High-profile cyber-attacks and data breach cases have been making headlines in recent times. Additionally, the pandemic and the resultant work-from-home transition has only fueled the exposure, attributing to the rise in cyber threats. Each passing day, cybercriminals are developing new ways to access sensitive systems and information by executing incredibly advanced cyber-attacks – from Ransomware, Malware, Phishing, DDoS, and others to break down the organizations’ IT infrastructure to accessing confidential data every day which leads to the loss of millions of dollars for breached organizations.
The mounting concerns over the aforementioned and the rapid adoption of the Internet of Things (IoT) across all the sectors further set in motion the dire needs to implement future-proof strategies and solutions coupled with the setting up of necessary infrastructure and applications. Addressing the approach, a high volume of players is working in the cybersecurity industry, guiding the companies to define and implement the right plan of action in accordance with their requirement.
Striving on the same approach, Baknet Cyber Solutions has established itself as their trusted go-to partner bringing advanced expertise and making Security solutions smarter and scalable. The brainchild of Ramandeep Singh Bakshi, Baknet was incorporated with a clear goal to bridge the gap between software and IT infrastructure, to ensure the security and integrity of the network and the digitally available information. Having spent a markedly time in this industry, Ramandeep observed the hidden loopholes where no one was focusing.
Ramandeep boasts years of experience in the international cybersecurity industry serving organizations and clients across the globe. He has developed niche expertise in Information Security, Data Privacy, Application Security, Vulnerability Assessment and Penetration Testing, Network Security Assessment, Infrastructure Configuration Reviews, Source Code Reviews and Secure Coding Practices, ITGC review, IS Audit, ISO27001 assessment, PCI-DSS compliance assessment, GDPR compliance assessment which has been accumulated while working with various clients in the Banking, Financial Services and Insurance (BFSI) sector as well as the IT/ITES industry.
Ramandeep also has received recognition from Govt. of India (NCIIPC) for discovering and ethically reporting several cybersecurity vulnerabilities in different information systems under various government organizations. He has also co-authored the eBook – “WannaCry Ransomware: CrowdSource Intelligence” published by CM Alliance (UK).
We caught up with the visionary leader Ramandeep, who talks about the vulnerabilities, organizations are facing and the need to follow a proactive approach. Ramandeep also gives us a synopsis of his entrepreneurial venture, Baknet.
What are the product offerings of Baknet?
We take pride in being a full-service Cybersecurity consulting firm with a wide range of services offered to our partners which can broadly be categorized into:
- Cyber Security Process & Governance: Covering services like ISO 270001 certification assistance, Cyber Maturity Assessment, RBI Guidelines/Advisory, GDPR, CCPA etc., Designing on Cyber Security Policy and Procedures, Business Continuity Management framework design & audit and Security training and awareness.
- Compliance: PCI-DSS Compliance, Data privacy legislation compliance (GDPR / CCPA Compliance), RBI Compliance for banks & NBFCs, Third-party risk management.
- Technical Cyber Security Assessment: Vulnerability Assessment & Penetration, Testing, Configuration review for IT infrastructure appliances, Secure Source, Code Review, Red-team Assessment, Application Security Testing, and IT, Infrastructure Security Audit among others.
How is the company shifting the services and product priorities based on the pandemic & impact on customers demand?
The Covid-19 pandemic has transited the way of working, with almost all major players switching to a remote working or a work-from-home model. Consequently, this has opened up the entry to security risks since the data which was earlier considered to be staying within the network is now much more exposed, and thus, increasing the Cyber Risk Exposure for the corporates.
This especially becomes a major risk for the SMEs as most businesses in this segment are not equipped, either in terms of manpower, or corporate IT infrastructure & finance to handle such massive cyber risks, and more importantly, the threats that these risks pose in case they get exploited.
We are providing our clients with effective controls to minimize their Cyber Risk Exposure without burdening their pockets so that the customers can stay focused on their core business instead of concerning cyber threats.
With more data being collected and stored than ever before, what protections do consumers have a right to when it comes to how companies safeguard their personal information?
It’s written on the walls; once your data is online, it is pretty much up for grabs for anyone that can access it. However, with modern privacy and data protection focused regulations being brought up around the world, there is now some legal oversight, at least in some markets, to how your data can or cannot be handled and/or processed. Regulations such as GDPR and CCPA tend to arm the general people with some control on their data which they share online by providing them with certain rights, such as:
- Right to Information: Users can request a copy of all information a data processor holds about them. And if the information is shared with other processors, the users have the right to know which of their information is being shared with all third-parties.
- Right to Access: Users can access information about them that is being processed by a data processor.
- Right to Rectification: This enables the users to be able to request their data be modified/rectified in case the users believe that it is either incorrect or outdated.
- Right to Withdraw Consent: Users have the right to withdraw their consent that they might have provided to a data collector or data processor to process their data. Thereby stopping a data collector from processing any information about them.
- Right to Erasure: Users can ask for their personal information to be deleted by a data processor in case they do not what that particular data processor to keep their data any longer.
These are some of the rights that have been enabled for the users by the legislations in Europe and the USA. India also has a Draft Personal Data Protection Bill that has been introduced in the parliament, but it is not enacted into law yet. Once that is done, this is likely to extend these rights to citizens of India as well.
Piece of Advice
In today’s world of digital transformation, organizations need to have a very prudent and rational approach towards Cyber Security Governance in line with their business objectives.
Organizations should follow a Risk-based evaluation of Information Security & Cyber Security controls which enhances the confidence of every involved stakeholder and provide value to businesses. Information Security & Cyber Security is tightly integrated into Business objectives in today’s technology-dependent business models and should not be seen as a regulatory or compliance perspective only. It is not a compulsion but a major business requirement on which business resilience and financial growth are dependent.
Quote to live by…