What is DPDP Bill 2022? How does it concern your business?

The bill, drafted and released for stakeholder scrutiny in November, constitutes provisions to impose heavy fines (up to Rs 250 crore) for failing to take security measures to prevent personal data breaches. Failure to notify the data protection authority and the relevant data controllers in the event of a personal data breach can result in fines of up to Rs 200 crore for each transgression.

Among the obligations of data trustees, the draft states that each data trustee and data processor will have to protect personal data in its possession or control, using appropriate safeguards to prevent personal data breaches.

But cybersecurity is not a cakewalk. Organizations like Uber, Cisco, Twilio, and Rockstar Games have all suffered data breaches due to cyberattacks in recent months. In this article, Taashee’s cybersecurity experts share the Top5 critical strategic cybersecurity advice that can help you stay ahead of the compliance curve, and avoid potential ‘company-killer’ fines once the DPDP Bill is passed.

1. Pay attention to IoT device security

IoT-connected devices have been deployed in most organizations for years, often without proper security governance. As the number of connected devices grows, so does the attack surface for the networks and ecosystems they connect to, exponentially increasing security, data, and privacy risks.

Almost all Fortune 500 organizations are expected to improve their cyber practices for connected devices by establishing or updating relevant policies and procedures, updating inventories of IoT-connected devices, monitoring and patching devices, and improving practices for both device procurement and disposal. With security in mind, IoT and IT network admins need to better coordinate, correlate, and monitor connected devices to protect their endpoints effectively, manage vulnerabilities, and respond to incidents.

2. Adopt secure emerging technologies only

As applications of IoT, Blockchain, 5G, Quantum and other technologies continue to be accelerated to the market, cybersecurity risks associated with these technologies continue to become evident.

Adoption of these technologies will be instrumental to managing an organization’s strategic growth initiatives, however, their sustained success will be based on the organization’s ability to navigate and implement appropriate technology-specific security measures.

3. Supply chain cyber-vulnerabilities can ground your business

Today’s intertwined global economy has made businesses heavily dependent on their supply chains, from the components of physical and digital products to the services they need for their day-to-day operations.

This critical interdependency makes supply chain security and risk transformation imperative for today’s globally connected enterprises. Organizations now need a holistic approach that includes moving from point-in-time third-party assessments to the real-time third-party risk and vulnerability monitoring of packaged software and firmware components.

This includes, for example, implementing critical practice methodologies to capture the software bill of materials (SBOM) and correlate the output with new vulnerabilities, identifying risk indicators such as the geographic origin of underlying components, and providing visibility of transitive dependencies.

Organizations are further focusing on deploying and operating Identity and Access Management (IAM) capabilities and Zero Trust capabilities to enforce authorized third-party access to systems and data and mitigate the impact of third-party breaches.

The threats introduced into the supply chain are evolving at a frantic pace in complexity, scale and frequency. This requires organizations to maintain their cybersecurity momentum through constant innovations to mature their supply chain security and risk transformation capabilities.

4. Keep up with emerging innovations in Cloud Security

The proliferation of cloud services and the emergence of new development methodologies such as DevOps have created unprecedented opportunities for many organizations to move to the cloud to modernize their existing applications. This evolution provides opportunities for business growth through accelerated development, improved scalability and collaboration, new revenue streams, business agility, and enhanced technical resilience.

As data and business functions are increasingly hosted in the cloud, the benefits are offset by costly regulatory errors and harmful cyberattacks if security is not part of the transformation process.

Embracing security and digital transformation together, leveraging the intersectionality of cloud-based architectures, and adopting modern secure-by-design processes that improve the developer experience by leveraging and embracing Zero Trust principles, organizations can drive an agile and secure digital transformation.

To know more about how to get the maximum ROI from your cloud infra, check out our article on 5 Secret Strategies to Improve Your Cloud Efficiency – Taashee.com

5. Ignoring cybersecurity = Data – breaches = PR nightmares!

Digital interactions between businesses and customers have become a new way of life. Nearly 72% of a company’s customer interactions are now digital. Customer expectations regarding greater control over their data and greater transparency of company policies related to data processing have also increased. In fact, customers these days are willing to share more data and be more involved if the company is trusted.

We can notice a growing sense of urgency for organizations to use privacy, security, and compliance as mechanisms to augment traditional methods of improving customer experience and brand awareness. Even if we keep aside compliance issues, the damage to your company’s brand and PR initiatives arising from a single instance of a data breach can prove to be costlier than tightening your cybersecurity measures.

This article was originally published on our company blog.