Alea is one of India’s first (homegrown) private global risk, fraud mitigation, and investigative consulting firms, helping organisations reduce reputation and operational concerns. They have expertise in conducting corporate investigations across industries, including FMCG, energy, education, e-commerce, banking, EPC, fintech, healthcare, insurance, logistics, manufacturing, mining, pharmaceutical, real estate, retail, renewables, startups, and telecom.
Analytics India Magazine caught up with Deepak Bhawnani, founder and CEO of Alea, to understand more about cybersecurity and risk management.
Sign up for your weekly dose of what's up in emerging technology.
AIM: Tell us the leading service offerings of Alea Consulting. What does the organisation specialise in?
Deepak Bhawnani: Our dedicated service offerings include integrity due diligence, forensic reviews, asset discovery, senior employee screening, cyber risk consulting, investigative surveys, IBC 2016 anti-conflict and eligibility review, KYC and AML compliance, brand protection services, and litigation support services.
Over the last 18 years, Alea has maintained a strong brand reputation for providing reliable and accurate insights. We have assisted with thousands of discreet assignments for corporations, listed companies, private equity firms, banks, strategic advisory institutions, international finance entities, hedge funds, and sovereign funds.
AIM: What made Alea Consulting establish a dedicated service offering in the area of cybersecurity? What all consulting services will it offer?
Deepak Bhawnani: We have extended our expertise in the domain of cybersecurity to support organisations to maintain robust cybersecurity processes and assist build resilience, especially in this era of the new normal.
Businesses that manage cybersecurity risks effectively cement their status, boosting growth and having the edge over competing market entities. However, with technological prowess, agility, and innovation being a non-negotiable bedrock for any successful business, organisations must also reassess security strategies.
Alea Cyber Risk Consulting reviews vulnerabilities to mitigate risks, prevent loss of sensitive information and revenue from a potential data breach, and protect brand reputation.
Colonel (Retd.) Sanjeev Relia is on board to lead the Cybersecurity Practice. An Indian Army veteran, he served for 32 years in the Corps of Signals. Since 2010, he has been in the field of cybersecurity and has been involved in the creation of cybersecurity infrastructure for the Indian Army and the implementation of cybersecurity policies and training. The services include comprehensive cyber resilience review of IT infrastructure, pre-transaction cyber due diligence of investee companies, insider threat investigation by cyber vulnerability testing, virtual cyber information security officer (vCISO) services, etc.
AIM: What role do technologies such as AI, ML and IoT play in cybersecurity and risk mitigation?
Deepak Bhawnani: Companies could be exposed to litigation if they are heavily dependent on AI, especially given the lack of regulation. There is a lot to develop and happen as AI takes extensive digital strides, both the defence and the medical profession.
Businesses need to realign how they operate in a post-pandemic environment, and rightfully so – human resources and their wellbeing are an integral cornerstone/backbone of an organisation. However, there are ways to address common roadblocks.
CISOs should implement a Crisis Response Incident Plan (CRIP), establish response plans for cybersecurity incidents, document employee responsibilities, communication channels, and disclosure requirements. Sensitising the workforce about cyberthreats and cybersecurity measures should be a priority of the Human Resources division, for example, via mock drills.
AIM: Zero-trust architecture gained wide prominence in businesses, given the work from home model. How foolproof is this model, and can it become an industry standard?
Deepak Bhawnani: I would call it – constant digital verification and validation. Yes, such processes do have merit, and for entities dealing with sensitive data, this is likely to become an industry standard. For normal work-from-home users, we may be some time away before this runs unnoticeable in the background.
AIM: What are the top cybersecurity trends for 2021?
Deepak Bhawnani: Ransomware will be the most significant financial risk to enterprises and the Government. It caused US$1 billion in economic damage globally in 2020, possibly much more as often such incidents are unreported. Whether small, medium or large, all kinds of businesses have faced a threat this year. In 2021, Ransomware has doubled, and India is the second most hit country by such attacks after Japan. Ransomware will continue to pose even bigger challenges in the time to come, and business houses will have to invest in cybersecurity to ensure the safety of their systems.
Data Breaches remain a big pain point with organised cybercrime groups likely to steal data before encryption, adding negative attention and impacting brand confidence.
Reported insider threat cases, which accounted for 30 per cent of breaches and other security incidents in 2020, are still prevalent due to limited access controls and the inability to detect unusual activity when the attacker is already in the security network.
AIM: What should a cybersecurity policy of an organisation entail?
Deepak Bhawnani: India’s security leaders need to create a robust cybersecurity ecosystem with a concerted effort aggressively. Firstly, cybersecurity should be an integral part of organisational culture. Secondly, the adoption of more zero-trust approaches to protect data/identities and improve overall corporate cybersecurity. A hybrid cloud environment that connects a mix of public cloud, private cloud, and on-premises IT infrastructure could be an option. Thirdly, driving convergence across security solutions capable of integrating multiple services on a single platform will be critical. Investing in emerging threat detection and incident response capabilities should become a priority. Next, combining software-defined network (SDN) and cloud security with 5G could be essential for the security strategy. Machine Learning and Artificial Intelligence could enhance the security of 5G networks and prevent attacks and frauds by recognising user patterns through automated algorithms and tagging certain events – preventing similar future attacks.
AIM: Your word of advice for CISOs?
Deepak Bhawnani: With responsibilities stretching from the boardroom to data centres, CISOs need to synergise efforts to supervise security technologies, design and implement standards and controls, monitor ongoing risks, and respond effectively to cyber incidents. My advice to CISOs is to focus on nurturing an ecosystem that gives impetus to their organisation’s sustenance and growth.