As technology develops and becomes more disruptive, the number of cyber security threats facing businesses has grown rapidly. Attackers are finding new ways to exploit vulnerabilities in systems, causing significant problems for enterprises.
A catalyst for this growth was the coronavirus pandemic. As people moved out of the office and worked from home, they were more vulnerable to cyber attacks, in fact, according to Deloitte, 47% of people fall for a phishing scam while working at home.
With its technical expertise and business intelligence, Tata Consultancy Services (TCS) provides its customers with the solutions to combat cyber attacks and improve their cyber resilience.
TCS, part of Tata Group, India's largest multinational business group, is a global leader in IT services, consulting, and business solutions. The company “provides consulting, professional services, and managed services to the world’s biggest and most important companies,” explained Narayan Sharma, its Global Head of Identity Access Management offerings under TCS Cyber Security Unit.
He added: “As a global company, we offer a full suite of cyber security services across consulting, professional services, and managed services around areas such as Managed Detection and Response, Identity and Access Management, Cloud Security, Governance Risk and Compliance, Enterprise Vulnerability Management, Data Security and Privacy, Fraud and Forensics, OT/IoT Security, etc. We deliver these services through Threat Management Centers setup across the globe to meet our customers’ unique business and regulatory requirements.”
To combat the rise in cyber security risks, TCS partners with alliance partners and academia to provide high-quality and contextual solutions to its customers. “TCS has strong and strategic global partnerships with the likes of Microsoft, AWS, Google, IBM, Ping Identity, BeyondTrust, CyberArk, SailPoint, One Identity, Saviynt, Palo Alto – to name a few. These strategic partnerships bring in a lot of security toolsets and capabilities,” to strengthen TCS’ solutions, explained Sharma.
Helping clients become proactive with cyber defences
Outlining the cyber security risks that come with advances in technology and tech-driven open business models, Sharma stressed the importance of education in cyber: “As businesses move into a multi-cloud hybrid models, highly regulated environments, and advanced threat vectors, organisations need to focus on maturing from being compliant, to being risk aware, to being risk managed – i.e. becoming truly cyber resilient.”
TCS encourages its customers to proactively respond to threats. The company’s bespoke, adaptable, managed detection and response services encompass both threat hunting and red teaming, a systematic and rigorous way to identify an attack path that breaches the organisation's security defence.
By combining this with comprehensive intelligence, TCS ensures that enterprises block stealth adversaries and recover quickly from any incidents when they occur.
TCS helps its customers define a comprehensive cyber security strategy with a long-term strategic roadmap. This roadmap enables companies to navigate enterprise risk, meet regulatory requirements and make informed choices on security solutions.
Following this, the company integrates security solutions into the fabric of its clients’ enterprises through its secure-by-design, zero-trust, and cyber resiliency frameworks. In doing so, TCS creates a foundation for resilience and simultaneously addresses advanced threats as well as cyber risks.
As risk management approaches evolve, Sharma explains, Zero Trust (ZT) architecture approach “provides architectural blueprint to enable contextual and risk-driven security controls at deeper granularity to enforce core principles of Resource Visibility, Zero Attack Surface, Least Privilege, Data Centric Security, Security Visibility and Analytics, and Security Orchestration Automation and Response.”
“TCS also offers an integrated platform based on the ‘as-a-service’ model through its Cyber Defense Suite,” outlined Sharma.
“Some of the offerings under incubation right now are managed detection and response for connected vehicles, security for AI/ML ecosystems, and 5G security,” he added.
Adopting new approaches to respond to changes in technology
These new approaches are essential as attacks become more sophisticated. “The traditional approach to security is not sustainable anymore,” said Sharma.
“So, organisations today have to anticipate risks, including potential black swan events like the pandemic that we saw. They need to get the right security controls based on the industry standard security frameworks like NIST (National Institute of Standards and Technology)/CIS (Ceter for Internet Security) to withstand and recover from an attack. Organisations should also continuously monitor the effectiveness of security controls for further fine-tuning for better Cyber Resilience,” he added.
Now, these security controls utilise a number of different technologies to ensure enterprises are protected from security threats of all kinds. “With continuously evolving sophisticated attack vectors, machine and deep learning will take centre stage for detection and response,” explained Sharma.
He continued: “AI can collect and correlate data across systems, applications, networks, and inputs, and analyse these inputs to provide visibility and context in revealing advanced attacks.”
To respond to the need for AI within cyber security applications, TCS is incubating research and building solutions based on this technology as well as 5G and quantum encryption, to support enterprises to counter evolving sophisticated threats.
“We are seeing an increase in the adoption of some of these services that customers are really banking on. Technology has a critical role to play in improving the risk posture for any organisation. As we see today, everything is becoming so dynamic. We have the set of controls and advanced technologies to be able to detect the attacks as well as protect the organisations through those attacks,” said Sharma.
Creating a holistic cyber security strategy
Undoubtedly, cyber attacks will continue to grow as technology advances. As technology systems are incredibly advanced, cybercriminals are increasingly targeting human vulnerabilities.
These types of attacks get people to unknowingly let cybercriminals into their enterprise’s software as opposed to targetting vulnerabilities in technological systems. To ensure both types of attacks are protected against, a more holistic approach is essential.
With this approach, training for employees is essential to ensure they can protect themselves against cybercriminals. Without it, both organisations and employees would continue to be vulnerable.
Recognising this importance, TCS is developing a “holisticand orchestrated Cyber Defense Suite, an integrated technology platform, which will be offered to enterprises that are looking to adopt an end-to-end cybersecurity strategy with 360-degree visibility to improve their cyber resilience,” said Sharma.
“These services will combat emerging risks by understanding and monitoring diverse risk factors, meeting compliance and regulatory requirements and balancing the right technology platforms with proactive services to effectively manage risks,” he added.
TCS will also continue to help its clients chart long term strategic cyber security roadmaps to navigate enterprise risk, adopting security by designs to make informed decisions on security solutions.
Sharma concluded: “We are focused on enabling the future cyber resiliency vision of enterprises, by bringing in a critical cyber competitive advantage that helps drive transformation, counter evolving threats, adopt new approaches and actively prepare for emerging and disruptive technologies like AI, 5G, 6G, IoT security, as well as quantum computing. It's all about helping customers, first of all, getting our service portfolio right for our customer needs of today, as well as the future and then elevating and scaling up our capabilities so that they can continue building purpose-led organisations with confidence.”