Read More>> 
A few days ago, Mr. S. Somanath, Chairperson, Indian Space Research Organization (ISRO) revealed that the organization faces more than 100 hacking attempts daily. Mr. Somanath made this alarming revelation at an exclusive two-day international cyber conference in Kochi. He also added that the possibility of cyber-attacks is much higher in space technologies because of ultra-modern and complex software and chip-based hardware, thanks to the vastness of the IT environment.
After the successful landing of Chandrayan 3 on 23 August 2023, ISRO is at the center of attention of cyber criminals from across the globe.
In an extremely critical environment such as that of ISRO’s, there are hundreds of scientists giving and receiving critical commands to manage and control satellite communication, radio networking, telecommunications, television, and satellite meteorological departments. Hence, cyber security is extremely crucial to ensure functional continuity.
Any cyber-attack becomes successful only when it can penetrate the IT perimeter of any system/ application and compromise confidential information assets. Fortunately, this has not happened in ISRO despite hundreds of attempts per day, thanks to the robust security control mechanisms and regular audits. While explaining, Mr. Somanath said, “The organization is equipped with a robust cybersecurity network to face such attacks.”
And that must be level of preparation for Indian organizations. As the nation embarks on its chosen path of digital business, cyber security must be at the top of the risk management programs.
But unfortunately, more needs to be done because a recent article in the Economic Times revealed that “India has been the most targeted country with 13.7% cyberattacks annually.” There has been a clean indication that India has been the biggest target by global cyber criminals for being a booming economic superpower nation. In the last few years, India’s influence in multiple geographies is quite evident and thus, it has attracted numerous eyeballs of organized cyber groups.
To address this, India has already announced a new act named, DPDP (Digital Personal Data Protection) Act with an objective of a more improved, and advanced approach to data protection and data privacy. And to attain this, the identity access management practice of every organization needs to be robust enough to identify anomalous activities and blacklist the anomalous users from conducting any kind of damage to the enterprise data assets.
Not just organizations conducting tasks of national interests and strategic importance such as ISRO, other government organizations, agencies and SMEs need to be aware of the growing risks of cyber threats and take necessary relevant steps to address them. Modern enterprise IT environment demands more transparency and resilience in managing data, the role of well-defined and strong Identity Access Management (IAM) practice is significant. As the number of digital identities is proliferating in every IT setup, the access challenges and access ambiguity surmount day by day, leading to immense risks of cyber threats.
For resilience organizations must include the following practices within their IAM framework:
- Enforce role-wise and time-wise access (granular access controls) to the critical systems and applications
- Integrate Identity Threat Detection and Response (ITDR) with IAM and PAM systems
- Vault and secure passwords, tokens, secrets, certificates among other credentials to protect data and cloud workloads
- Authorize and authenticate every user applying multifactor authentication before allowing critical access
- Apply Just-In-Time (JIT) access to the critical systems to ensure the principles of least privilege
- Manage the lifecycle and governance of digital identities (both human & non-human)
- Build a secure perimeter around every access and across every layer of IT infrastructure
The Bottom-Line:
Uncontrolled and unidentified cyber-attacks could be perilous for any organization. A robust IAM practice helps organizations to build an impenetrable IT environment and secure IT assets.
