VP Cybersecurity, Credit Suisse
Neha Malhotra’s 15-year career in IT and information security spans the technology, consultancy, and financial services sectors. She has been recognized as one of the Top 20 women in cybersecurity in Singapore and has a rich experience driving numerous initiatives across multiple information and cybersecurity domains for global banks like Credit Suisse, BNP Paribas, and Deutsche Bank. She effectively brings together strategic business goals, security frameworks, tools, technology, and teams with a special focus on cyber risk management and regulatory compliance. She serves on the executive board of the (ISC)² Singapore chapter. She is passionate about sharing her knowledge and experience with the community and strongly supports diversity and women in STEM and cybersecurity.
How will you drive your organization’s cybersecurity strategy forward in 2021?
While protecting the confidentiality, integrity, and availability of data and services, it is essential to have a proactive defense and risk-driven approach where we continue identifying and minimizing the attack surface, especially as organizations accelerate their adoption of cloud, containers, blockchain, and IoT. For financial institutions, operational resilience and business continuity are the topmost priority. Considering the increasingly large data lakes and the vast number of systems and endpoints generating alerts, we also need to augment security with the use of AI and machine learning solutions with an increased focus on automation and orchestration, along with the adoption of a threat-based approach and secure-by-design practices.
What should information security executives focus on in 2021 to generate business value?
We are all business enablers, and we must continue to focus on providing business operational resiliency. In addition to having a robust and optimal incident response process, we also need to ensure our security tools do not impact business performance or goals. Our threat-based and risk-based approach must be aligned with the business strategy and should at a minimum address the topmost areas by criticality – risk assessment is crucial for each business and overall, for the enterprise. Also, we must be ready to address the risks introduced by the emerging technologies and have robust governance in place.