Data Breach, Fraud Summit Asia: First ImpressionsSummit Opens to Packed Audience in Mumbai
The Data Breach & Fraud Prevention Summit Asia kicked off in Mumbai June 8 at the Leela Hotel. Some of the key focus areas for this conference are to promote collaboration, information sharing and provide a premier platform where the Indian security community can meet and exchange ideas.
The event, expected to have close to 150 practitioners in attendance, took off to a packed hall, making this the third successful edition of ISMG's global series of summits around data breach and fraud being conducted in India.
Incident reporting is mandatory in India under the IT Act, although most organizations are unaware of this.
Keynoter Sachin Burman, director of the National Center for Critical Information Infrastructure Protection, spoke about lessons from NCIIPC's three-year journey and the current initiatives ongoing.
He touched upon how global critical infrastructure, and critical information infrastructure specifically, are huge concerns for governments. In his opinion, practitioners should assume that the adversary is already sitting inside their networks. In such a scenario, breach prevention is important, but breach detection, analysis and eviction are some key concerns.
He brought to light some surprising facts. For example, incident reporting is mandatory in India under the IT Act, although most organizations are unaware of this, Burman said. "Incidents need to be reported to CERT-In," he said, "but the devil as always is in the details, in terms of who defines what constitutes an incident."
Burman told the audience that the central government is very serious about security, which is exemplified by the fact that Burman's office is just twice removed from the Prime Minister when it comes to reporting. "We report into a function that reports into the national security adviser and therein to the Prime Minister," he said. The government is very keen to start fixing gaps in cybersecurity; however this won't happen overnight, and NCIIPC is working towards helping organizations respond to this threat, he said.
The audience so far seems very encouraged by the speakers and sessions. M.R. Parasuram, CISO at Asian Paints, said that events such as these are a great venue for practitioners from sectors such as manufacturing and other less mature sectors to bring themselves up to speed.
While banking and telecom are regulated sectors and receive a lot of guidance and support in terms of compliance, many sectors remain much less mature and lack regulation. For these verticals, such opportunities to exchange knowledge are welcomed, he said.
Dharmesh Rathod, CISO at Indian conglomerate Adani Group, had similar views, in addition to wanting security platforms to go a step further and enable collaboration in terms of forums and closed special interest groups.
Another attendee who declined to be named says that while we are all talking about issues that are already known, varied articulation and reinforcement in terms of rich content will go a long way in helping drive market maturity.
Information Security Strategist Onkar Nath remains unconvinced, though. He says that there are many execution bottlenecks that need to be addressed before many of these commendable policies and initiatives can bear fruit. "No one is looking at these low-intensity problems, which are having a big, repressive effect."
Nitin Bhatnagar, Mumbai-based cyber security researcher, says he appreciates how the Mumbai summit has many regional and international speakers that will help Indian practitioners in getting an outside perspective.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.