On 10th April 2021, there was a panel discussion initiated by the ITBM Guest Lecture committee with Dr. Shaji Joseph as a faculty mentor. The theme revolved around data protection and privacy. Millions of personal data records are regularly exposed in data breaches, which criminals use to commit fraud or identity theft.
The first panelist was Mr Vishal Kalro, currently associated with Adobe as the Global Head of Technology and Security Alliance. Mr. Vishal talked about how every country has laws to protect their citizen’s data. The intent is to make data secure, available on a right-to-know basis and to be available with consent. He explained how in the old times, privacy was always a concern, there were shredders to destroy the high information containing papers. Data security is an issue the way data is shared in the modern times especially during the pandemic times where the digital data is being generated enormously. With GDPR laws, organizations have started taking the permission of the owners for the security of the data. Also with this law, the companies use data in the minimum ways possible as they know they will be accountable for the same. Also how over time, the small vendors online will be implementing GDPR soon.
The second panelist was Mrs. Rehana, currently associated with EY as a senior Consultant with multiple certifications like CISA, CISM, CRISC, COBIT 5, ISO 27001 LA. She is also an active member of ISACA Hyderabad Chapter. Along with that she is also an alumni of SCIT and is a passout of the 2015 batch. Mrs. Rehana, enlightened the audience on the users’ readiness to face the risk. Users should see what measures the organization is taking to protect the data. According to GDPR, the user needs to give consent to the organization. After the consent the organization can use it anyway so it is essential on drawing the line on how much data is shared online. She suggested reading the terms and conditions before downloading an app. Also testing the Attackers side on the network. The approach needs to be proactive, where there is continuous assessment of threats as there’s never 100% security.
The third panelist was Mr Vikas Goyal who is currently associated with FIS as an IT Security Director. He is also an alumnus of SCIT and is a passout of the 2007 batch. He talked how
the data shared on the internet needs to be controlled. With the ocean of data being generated daily, it is difficult to implement the data regulations. Most of the anti-virus fail as they create a signature of the known issues of the virus. New viruses, worms, ransomware come at a very fast pace. New technology such as End Points Detection and Response helps knowing if there is a corrupt file or a non-corrupt file. Until people don’t realize what they are sharing the government can’t do anything. It’s the foremost responsibility of the organization in protecting the data. Technological controls can succeed if the auditors know technology along with auditing.
The fourth panelist was Mr. Karthik Kumar, an IT Advisory Management Consultant working as a manager at PwC India. He is also an alumnus of SCIT and is a passout of the 2014 batch. He talked about the Cyber attacks which are planned both on the government and private digital platforms and the issue of private data not being private data for another country. He also briefed about the Cyber threats as the world is moving very fast in terms of Fintech companies and digital payments. A lot of FinTech companies have emerged post demonetization and COVID-19 acted as a catalyst in the digital transformation. Without implementing the policies, it’s not useful. Cyber threat is for the Pharmaceutical sectors too as due to the pandemic they have to store the data on cloud. The research papers, lab reports, patents, formula for vaccines have to be secured as hackers are looking for a loophole. As rightly quoted by Gary Kovacs- ‘Privacy is not an option, it shouldn’t be the price for getting on the internet’. All the major e-commerce companies do data profiling for all the individuals to recommend better videos and generate revenue by the user data.
In the end the panelists emphasized on the importance of being up-to-date with the latest technologies which can be possible by doing certifications and being part of various projects as a part of experiential learning. The fruitful discussion ended with questions and answers.