Incident & Breach Response , Training & Security Leadership
How to Be a Wartime CISOAxa's CISO Deodhar on Addressing Emerging Threats with Comprehensive Strategy
In light of escalating cyber threats, CISOs need to adopt a "wartime" approach to protecting their companies, says Parag Deodhar, who was recently named CISO for Asia Pacific and Japan at Paris-based AXA Group, the global insurance, investment management and financial services company.
"It is beyond doubt that threat vectors are changing and the new age threats such as cyber extortions, ransomware attacks, ransom notes given against DDoS, data leakage incidents ... make a CISO's position very critical," Deodhar explains in an in-depth interview with Information Security Media Group.
"It is indeed impacting the way we implement controls, store data, exchange data and the processes itself ... The CISO is under pressure to ramp up his cybersecurity arsenal and defend against growing attacks."
As a result, CISOs must go far beyond a tactical approach and develop a long-term, comprehensive cybersecurity strategic plan for applying appropriate security technologies to address specific risks, Deodhar says. CISOs must understand their organization's business models, recruit teams with the right security skills and work closely with CEOs and other leaders, he stresses.
In this interview, (see audio player below photo), Deodhar also addresses:
- Specific challenges facing CISOs in the insurance industry;
- Essential skills for building defences;
- Effective collaborative strategies.
Before taking on his new role, Deodhar was the chief risk officer and CISO at Bharti AXA General Insurance Co. Ltd., a company owned by AXA. He is a chartered accountant, an ISACA certified information systems auditor and an ACFE certified fraud examiner. Deodhar also is the president of the Bangalore Chapter of ACFE and a member of the CII National Task Force for BCM and Risk Management. He has more than 15 years of experience in enterprise risk management, information security, forensics, audit, consulting and program management.