The way the technology landscape is changing, it is a must for every CISO to be with the trend
This is an exclusive interview conducted by Santosh Vaswani, Content Writer & Editor at CIO News with Rohit Singh, CISO at Shri Arihant Co-Op Bank Ltd, on his Professional Jouney
When asked how he planned his career path to be a successful CISO, Rohit Singh, Chief Information Security Officer (CISO) at Shri Arihant Co-Op Bank Ltd, in an exclusive interview with CIO News, said, I started my carrier in 2010 as Assistant Programmer and within two years, I got promoted as the IT Network & Security officer by senior management who were looking at my work into information Security for the bank. From starting of my career, I am an open-source technology enthusiastic and love to work on technology, which not only is robust & cost-effective but at the same time safe & secure. We have completely migrated our end-user on Linux OS from windows OS for robust security. For me, the path for becoming a CISO was full of challenges and I feel one can become a CISO only by experience and there are no other shortcuts. I have worked in the Information security domain for almost seven to eight years before getting promoted as the CISO.
When asked about challenges he faced in his career path and how he overcame them, he said, before 2019, as Co-operative Banking sector had no proper guidelines on Information Security, so in such a case, convincing the top management for allocation of funds for implementing technology-related Information Security/Cyber Security was a very difficult task. But still, we overcame this challenge by implementing Unified Threat Management (UTM) devices in the year 2016 at every branch to prevent any outsider attack. Also, we had restricted end-users to access open browsing and given access only to a specific URL. In the year 2019, RBI came up with a new Master Circular, where they had divided banks into four categories based on Digital depth. We had already placed Information Security Technology in the bank and doing compliance based on the circular did not take much of the bank’s time for completion. Currently, we are in the process to do all Cyber-Security compliance which does not apply to us as per Digital Depth.
When asked about challenges faced by CISOs today while implementing digital technologies, he said, over the last few years, digital technologies have been transforming the BFSI industry globally. Digital platforms have allowed the banking, finance, and insurance sectors to reach and engage customers on a broader aspect, through integrated apps, and on social channels. Banking sectors have efficiently leveraged technology to create competitive advantage through fast Digital Banking channels such as IMPS, UPI & AEPS. But at the same time, it creates more risk to customers and banks to safeguard the customer data. We have seen challenges mostly with customers where the customer shares the card details and becomes a victim of Phishing and Vhishing. Most of the time customer loses his/her hard-earned money. In the last few years, the cooperative banking sector has seen a rise in major attacks by hackers. Some of the attacks have been successful & hackers were able to completely control Core Banking applications due to poor technological control or less effective cyber security policy.
When asked how CISOs can overcome the challenges faced, he said, I feel first before introducing Digital Banking technology needs go through a certain level of an information security test. Proper UAT process to be followed along with VA/PT Audit and other control Audit should be in place before moving to the production environment. Secondly, we should have continuous training/awareness programmes for Staff as well as for customers so fraud can minimize. Every organization must go through an Anti-phishing simulation with a third party to check staff awareness. Adopt the latest technology and ask your Information security team to keep a check on the latest vulnerabilities. Thirdly, have a proper incident management process in place.
When asked about best practices/industry trends/advice he would like to suggest to fellow CISOs for their successful professional journeys, he said, when you enter into a CISO role, there will be multiple opportunities for you daily. First and foremost, understand the business. Meet with the executives for each division, especially production, operations, and procurement. Each executive can affect your day when it comes to cyber-security. And don’t forget the IT department, which will help you maintain the necessary diligence to daily threats and defences. The IT team can also add to your list of problems if it’s not doing its job relative to the classic issues of maintaining proper access controls and patching systems promptly. Apart from all this, keep learning about new upcoming technologies so you can understand the upcoming threat. The way the technology landscape is changing, it is a must for every CISO to be with the trend.
He highlighted, as a CISO, you need to have a consistently questioning attitude and always ask why an event or symptom is in play. Don’t forget: Attackers may not necessarily do a hack and steal — they may simply penetrate your network and stealthily wait for the right opportunity to steal data or intellectual property.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics