As you may know, we launched an initiative close to our hearts last year — Huddle by Zomato. While we have enjoyed all the previous meets, the most recent Huddle hit particularly close to home. In light of the several recent incidents globally and at home, the topic for the last Huddle was Cybersecurity: best practices and more.
This Huddle saw extensive representation from various Tech companies (Urbanclap, Makemytrip, Paytm, FabHotels, Grofers, Snapdeal, AWS among others) based out of the NCR region, and was marked by extremely insightful sessions from our guest speakers.
Since we all truly enjoyed the session and learnt a lot, we wanted to share some of the learnings with others who might find these relevant. So here goes:
Key Security Risks and mitigation approaches:
Our first speaker, Maninder Singh from Deloitte, discussed some of the key security risks faced by organizations today and corresponding risk mitigation approaches. These included:
- Data Loss Prevention technologies to manage the risk of Data Leakage
- Identity & Access Management solutions to mitigate the risk of unauthorized access
- Phishing simulations to increase awareness amongst employees
- Offensive Security techniques to identify and fix vulnerabilities in IT Infrastructure
Essential do’s and don’ts in the face of a breach:
Pradyot, from our Payments Team spoke briefly about what steps a company can potentially take in the face of a security breach.
The key takeaway was to keep an open communication channel with users, stakeholders and potentially the hacker, which can not only help get to the root of the problem, but also restore trust in the brand.
How do you control internal access to data, with minimal risk of breach (due to human error):
Atul Luthra of GTIS mentioned something that is vital to remember — the higher the delay in detection, the higher the cost in case of a security breach.
According to a survey, which studied 874 incidents involving insiders, 598 were caused purely by negligence. And 28% of such incidents took more than 3 months to be detected.
As a part of his session, Atul emphasised that there is no alternative to robust proactive monitoring and testing when it comes to security. In an organisation, the security focus should start with:
Data classification | Threat identification | Awareness trainings
Infrastructure Security:
Gaurav Gupta, from Snapdeal shared how implementing strong perimeter controls has turned out to be the most critical element in ensuring security in his experience.
This includes bringing all public endpoints inside private networks and providing access to them through a VPN, and a best practice of keeping production and corporate infrastructure separate. While he recognised the difficulty of implementing strict role-based access control in the early years of a startup, he suggested restricting access through single sign-ons using an Active directory as a solution to the problem. His other recommendation was to always have databases in their own private network, and not in the application servers’ networks.
Another interesting practice mentioned by Gaurav was the tooling mechanism through which applications themselves announce security, as well as access levels required, which are approved by the Infrastructure team. A bot then removes unused keys every night based on configurations, significantly shrinking the windows for manual intervention and thus the scope of error.
A key takeaway from all these sessions that resonated with almost everyone in the room was that irrespective of the types of tools used, security is a mindset. With this, and some great pizzas and beer, we concluded our 3rd Huddle.
What’s next?
We’re stoked about the next Huddle, and the theme is something that everyone is working and evolving towards — Machine Learning and Artificial Intelligence. Look forward to seeing you then!
