Comprehensive Approach to Cybersecurity

Naveen Chanthiran, Head of Cyber Security, Air Liquide

Naveen Chanthiran, Head of Cyber Security, Air Liquide

With over a decade of hands-on experience in cybersecurity, Naveen Chantiran is currently the head of cyber security at Air Liquide. As the head of security, he manages cyber security strategy deployment and integration with the business process across APAC, ensures the application security risk assessment framework is deployed, establishes standardized security services, and ensures that the right cyberculture is enforced across APAC.

Please tell our readers about your key role and responsibilities in the organization.

As the head of cybersecurity for APAC at Air Liquide, my responsibilities include governing all cybersecurity services in the region, such as vulnerability management, penetration testing, and application risk assessments. I focus on identifying potential risks and implementing necessary controls for any new digital solutions being deployed as part of business requirements. My team is also responsible for conducting audits, coordinating with external vendors, and governance, including asset inventory and change management. We also work on improving the maturity of IoT security in the company and performing tabletop exercises to simulate and prepare for potential attacks.

Can you tell our readers about the current trends in the industry?

The shift to remote work due to the pandemic has increased the risk landscape for companies, as access to critical assets and solutions can now be done from any location. The main focus for cybersecurity teams is to find ways to protect the business in a better way while still enabling it to function, with a focus on data security.

This includes protecting end-user machines and ensuring a secure connection between the end-user machines and the corporate network. As the main point of access to the corporate network, end-user machines should be well governed and protected, right from access level granted to only approved software used and continuous patching, which is often overlooked.

In order to reduce the threat landscape in remote access capabilities is to ensure a secure channel for remote access to the corporate network through VPN solutions. To better enable business we should ensure the secure remote access would be seamless but it should include in depth security controls such as two-factor authentication or passwordless technologies, which makes it harder for threat actors to gain access.

Apart from the above, the use of phishing campaigns and social engineering to gain access to users and machines are rising rapidly. Threat actors are leveraging in trend issues like the COVID-19 pandemic itself to trick users to click on malicious links. Cybersecurity teams should focus a lot on user awareness training programs in order to better limit organizations being exposed to these types of attacks.

The Shift to Remote Work due to the Pandemic has Increased the Risk Landscape for Companies, as Access to Critical Assets and Solutions can Now be Done from any Location. The Main Focus for Cybersecurity Teams is to Find Ways to Protect the Business Better while still Enabling it to Function, with a Focus on Data Security

What will your advice be to your peers and colleagues?

My advice for organizations looking to implement remote work capabilities would be to first assess their current risk level and identify any gaps in their current security measures. This includes analyzing their remote operating model, looking at their existing standards and protocols, identifying and assessing the risks those gaps create. Only then look at the remediation activities that can address them accordingly, these steps can be in the form of processes, control implementation or even technology solutions.

How do you envision the future of the industry?

In the near future, a major focus for cybersecurity will be on implementing a zero-trust architecture. Internal threats have been increasing exponentially either premeditated or accidental and to minimize the risk of these threats, zero trust architecture will be able to continuously authenticate, monitor, and track to better protect systems across organizations. This architecture also includes the implementation principle of least privilege, ensuring that access rights are only given to those who need them based on their roles and responsibilities. Additionally, ransomware attacks will continue to be a prominent threat, and organizations should focus on security by design, security in-depth and increasing awareness among end-users.