What are the trends or challenges within the enterprise security space, and how are organizations overcoming these current challenges?

One of the critical challenges organizations face is in their supply chains. COVID-19 showed that if organizations do not have sufficient control over the supply chain or if their supply chain is compromised, it will have a direct and significant impact on the business. Along with ramping up the security of the digital components of the supply chain, organizations are becoming mindful of third-party vendors and suppliers. They are ensuring that the vendors possess the relevant ISO certifications and meet the required SOC2 requirements.

At DFI Retail, we interact closely with the supply chain, obtaining SOC2 reports from our vendors whenever possible. We have ISO 27001 certification and ensure that our suppliers are also certified according to ISO requirements. Moreover, when handling credit card information and payments, we adhere to Payment Card Industry Data Security Standard (PCI DSS). These measures augment our trustworthiness while also ensuring that we have all our bases covered when collaborating with third-party vendors.

Can you talk about any recent engagement or a project that you worked on where your expertise as an industry leader played a critical role in solving a problem and achieving the desired outcome?

The biggest problems that we had to mitigate was endpoint detection. We had to ensure exclusive network access for our workforce while eliminating external threats. We implemented endpoint detection and response (EDR) and extended detection and response (XDR) platforms, which combine event and endpoint detection to secure the perimeter of infrastructure or devices connected to the internal network. These platforms leverage machine learning and artificial intelligence to detect unusual patterns or behaviors. They can process and analyze information quickly and more efficiently than a person. We implemented this solution to absorb all the data coming into our network, understand what devices are on the web, and scan for unusual behavior or unknown devices. It enables us to monitor the entire attack surface more accurately than before and helps us secure our endpoints with ease.

When you look at the developments that have been happening in the enterprise security space, what are some of the security concerns that you have?

From a security perspective, we are concerned about malware, ransomware, and API security trends. Threat actors are continually attempting to extract funds or valuable information, whether by masquerading as an employee or posing as the CEO when sending malicious and fraudulent instructions by e-mail. This type of account takeover especially happens at higher levels, which is a significant concern for us.

“Employ developers that can code applications from the ground up with built-in protection”

With the advent of the COVID-19 pandemic, people leveraging BYOD or working remotely are becoming the primary targets for threat actors. In this scenario, it is challenging to put traditional controls on people’s devices as they are often outside the organization’s internal security infrastructure. This can have an adverse impact on the supply chain also, as most workflows have become digitalized and are controlled in the cloud. If the API between different systems, vendors, vendors, and customers is not secure, the supply chain becomes an easy entry point for attackers to compromise the environment.

What advice would you give to the other leaders in this industry or some new aspirants making their way into the enterprise security space to tackle data privacy challenges?

The company’s board of directors must be involved in any company-wide changes you want to make. That will help in implementing systematic security strategies. I think a company must have a good working relationship between all departments to make it a data-safe bubble.

If anyone is planning on a career in cybersecurity information security, there is a great demand for security architects and DevSecOps—integration of security at every phase of the software development lifecycle. It is beneficial for organizations to employ developers that can code applications from the ground up with built-in protection. By building in-house solutions that fill every security gap in the organization, you will be better prepared to deal with the industry’s potential security threats.