Rajnish: Anindya welcome to the podcast and thanks for coming over.

Anindya: Thanks Rajnish and greetings to you and your listeners on world Energy Environment Week. I'm delighted to share my thoughts on the subject, but I would like to just place a key caveat that this should not be construed to be the views of Shell. Thank you.

Rajnish: My first question to you Anindya. How do you think a carbon price can help abate emissions?

Anindya: Yeah, that's a great question Rajneesh and there is a short answer and a slightly more evolved answer, so let me attempt both. The short answer is that greenhouse gas emissions carbon emissions have an externality, and the cost is borne by the society, and not necessarily by the emitter. Carbon pricing strives to place a cost on the emitter and thereby putting the sort of cost where the burden is. But if you sort of dig up a little deeper, the whole carbon pricing policy intervention is a clear nudge that Governments can give to various players across the economy on what they need to do. And there's various aspects that we should explore in this context, first is the competitive disadvantage of the first movers. There are companies right now who are contemplating climate action, but they find that such action involves costs which brings in a competitive disadvantage to them vis a vis with their competitors and therefore they do think twice before implementing major programs. A carbon pricing across a sector will ensure that all sector players are having the same level playing field and start taking the same steps and ideally this moves into an economy wide coverage, so I think that's very important to make sure that the early movers don't get disadvantaged. Secondly, there is a policy outlook signalling that this is very important. Companies right now are struggling to see what the pricing, carbon pricing or any compliance framework will look like in the coming years and decades. So, if the government can clearly indicate that this is going to be the carbon pricing methodology that the government will adopt and how it will progressively change over time, companies will be in a position to make the right technology choices back to green technology and make their investments that are well tested against such a carbon pricing regime. On the case on this case, also another aspect we need to talk about is resource mobilization. So carbon pricing of course also yields resources for the government whether it's a carbon tax or a market based mechanism like the ETS and the government, then can direct some of this to supporting new technologies. Green technologies that are not proven, for example, if it wants to support offshore wind or biofuels but also maybe use it to address the needs of just transition, so there are going to be sections of society which will be burdened by higher cost of the energy transition and some of this will be available for that. Another aspect I think we should also consider when talking about carbon pricing is globally various countries are adopting carbon pricing where there's tax or emissions traded systems and to make sure that there are no carbon leakages these countries are likely to impose a border adjustment mechanism as Europe is considering. So, if Indian companies have to operate or export into these markets then they'll have to demonstrate that they have carbon pricing domestically. So that's very important for Indian companies to achieve, I mean India has a huge trade with Europe for example of 36 or $37 billion and the part of that will get impacted by this. And the other advantage of integrating to global markets is that Indian players will have access to much deeper and wider markets for carbon offsets. For example, they are on the buy side or sell side.

Rajnish: So Anindya I agree with you, I think carbon prices are the talk of the day. Now the big question basically, which is there when you look in the case of India is should India go for a carbon tax or should it go for an emission based or a market based trading mechanism? What do you think are the pros and cons to the two and you refer to that while you're answering the earlier question?

Anindya: Yes, indeed, these are the two popular models which various countries have experimented with over the last several years. So, the advantage for India is that India can certainly benefit from the experiences of these countries and get sort of rich learnings out of it. Carbon tax in terms of implementation is perhaps much less complex, though politically less acceptable because it's it will be very transparently seen to be adding to the cost to the customers or taxpayers, as the case may be also, it needs to sit within the existing taxation framework and jurisdictional sensitivities, and I know Ernst & Young has already presented an analysis on how this can be done. As for emissions trading, there is a possibility that the existing market-based mechanisms for energy efficiency, which is the path scheme and the eCerts and the renewable energy, which is the RPO and RECs, could be brought under a carbon framework which could then be expanded to a functional emissions trading scheme. However, the complexities of the market design that address the needs of a progressive decarbonization without causing market failure needs to be carefully considered.

Rajnish: I agree with you Anindya, I think carbon taxes are easier and as you gave there are pros and cons to each of the approach. Now, given that we have a blank piece of paper in India as of this point of time, what would be your advice to our clients as to how they should think about this and go ahead?

Anindya: Indeed, that's a very important I think question to consider for countries so companies at this point in time as various regulatory changes are likely to happen in the coming future. Well, one can never be certain as to when a compliance framework for carbon will emerge in India, but we have seen a compliance framework in energy efficiency and renewable energy that was successfully implemented. We are also hearing of an RPO type framework for green hydrogen progressive Indian companies are already beginning their decarbonization journeys by implementing internal carbon pricing. CDP's annual report mentions 31 companies already having an internal common price or companies are signing up to the SBTI's or making commitments under RE 100 EP 100 EV 100 type commitments. But to ensure a sustainable future and a social license to operate, companies will need to transparently share their plans to adhere to carbon budgets available so as to achieve the climate action goals agreed by the international community such companies will withstand any shocks that could credibly arise from external carbon pricing, whether through taxes or market-based mechanism.

Back to podcast

Podcast transcript: Emerging cyber threats and trends

10 min | 30 October 2023

In conversation with:

Piyush Kumar Jha
EY India Cybersecurity Consulting Director

Tarannum: Welcome to the EY India Insights podcast. We are running a series - Navigating cyber threats as part of the Cybersecurity Awareness Month special. In this series, we explore how leaders can effectively approach the cybersecurity challenges of today and tomorrow. By the end of 2024, global cyberattack costs are forecasted to exceed US$10.5 trillion, emphasizing the urgent need to prioritize cybersecurity at personal, organizational and government levels.

In this episode, we will not only discuss the emerging threats but also upcoming trends in the cybersecurity domain. I am your host that Tarannum Khan, and our guest today is Piyush Kumar Jha, Cybersecurity Consulting Director at EY India. With over 14 years of diverse experience, he specializes in enterprise security architecture, cyberthreat management, cyber maturity assessment and technology solution effectiveness. Piyush currently leads cybersecurity engagements globally across various technology, media, and telecom sectors.

Welcome to our podcast, Piyush. How are you doing today?

Piyush Kumar Jha: Thank you, Tarannum. I am doing well and thank you for having me here.

Tarannum: Can you give us an overview of the current cyber threat landscape? And what are the emerging cyber threats that individuals and organizations should be aware of?

Piyush Kumar Jha: We all know that the technological landscape is constantly changing across the globe, which is paving the way for various (cyber) threats to emanate from various sources and for several reasons.

There are numerous emerging cyber threats in today's world which are actually are causing concerns due to their potential impact on a) individuals, b) organizations, and c) even nations. Some of the most concerning threats which I would like to highlight are the ransomware attacks, which continue to evolve with cyber criminals targeting organizations and demanding substantial ransoms to decrypt their data, (for) zero-day exploits, supply chain attacks, deepfakes and artificial intelligence (AI) enhanced attacks. Phishing and social engineering are also among them.

Others cyber threats include nation, state-sponsored cyberattacks, vulnerabilities in the Internet of Things (IoT) landscape, challenges related to cloud security landscape, security risks in the 5G landscape, quantum computing threats, cyber threats to the critical infrastructure, remote-working risks, mobile device risks, and integration of AI and machine learning in cyberattacks. These are the key cyber threats which are concerning for organizations, individuals as well as nations in the present day.

Tarannum: What role does threat intelligence play in staying ahead of emerging cyber threats, and how can organizations effectively incorporate it into their cybersecurity strategies?

Piyush Kumar Jha: There are two aspects to it; one is what is the role of threat intelligence, and the other is how can organization effectively incorporate the same into the cybersecurity strategies to strengthen the overall cybersecurity posture?

If you talk about the cyber threat intelligence, it plays a very crucial role in staying ahead of emerging cyber threats and providing organizations with valuable information about potential threats, vulnerabilities, and attack techniques.

But how does it help an organization? It helps in early detection of threats, provides the contextual awareness such as the tactics, techniques and the procedures used by threat actors that actually aids in understanding the potential impact of threats, and the countermeasures to defend against them. The other aspects include indicators of compromise, attack attribution, and cybersecurity trends. These are the key roles of threat intelligence.

If you are about to incorporate threat intelligence effectively within the organization, the first step is to define the objective. This is something that should be aligned with the overall cyber strategy of the organization as it clearly defines the objective of the organization's threat intelligence as a program, the key threats that the organization is most concerned about, critical assets or the information that the organization actually needs to protect. Understanding the organization’s goals also helps it guide towards realizing the threat intelligence efforts.

Secondly, collection of quality data, analysis and contextualization, integration of various security tools, threat prioritization, updating the defense mechanisms or systems on a regular basis, and training, and awareness are the key areas that all organizations must embrace as a part of incorporating in threat intelligence.

Also, it does not matter what tools, technologies, enablers are existing if people who are working on them are not aware of the context and the scenario. So, training and awareness should be given the utmost priority.

Tarannum: With remote work becoming more common, what are the unique security challenges and trends associated with a distributed workforce?

Piyush Kumar Jha: The shift towards remote working has brought in various security challenges and threats that an organization needs to address to maintain a robust and sometimes cyber security posture. Such key security challenges include endpoint security, home network security, data privacy, access controls, identity and access management, overall phishing and social engineering, secure communications, and data loss prevention.

Talking about security trends, zero-trust security model, secure access service edge (SASE), cloud security, endpoint detection and response, secure remote work policies, awareness and training, regulatory compliances, cybersecurity skills, incident response and hybrid work environments are the current trends that we see.

Tarannum: Piyush, you rightly highlighted that it is a complex environment that we operate within. What actionable steps or advice would you offer to our listeners to stay informed and protected in this ever-evolving landscape of cyber threats?

Piyush Kumar Jha: In the near future, cybersecurity is expected to witness various innovations and advancements. Some of the key trends on how the individuals and nations can prepare for them include AI and machine learning, implementation, and enforcement of zero trust architecture, quantum computing threats, cloud security, IoT security, development, security, and operations (DevSecOps), biometric authentication, privacy regulations, cyber insurance, and incident response plans.

To prepare for these advancements, individuals and organizations should invest in the state-of-the-art cybersecurity solutions, keep their staffs well-trained and adopt a proactive approach to cybersecurity.

Tarannum: What innovations and advancements in cybersecurity should we anticipate and how do you see individuals and organizations preparing for them?

Piyush Kumar Jha: Awareness is of the utmost importance because if any individual or an organization wants to know the key innovations or advancements that will be seen in the cybersecurity landscape in the near future, they first need to be up to date on the threats, risks, vulnerabilities, and the technological solutions that are coming up.

Secondly, they should embrace a strong authentication mechanism, multi-factor authentications, unique passwords, regular software updates. They also need to be aware of phishing scenarios, securing Wi-Fi, safe browsing practices, the backups, settings from privacy perspective, email security, incident reporting, thinking about data protection and always trusting the instincts. These are some of the ways general public can protect themselves against evolving cyber threats.

Tarannum: Thank you so much Piyush for joining us and sharing such valuable insights on cybersecurity threats and trends. It has been lovely hearing from you.

Piyush Kumar Jha: Thank you so much, Tarannum.

Tarannum: Thank you for all our listeners. If you have feedback for today's episodes or questions for us, please do feel free to share it on our website or email us at markets.eyindia@in.ey.com. Until next time, I am Tarannum, and this is the Cybersecurity Awareness month special podcast series by EY India. Thank you for listening.

Back to podcast

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

EY | Assurance | Consulting | Strategy and Transactions | Tax

About EY

EY is a global leader in assurance, consulting, strategy and transactions, and tax services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EYG/OC/FEA no.

ED MMYY

This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

Topics

General

People

Back to podcast

Podcast transcript: Emerging cyber threats and trends

10 min | 30 October 2023

Back to podcast

Welcome to EY.com

Topics

General

People

Trending

Back to podcast

Podcast transcript: Emerging cyber threats and trends

10 min | 30 October 2023

Back to podcast