Automation Needed to Beat Skills ChallengeKPMG's Ramaswamy Says Focusing on People Alone Will Not Bridge Skills Gap
The biggest cybersecurity challenge India faces is the availability of skilled professionals. Every organization today is coming up short against this issue, forcing more and more to turn to the managed security service providers option, rather than trying to sustain in-house security operations.
However, MSSPs are limited by the same inadequate skill pool, and the attraction that an MSSP has for a security professional will only be marginally better than the limited diversity that most organizations will offer, says Sundar Ramaswamy, partner with the advisory practice at KPMG India (see: MSSPs, The Preferred Route to Skills Challenge).
"This problem is not going to be solved by putting more people in front of monitors all day - the solution to this is not people alone," he says. "The solution to this is going to be a lot of automation and AI in this area. Upskilling talent will be important, but using automation products and systems, and AI in the security domain is going to be more sustainable." (See: Will Automation Threaten Security Jobs?)
On the security landscape, Ramaswamy believes that risk-driven security is taking the upper hand over compliance-driven security. A development that is a positive challenge for the security community is that regulations are clearly catching up to the threat landscape, he says. In sectors with regulatory oversight, security is risk-driven as well as compliance-driven today.
There are fairly stringent regulations coming in from the regulators, he says. The Reserve Bank of India has just come up with cybersecurity policy requirements that banks need to follow, which is an example of a good regulator-driven compliance initiative (see: RBI Issues New Cybersecurity Guidance).
"Clearly the regulators are realizing the need to police their constituents more stringently. For the other sectors that lack this regulatory oversight, the approach is clearly risk-driven," Ramaswamy says. "Cybersecurity risk always existed - It is just that in the last couple of years it's got fairly increased impetus in terms of the attention it is getting at the corporate and state level. This is helping raise the risk awareness considerably, he says (see: Cybersecurity: Is India Getting it Right?).
Ramaswamy was a speaker at the recent Data Breach & Fraud Prevention Summit in Mumbai, where he was a part of a panel discussion on insider fraud. He believes that security in the Indian context is clearly improving, and he provides insight to support this idea in this exclusive interview with Information Security Media Group. He speaks about:
- The capacity challenge and the need for automation;
- Broad challenges practitioners can expect to face going forward;
- The increased focus on security of operational technology.
Ramaswamy is a partner with the advisory practice of KPMG in India. He has more than 19 years of professional experience in the areas of information technology advisory, auditing and cybersecurity. He serves national and multinational clients representing diverse industry segments in more than 40 countries. He leads KPMG India's IT attestation practice and also heads the financial data model review practice.