Please tell us a bit about yourself, your background, and your journey in Servify
I have 15+ years of global experience in Information Security and Risk management with leading Management Consulting, SaaS-based, and Fintech companies like McKinsey & Company, Cvent, and PayU. During my professional journey, I have developed competencies in various domains of Information Security, such as Risk Management, Application Security, Business Resiliency, Data Privacy & Protection, Cloud Security, Security Engineering, and Operations.
I am a firm supporter of promoting and empowering women in technology and security and have taken many initiatives to mentor and coach young women professionals to excel in these fields.
I am also a member of VigiTrust Global Advisory Board, which brings together 150+ C-suites, regulators, enforcement bodies, and other key stakeholders in the security and compliance industry – with information sharing as the prime objective.
I firmly believe in sharing my knowledge at several cyber security forums and events to create security awareness, as I feel that security awareness programs help organizations address human risks and foster security-focused culture in addition to meeting various regulatory and compliance requirements.
In my current role as the Global Head of Information Security & Data Privacy at Servify, a growth-stage startup ,I enable the company’s digital business by driving critical initiatives that secure and protect enterprise and customer data. I also helped Servify achieve global security standard certifications and meet global privacy requirements such as ISO27001, ISO27701 and SOC2 Type II, CCPA, GDPR etc. to improve its overall security posture, win customers’ and investors’ trust, and gain a competitive edge.
Tell us about your business, what are your company’s vision and goals?
Servify integrates multiple OEM Brands and their sales and service ecosystem through its product lifecycle management platform, to deliver great after-sales service experience. Started in 2015, India Headquartered Servify has spread its reach in multiple countries across the globe, partnering with over 75 OEM brands including top mobile device brands, retailers, distributors, insurers, service providers and carriers.
The Servify platform processes more than 3 million transactions monthly, with 250k+ Platform users spread across retailers, service centers, contact centers and administration teams worldwide serving millions of consumers.
Our vision is to be the platform that brings together all ecosystem partners to deliver consumer happiness through great after-sales service.
What are the top 3 cyber risk challenges that you face on an ongoing basis and how do you deal with them?
The first challenge is identifying and mitigating third-party risk.
Our strategy: Implementing TPRM processes across all departments and functions and adopting consistent, well-defined processes for third-party screening, onboarding, risk assessments, due-diligence, audits, performance management, and continuous monitoring, and ensuring its adoption across all departments and functions.
The second challenge is defending against ransomware attacks.
Our strategy: Implementing layered preventive, detective and reactive technical and administrative controls including vulnerability management, AI/ML-based email and endpoint security solutions, frequent data backups and data restore drills, incident response plan, cyber awareness campaigns and table-top exercises, and a comprehensive cyber insurance plan.
The third challenge is securing and governing Multi-Cloud Environments
Our strategy: Implementing a comprehensive cloud security governance framework through a combination of policies, tools, configuration and rules needed for secure cloud use. In addition, deploying a cloud security posture management (CSPM) tool to automate the identification and remediation of risks across multi cloud infrastructures, to get a single-pane view of the overall risk and compliance posture, and to uniformly apply best practices for cloud security to secure workloads, data and applications across multi-cloud environments.
Speaking of 3rd-party risk, what are your thoughts about the future of 3rd party risk management?
The future of 3rd-party risk management is leveraging technology to automate TPRM.
As the TPRM program extends from the third to the fourth party, automating third-party risk assessments through advanced technology solutions to provide advanced survey and assessment capabilities for due-diligence, compliance monitoring, and control effectiveness evaluations is a must.
Such automated solutions will also support quick identification of high-risk third parties by consolidating third-party risk intelligence and integrating with reliable industry sources to aggregate, validate and enrich third-party data.
What is something surprising you’ve learned this year that our readers would benefit from knowing?
Till date, MyDoom is the most expensive virus that the world has ever experienced. This virus caused approximately $38.5 billion worth of financial damages!
The virus originated in Russia and it was first spotted in the year 2004 and after 16 years of its creation is still around today, generating 1% of all phishing emails. That’s no small feat considering the 3.4 billion phishing emails sent each day.
This virus spreads quickly through email worms. Hence, it becomes more and more important to follow an Defense-In-Depth approach in implementing security controls, including raising cybersecurity awareness on social engineering, which accounts for 98% of cyber-attacks and can help reduce cyber risk associated with human behavior.