"Data security needs to be seen from a risk minimisation strategy," says Puneet Gupta, GlobalLogic's chief technology officer for APAC region. GlobalLogic is a California-based digital product engineering services company.
He explains, as the data landscape is becoming complex where experts can only guesstimate on the expectations on the next five years. In such a scenario where nobody seems to have a view on the future, the paradigm of cyber security needs to change.
Companies have to realised this limitation that they can no longer defend around threats that are explicitly known. "There will be new threats and challenges and the way to deal with them will be to use 'adaptive AI' technology," he says.
To protect against the unknown, he adds, that the strategy should instead of making a system 100 per cent secure, use artificial intelligence where any anomaly raises an alert or shuts down a part of the system to minimise the damage. "Instead of fool-proofing a system, the approach to security has to be built on the probability," he says.
Currently, the cyber attacks in India are not complex but are caused by the fundamental flaw in the way a system is engineered or by just sheer lack of awareness, says Gupta. Often, new generation digital enterprises scale up very fast. There the problem is systems built as proof-of-concepts turn to pilot and in a year are used by ten million users. In such cases, security is not built into the system but is added post-facto, which leaves scope for vulnerabilities.
Another common reason is as companies start using cloud applications they have a view that cloud service providers have taken care of security but the firms still need to build firewall and other security system into their own apps.
But, as computing power is increasing and quantum computing will become main stream, companies will have to prioritise cyber security much more than ever.