Chathurya (CP) Pandurangan, a cybersecurity consulting manager at BDO Canada LLP, shares her insights on how organizations have changed their perspectives on cybersecurity after COVID-19, the changing role of CISOs in organizational information security decisions, and the challenges she faces in her role as a cybersecurity consultant. Read her exclusive interview with ManageEngine below.
I started my career as a technology strategy consultant by leveraging my education in computer engineering and business administration. Most of my technology strategy consulting engagements had a significant cybersecurity component. As I delved deeper into this space, I was intrigued by how fundamental cybersecurity was for any organization and how complex it can become to establish robust cybersecurity policies, processes, operating models, and technology. Over the years, I decided to improve my knowledge and exposure in this area.
That’s when an opportunity to move internally within BDO presented itself. I immediately pursued it, and I now specialize in cybersecurity consulting and leading engagement teams to solve cybersecurity problems of clients across industries and sizes in Canada.
I specialize in advising clients on cyber risk, strategy, and transformation.
The focus on cybersecurity had been rising among clients in Canada even before the pandemic, thanks to the rising complexity of their technology footprints. COVID-19 accelerated this trend. In a short span of time, employees started working remotely; organizations had little visibility into how their digital assets were being used. High-profile cyberattacks further pushed organizations to prioritize cybersecurity over the last couple of years.
The cybersecurity regulatory landscape has also been evolving in Canada. Bills C-26 and C-27 have been tabled in the parliament; they are expected to become law. There are significant implications from a governance and regulatory perspective to set up a robust cybersecurity program, and make sure that each organization is safeguarding its critical assets.
Canadian organizations do identify [with the fact] that cybersecurity is a strategic priority. It was not that easy, say, five years ago. Things have changed dramatically.
Organizations realize that security is a responsibility shared amongst all senior executives. The CISO will surely play an increasingly important role as a subject matter expert and the authority on technical and operational controls. However, the CISO will work in collaboration with other C-suite executives in making critical cybersecurity decisions.
Indeed, cybersecurity should always be a top priority for organizations considering the complex and rapidly evolving threat landscape. Cybersecurity should be considered right from the beginning of any project. Such a security by design approach has two main benefits:
Cost savings: When cybersecurity is incorporated from the beginning, organizations can reap operational cost savings due to productivity improvements and by channelling people to do higher value work than mundane, routine work.
Future preparedness: Organizations can channel their security investments more effectively towards risk mitigation and compliance reporting. This will enable them to prepare better for the future.
Ensuring regulatory compliance is a still a key driver of cybersecurity investment today.
Data privacy and safeguarding of personally identifiable information are taken very seriously. Organizations also want to avoid penalties.
That said, other factors are also gaining importance as drivers of cybersecurity investment. For example, compliance can be looked at as a preventive measure. If something goes wrong, there can be significant damage; however, with compliance measures in place, there will be potential savings.
These are the typical challenges and pitfalls organizations face:
Hiring is going to be a challenge over the next few years. Organizations can address these challenges in multiple ways.
Building talent organically: Train the talent you already have so that they can handle more complex cybersecurity roles.
Leveraging a variety of talent pools: For example, organizations can focus on capturing young talent, maybe from campuses or schools, that have focused cybersecurity programs.
Boosting adjacent capabilities: Say somebody is working in cloud operations; they can be considered for a role in cloud cybersecurity operations as well. Look for adjacencies within the company and bring them on board to the cyber-side of things.
Retaining star performers: Make sure you identify the star performers, retain them, and reward them appropriately based on their performance.
Poaching: A strategy that companies often follow is poaching or buying from competitors.
Automation: Organizations can automate some mundane, repetitive tasks so that people can focus on higher value things and become more productive.
There are various strategies that companies are adopting to solve the cybersecurity hiring issue.
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.