with cyber criminals targeting organizations and demanding substantial ransoms to decrypt their data, (for) zero-day exploits, supply chain attacks, deepfakes and artificial intelligence (AI) enhanced attacks. Phishing and social engineering are also among them.
Others cyber threats include nation, state-sponsored cyberattacks, vulnerabilities in the Internet of Things (IoT) landscape, challenges related to cloud security landscape, security risks in the 5G landscape, quantum computing threats, cyber threats to the critical infrastructure, remote-working risks, mobile device risks, and integration of AI and machine learning in cyberattacks. These are the key cyber threats which are concerning for organizations, individuals as well as nations in the present day. Tarannum: What role does threat intelligence play in staying ahead of emerging cyber threats, and how can organizations effectively incorporate it into their cybersecurity strategies? Piyush Kumar Jha: There are two aspects to it; one is what is the role of threat intelligence, and the other is how can organization effectively incorporate the same into the cybersecurity strategies to strengthen the overall cybersecurity posture?
If you talk about the cyber threat intelligence, it plays a very crucial role in staying ahead of emerging cyber threats and providing organizations with valuable information about potential threats, vulnerabilities, and attack techniques.
But how does it help an organization? It helps in early detection of threats, provides the contextual awareness such as the tactics, techniques and the procedures used by threat actors that actually aids in understanding the potential impact of threats, and the countermeasures to defend against them. The other aspects include indicators of compromise, attack attribution, and cybersecurity trends. These are the key roles of threat intelligence.
If you are about to incorporate threat intelligence effectively within the organization, the first step is to define the objective. This is something that should be aligned with the overall cyber strategy of the organization as it clearly defines the objective of the organization's threat intelligence as a program, the key threats that the organization is most concerned about, critical assets or the information that the organization actually needs to protect. Understanding the organization’s goals also helps it guide towards realizing the threat intelligence efforts.
Secondly, collection of quality data, analysis and contextualization, integration of various security tools, threat prioritization, updating the defense mechanisms or systems on a regular basis, and training, and awareness are the key areas that all organizations must embrace as a part of incorporating in threat intelligence.
Also, it does not matter what tools, technologies, enablers are existing if people who are working on them are not aware of the context and the scenario. So, training and awareness should be given the utmost priority. Tarannum: With remote work becoming more common, what are the unique security challenges and trends associated with a distributed workforce? Piyush Kumar Jha: The shift towards remote working has brought in various security challenges and threats that an organization needs to address to maintain a robust and sometimes cyber security posture. Such key security challenges include endpoint security, home network security, data privacy, access controls, identity and access management, overall phishing and social engineering, secure communications, and data loss prevention.
Talking about security trends, zero-trust security model, secure access service edge (SASE), cloud security, endpoint detection and response, secure remote work policies, awareness and training, regulatory compliances, cybersecurity skills, incident response and hybrid work environments are the current trends that we see. Tarannum: Piyush, you rightly highlighted that it is a complex environment that we operate within. What actionable steps or advice would you offer to our listeners to stay informed and protected in this ever-evolving landscape of cyber threats? Piyush Kumar Jha: In the near future, cybersecurity is expected to witness various innovations and advancements. Some of the key trends on how the individuals and nations can prepare for them include AI and machine learning, implementation, and enforcement of zero trust architecture, quantum computing threats, cloud security, IoT security, development, security, and operations (DevSecOps), biometric authentication, privacy regulations, cyber insurance, and incident response plans.
To prepare for these advancements, individuals and organizations should invest in the state-of-the-art cybersecurity solutions, keep their staffs well-trained and adopt a proactive approach to cybersecurity. Tarannum: What innovations and advancements in cybersecurity should we anticipate and how do you see individuals and organizations preparing for them? Piyush Kumar Jha: Awareness is of the utmost importance because if any individual or an organization wants to know the key innovations or advancements that will be seen in the cybersecurity landscape in the near future, they first need to be up to date on the threats, risks, vulnerabilities, and the technological solutions that are coming up.
Secondly, they should embrace a strong authentication mechanism, multi-factor authentications, unique passwords, regular software updates. They also need to be aware of phishing scenarios, securing Wi-Fi, safe browsing practices, the backups, settings from privacy perspective, email security, incident reporting, thinking about data protection and always trusting the instincts. These are some of the ways general public can protect themselves against evolving cyber threats. Tarannum: Thank you so much Piyush for joining us and sharing such valuable insights on cybersecurity threats and trends. It has been lovely hearing from you. Piyush Kumar Jha: Thank you so much, Tarannum. Tarannum: Thank you for all our listeners. If you have feedback for today's episodes or questions for us, please do feel free to share it on our website or email us at markets.eyindia@in.ey.com. Until next time, I am Tarannum, and this is the Cybersecurity Awareness month special podcast series by EY India. Thank you for listening.
