Home Features “Access to personal data by the state poses an enormous threat to...

“Access to personal data by the state poses an enormous threat to privacy”

Archie Jackson, the AVP – Technology/Information Security of Genpact, is a senior technology professional with more than 17 years of insightful experience in IT Infrastructure design, implementation and operations with strong service management, leadership and digital transformational skills. In an exclusive interaction with CISO MAG’s Rudra Srinivas, Jackson talks about his role in the organization and the need for implementing cybersecurity measures.

How do you think security leaders will improvise their cybersecurity strategies in 2019?

I foresee 2019 as a year that would stand as a remarkable benchmark and an exponential priority index in cybersecurity domain. There are parallel multiple emerging technology tracks and each of them has an integral dependency onto the cross-linkage of cybersecurity. As blockchain adoption increases and IoT enters through common doors into personal and enterprise with a chain reaction of AI implementation across almost every aspect, there is one peripheral governance of cybersecurity that would require prioritized attention and consideration. Cybersecurity is electricity to the appliances. If it is not there, functionality is void. With the enablement through Deep Learning algorithms predictive threat detection may be observed as an area of focus where cloud and application security take a deep dive along with the emerging technologies.

What are your views on the Personal Data Protection Bill 2018? How the Law is going to change the security market?

The data localization section of the new privacy bill requires data fiduciaries to store “at least one serving copy” of personal data on a server or data center located in India. The government can exempt certain categories of personal data from this requirement. It can also declare certain categories of data “critical” and require that they are stored only in India. In other words, foreign internet intermediaries and services, such as Facebook, Uber, Google, Twitter, AirBnB, Telegram, WhatsApp, and Signal may all be required to physically host user data in India. The only discernible reason for such a requirement is to give law enforcement easy access to this data. The bill allows the processing of personal data in the interests of the security of the state if authorized and according to procedure established by law. In addition, it permits processing of personal data for prevention, detection, investigation and prosecution of any offence or any other contravention of the law. This access to all personal data by the state poses an enormous threat to the right to privacy given the weak safeguards that exist in India against state surveillance.

The draft bill creates a regulatory structure that is not sufficiently independent: The draft bill gives the central government the power to appoint members of the data protection authority upon the recommendation of an outside committee. The appointment is for a term of five years, which seems much too short to give a new institution sufficient time to learn the ropes and gain the independence it needs to be an effective regulator. The central government also has the ability to remove members of the authority for reasons specified in the law.

Insider threats are one of the important concerns for security leaders today. What kind of processes do you use in your organization to prevent information theft from insiders?

A strong focus is given in this area for employee education, awareness and detection. There are tools and teams actively working to ensure continual awareness is generated through training, mock phishing, quiz etc. In addition to that, extensively strong technology controls are implemented.

How technologies like Artificial Intelligence and blockchain can be useful in the cybersecurity industry?

Cybersecurity is considered as one of the key challenges in today’s data-centric environment. AI can easily detect the pattern of the cyber-crime and proactively alert suspicious activities. Blockchain, the decentralized ledger is a time-stamped recorder where data is stored in blocks. Each data transfer in a blockchain is stored in a separate block and each block is connected with a chain configuration. Blocks are encrypted with crypto keys and therefore avoiding cyber-attacks. The content in blockchain cannot be modified without the user’s authorization, therefore, reducing possible cyber threats.

In some years, we will be deep in a ‘war of the machines’ era with advances in artificial intelligence bringing fast and sophisticated execution of security defense and cybercrime. Cybercriminals will create fully autonomous, AI-based attacks that will operate completely independently, adapt, make decisions on their own and more. Security companies will counter this by developing and deploying AI-based defensive systems. Humans will simply supervise the process.