Fal Ghancha: Mitigating Cybersecurity Issues with Disruptive Technologies and Continuous Effort

DSP Investments is helping investors make responsible money-related decisions on the bedrock of two simple values- honesty and integrity. This has helped the company gain the trust of lakhs of investors and thousands of MF distributors and investment advisors from across India.

The Leader of the Foundation

Fal Ghancha is an Information Security professional with rich experience in the information technology and cyber security field, focusing mainly on information and cyber security policies, IT/IS projects, compliance, risk and audit management, corporate investigations, and forensics.

Fal currently works with DSP Investments as the Vice President and Chief Information Security Officer. He is an integral part of the InfoSec team and is solely responsible for Information and cyber security governance, policies and processes, information security audits, business continuity planning, and disaster recovery drills, management reporting, and many more.

The Making of a Successful CISO

 Fal's journey started with the manufacturing sector, where he initially worked in IT infrastructure, networks, and further evolved in IT security. He has conceptualized and headed many projects in the field of IT vis-a-vis information security like dashboards, identity, and access management solutions, single sign-on, passwordless authentication, DLP, VPN solutions, firewalls, antivirus, VA-PT, enterprise security management, policy gap analysis, large scale multimedia projects, etc. Ghancha received appreciation and awards from multiple reputed organizations globally. After working in the manufacturing sector for a decade, Fal moved to the BFSI sphere where cyber security is very important.

Conquering the Hurdles on the Way to Success

The organization's goal has always been to delight customers by providing the experiences they need using the interaction channel that they prefer. Digitalization is booming and the demand is increasing day by day. The aim was to create a more flexible and agile business can respond to the evolving expectations of customers and cope up with the pace at which the company could change, adapt, and meet those expectations. So, we decided to embark upon a journey to strengthen the information and cyber security framework. Unlike earlier days, where the company used to work in silos, it had decided to take an overall approach for the information and cyber security framework.

Overcoming Challenges with Proper Plan and Framework

Fal opines that connecting the dots was made possible by taking the most important security decisions to streamline information and cyber security framework and align priorities through it.

The SIEM solution was integrated with an entire ecosystem including firewalls, IDS/IPs, infrastructure, and applications. The framework included initiatives like the adoption of identity and access management solutions with automated provisioning and deprovisioning features, streamlining governance framework. Reporting on the other hand included key performance and key risk indicators. The end objective was achieved by providing complete visibility through the cyber security dashboard to the senior management. This created visibility around information security initiatives.

Fal stated, "If we look at our status today from a bird's eye view, we have achieved a lot, however, information security is a journey and not the destination, our battle towards fighting with the latest cyber security challenges will continue to be our top priority."

Extraordinary Use of Disruptive Technology

Fal remarks that in today's world, the attack surface has increased exponentially. The organization's infrastructure is virtually open, specifically, post covid, which resulted in the WFH scenario, and the perimeter is a blur now. Hence disruptive technologies here have a key role to play.

He adds that artificial intelligence endeavors to simulate human intelligence. It has immense potential in cyber security. With the help of AI and ML, identification of new types of malware, simplifying complex algorithms, running pattern recognitions, and even detecting minutest behaviors of ransomware attacks before it enters the organization is all made easier.

Anticipating a Higher Demand for Cybersecurity in Future

Fal claims that cyber security is in demand currently, thanks to the emerging need for digitalization. He highlights that Covid and the entire WFH scenario, has resulted in a huge scarcity of cybersecurity professionals. Data breaches, ransomware, and phishing attacks have added fuel to fire. Fal believes that the demand will further increase when the company would see data and privacy as primary concerns, especially, at an individual level.

"Infosec professionals, IT people, and even layman are who do not understand privacy or cyber security concepts have shown their rebuke against the new WhatsApp's privacy policy. This shows that people are becoming more vigilant and hence new policies, cyber security controls, data privacy act will definitely add more demand in the field of cyber security," Fal asserts.

A Piece of Advice to the Emerging CISO

Fal states, "My advice to emerging CISOs would be to focus on the ground realities." He adds that only talking big for any CISOs will not give a place to the senior-most committee. Focusing more on small issues, reading meaning between words, and finding ways to take direct/indirect feedback will help to succeed in the long run.

Fal concludes by saying that focusing on articulating is an easy way. Understanding and accepting the problem is the first step to solve it. If the CISOs can elaborate complex cyber security challenges in layman language, they can get support from senior management to solve them.