Striking a balance between business and risk

Ratan Jyoti shares his experiences, imparts wisdom, and demystifies the intricacies of cybersecurity in the ever-changing banking landscape. Excerpts from the interaction...

As the CISO, what methods and best practices have you put in place to protect the data and cloud infrastructure of Ujjivan Small Finance Bank?

Adaptability is the key: At Ujjivan Small Finance Bank Ltd. we have safeguarded the bank's assets from the ever-evolving cyber threats by establishing a holistic information and cybersecurity infrastructure as well as by promoting information security within the organization. I am a member of National Level Team, change control board, IT strategy and ORM committee and a part of the committee shaping the future of the bank regarding security in the growing threat landscape.

As a cybersecurity professional, one needs to keep pace with change - be it new technology, regulation, or threat. By being adaptable, we have proven to be successful. We have successfully implemented highly complex and secure architecture at the bank with the usage of nextgeneration technologies and solutions like AI/ML, Data Analytics, Web3.0 and Zero-trust.

A CISO today should...

• Rather than just detection and prevention focus more to establish cyber resilience.

• Keep learning from peers 'mistakes and from your own mistakes.

• Position cybersecurity as a business accelerator.

• Should adopt policies, procedures, and guidelines that address the full continuum of security risks and threats.

• For cloud security the CISO should stick to five basic principles - Data encryption, complete visibility, privacy controls, continuous monitoring, and incident response plan.