Rise of strategic CISOs in the face of cyber threats

TCS provides perspectives on the evolving role of Chief Information Security Officers (CISOs)

As technology advances swiftly, the world of cybersecurity is undergoing significant changes, presenting both opportunities and challenges. Tata Consultancy Services (TCS) has recently shared insights in its 2024 Cybersecurity Trends report.

At the forefront of trends is the emergence of Generative AI (Gen AI), posing both an opportunity and a threat to the cybersecurity landscape. The report highlights the need for innovative strategies to combat sophisticated threats fuelled by machine learning.

In a conversation with Sumanta Roy, President and Regional CEO, provides perspectives on the evolving role of Chief Information Security Officers (CISOs), the integration of artificial intelligence (AI) in combating cyber threats, and the significance of data sovereignty.

The Rise of Strategic CISOs

With the increasing frequency of cyber-attacks, the role of CISOs is evolving into that of strategic decision-makers. The CISO is no longer confined to managing tactical risks but is actively involved in business strategy decisions, reporting directly to the board, and possessing autonomy in making investment decisions.

“The technocrat CISO, who has so far put out fires at the back end, has been thrust in front of the board. Today, the CISO definitely presents to the CEO and board on a regular basis on the assessment of the enterprise from a cyber risk perspective. The CISO will also enjoy a separate budget and buying authority for systems and software,” said Roy.

TCS recognises the power of AI in countering sophisticated threats, particularly those fuelled by Generative AI and machine learning. The company is actively leveraging AI to combat shadow data and deep fakes, which often originate from Generative AI. Additionally, AI is being utilised to cross-reference social and behavioural data with enterprise data, providing valuable insights into potential cyber threats. The role of AI extends to securing hybrid cloud environments, where it aids in detecting and blocking malware through comprehensive analysis.

Data Sovereignty in a Regulated Global Landscape

AI and data sovereignty are interconnected in the realm of cybersecurity. As organisations increasingly prioritise data sovereignty, ensuring that sensitive data is stored within specific jurisdictions, AI plays a critical role in safeguarding this data. AI technologies can provide robust encryption and access control mechanisms to protect data from unauthorised access and breaches, thereby addressing concerns around data sovereignty.

In this regards, Roy delved into the advantages and challenges associated with the shift towards data sovereignty. While acknowledging the protection it provides against cross-border malicious activities, he highlighted potential drawbacks such as recovery challenges in case of countrywide outages and potential impediments to cross-border trade.

“Data sovereignty is becoming the norm rather than the exception. This is especially true in some verticals like financial services. While European organisations started doing this some time back, the MEA region has seen rapid traction in this regard. Given the volatility in the geopolitical scenarios, a sovereign cloud and data sovereignty helps ensure that foreign detractors cannot easily target data assets. In many cases in the recent past, cyberattacks have gone hand in hand with physical cross border attacks,” said Roy.

He further said that while sovereign clouds and data sovereignty aid in thwarting cross-border hostile activity, they compromise in two ways. Firstly, it becomes impossible to recover in the event of a nationwide outage. These kinds of circumstances usually result from significant natural disasters in tiny nations. And secondly, it can occasionally obstruct cross-border trade by raising the expense of information sharing or creating friction in the process.