"It’s never too late to get started in cybersecurity,” says TÜV Rheinland’s Tarun Gupta, Principal Consultant, Industrial & OT Cybersecurity India, Middle East, Africa and Asia Pacific. “However, finding time to keep up with developments might be the biggest challenge.”
When Tarun Gupta was growing up, just knowing how IT worked was never enough. The man who is now the Principal Consultant, Industrial and OT Cybersecurity at TÜV Rheinland was much more interested in finding out how to make it work for him.
That passion helped him excel in school and study engineering, then work his way up to a leadership role as CISO for a large telecom operator. Throughout his career, he has helped government agencies and organizations in critical sectors to protect industrial facilities and infrastructure, and has worked with regulators to draft standards and regulations.
That background provides him with an extraordinarily broad perspective on the state of cybersecurity in India, the Middle East, Africa and the Asia Pacific – a perspective he regularly shares at industry events as well as other public and private forums.
We caught up with him at CS4CA MENA 2019:
Q: How does the state of Cybersecurity in the UAE compare with the rest of the MENA region?
A: Cybersecurity is challenging, complex and always evolving alongside the constantly changing socio-economic and geo-political environments and emerging technologies. The MENA region is a geo-politically sensitive and active region, with growth fuelled by a rich hydrocarbon industry. And businesses in the region are avid promoters of automation and early adopters of emerging technologies in industry 4.0 and in the consumer space.
But, while these advancements bring big benefits, they also attract bad actors, ranging from hacktivists to more advanced, resourceful and motivated adversaries. That calls for a comprehensive approach to cybersecurity, supporting legislative and regulatory frameworks and the cybersecurity capacity to deliver and sustain effective protection for citizens, residents and businesses.
The UAE is a leader in the cybersecurity industry, and the Government has taken effective measures to protect citizens, residents and businesses through laws and regulations. In fact, for many years now, the UAE has been a regional headquarters for most cybersecurity product and services providers, and the Government is continuing to encourage businesses to invest in cybersecurity for growth, safety and compliance purposes.
As a Principal Consultant at TÜV Rheinland, working in the region definitely offers plenty of opportunities to make full use of our expertise and fulfil a passion for helping people, organisations, and governments ensure they have the best possible cybersecurity.
Q: What are some of the big challenges Cybersecurity experts face?
A: I’d say time is always the biggest challenge. That is probably true for most industries, but Cybersecurity moves so fast that it takes a tremendous amount of reading to keep yourself up to date and maintain the necessary situational awareness. You have to allocate time, regardless of how overwhelming your schedule might be. Finding time is probably the biggest challenge, and it’s something we will always face.
Q: If you could change one thing about the Cybersecurity industry, what would it be?
A: Cybersecurity requires commitment and continuous effort to move from the basics to higher levels of maturity. This isn’t always easy, because businesses are always looking for immediate results from ever-tightening budgets. If I had an opportunity to change one thing in the industry, it would be to increase C-level and board room awareness about how to go about implementing cybersecurity and compliance.
At the moment, there is a lack of adequate awareness at the top about information security and associated regulatory obligations. Since executives and members of the board are ultimately accountable for information security and compliance, a lack of information and understanding can put their business at risk and expose them personally to charges of negligence.
TÜV Rheinland does quite a lot of awareness building, at industry events and in our Cybersecurity Trends reports, which you can find online at https://www.tuv.com/en/cybersecurity-trends-2018.
Being more aware helps executives to prioritise efforts, investments and resources for cybersecurity initiatives and keep practitioners within their organisation motivated and results-oriented. It can certainly help them to take cybersecurity efforts in the right direction and ensure that risks are kept within tolerable levels.
Q: What advice would you give to someone starting out in Cybersecurity?
A: It is never too late. Cybersecurity is a journey, and you can start it anytime, although sooner is better than later. Organisations or individuals within the industry who are planning cybersecurity initiatives in 2019 should first understand the business and regulatory requirements for their organisation or industry.
Then, they should assess their current environment or infrastructure and clearly identify any gaps. This will help them visualize the mileage the journey will involve.
At this stage, TÜV Rheinland recommends conducting a risk assessment to prioritize existing resources and efforts, then focus on a few areas which need the most attention. Other initiatives can be planned for the coming months or years. This kind of approach allows practitioners to be pragmatic and create confidence among the leadership by delivering results.
Ultimately, it will help them build the level of credibility needed to secure further investment or resources and keep everyone motivated to continue moving forward.
Q: What’s the best thing about your job and what has been your proudest professional achievement so far?
A: The best thing is probably the direct impact that Cybersecurity has on society. Each project or initiative creates a sense of achievement, which in turn, contributes to making society better and more secure.
The successful delivery of a project or initiative always creates moments of pride. If I had to name one, it would be when TÜV Rheinland conducted the first national cybersecurity drill for a large Middle Eastern country.
It was challenging because we had to deal with a large number of organisations in the public and private sectors. And it took long hours of work to develop scenarios and encourage all the different organisations to participate by explaining the benefits.
Fears of poor performance initially made them apprehensive. But it all came together when participants – including government agencies – provided positive feedback about their involvement and agreed on key learnings for their organisations. We helped an awful lot of people to understand and improve their cybersecurity, which makes it one of my proudest achievements.
This article was first published on Sequre.
Speak to one of our TÜV Rheinland experts today to learn more about how you can strengthen your organisation’s cybersecurity: