There is a shortage of cybersecurity talent because it is evolving so quickly: Saugat Sindhu, Wipro
Despite the ubiquitous requirements of cybersecurity across sectors, there is a lack of cybersecurity talent in the industry, noted Saugat Sindhu, Global Head of Strategy & Risk Practice at Wipro.
“Cybersecurity has evolved over the last 10 years. It’s not a corporate function anymore and is not seen through the lens of audit either. The best way to describe cyber security is to see it as a business enablement function. We know that it is required. Every company needs to investigate cyber security and have good practices around it,” said Sindhu, who runs the advisory business globally for cybersecurity and risk services at Wipro.
He added that cybersecurity should not deter doing business because businesses, clients, and industries know the competition will take advantage of an enterprise’s oblivion to new technology.
A chief information security officer (CISO) needs to constantly ensure businesses have the tools and the technologies to be on a growth trajectory while feasibly looking at security to minimalise outages and reputational damage because of incidents.
“Generative AI is a disruptor. 10 years ago, we spoke of cloud in the same way. To some extent, cloud is still a disruptor,” he added.
The spokesperson mentioned that different sectors have different levels of risks associated with the adoption of AI. Generally, in healthcare, manufacturing, and financial services, data is more vulnerable to attacks like evasion tactics, data poisoning models, inversions, denial of service, and supply chain vulnerabilities.
“The productivity of GenAI models and AI models in general are as good as their data. Everyone is trying to ensure their models are better than their competition. This way, they can use more data. You must be cognizant of not exposing sensitive or confidential data in your model.
In case of vulnerabilities in the model, there could be backdoor attacks on the model you trained.” Speaking about the company’s policies, he said, “Cybersecurity is a board concern for Wipro. It requires the audit office, risk office, core security office, and IT office to work together.
They are more involved in technology business decisions now because you want adequate controls proactively and not reactively.” Of the three lines of defense, he stated that in the past, CISOs only came in at the first line of defense perspective. Now, they sit within the second line of defense, which is closer to the third line, which is audit.
“IT is more embedded in the first line of defense in the past, which was the CISO organization. CISOs are more about enabling the business than locking it up.”
Sindhu also added that in any large technology transformation Wipro does for its client, security is an embedded part and not an afterthought anymore. It is addressed at the onset of any transformation, and everything is approved by the risk and audit office.
Ultimately, all functional teams jointly present to the board the enterprise risk, of which cyber risk and privacy are a part. Legal is also very closely involved in the cyber business because of how cyber security is viewed from the lens of business enablement for technology transformation.
“There is a lot of investment in focus on cyber security training. We approach it from two perspectives – ensuring our employees have adequate cyber security training and that our cyber security practitioners have the right certifications.
We have tie-ups with major universities in India through their graduate programs where we support training courses. The influx of cybersecurity talent becomes that much easier for us.” Sindhu also noted that across the globe, there is a shortage of cybersecurity talent because cybersecurity is evolving so quickly that the industry finds it difficult to keep up.
Currently, Wipro has over 9,000 cybersecurity specialists and 12 global cyber defense centers spread across more than 60 countries.