© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Mr. Vamsikrishna Maramganti, QRC Assurance and Solutions: “people are not aware of what cybersecurity is and the importance of privacy protection”


Most of us have some knowledge about cybersecurity or have at least heard about it. Yet, its significance is still wildly underrated and often even ignored.

With rising numbers of cybercrime like ransomware, data, and personal information theft, cybersecurity has assumed more importance than ever. Downtime, exposure to confidential information, and client loss are just some of the things that a single successful cyberattack can cause to any enterprise.

For this reason, we contacted Mr. Vamsikrishna Maramganti, CEO of QRC Assurance and Solutions, who explained more thoroughly what myths and misconceptions people still have about cybersecurity and what measures are necessary in order to achieve the maximum possible security.

How did the idea of QRC come to life? What has your journey been like?

The principles of QRC were instilled in me since the time I started my career. I would really like to thank my mentor from my first organization who gave me an opportunity to work in diverse areas and because of this I understood the importance of quality, standardization, and its prevalence and relevance at every stage of output. Being a believer in giving back to society, I wanted to do something where I could be a job provider for many.

When I decided to start the venture, the next big question was selecting the core domain of services. The fascinating increase in IT Technologies gave rise to cybercrimes and hacking. Being a qualified CISA and ISMS Lead Auditor, PCI DSS QSA, and with the experience gathered over the period of time in the Information security, cybersecurity, and payment card industry certifications domains, I ventured into the field of Information and Cyber Security.

QRC began its pre-work in November 2015 and was officially launched on January 5th, 2016, as QRC Consulting and Solutions Pvt. Ltd. We started with just 2 employees and now QRC works as a team of 70+ employees globally, while serving clients in 35+ countries across the globe, having people represented in almost 12 countries. It’s usually said in the corporate industry that getting talented resources is rare, but I firmly believe that instead of finding talent, create one. We at QRC, therefore focus on hiring freshers. We groom them and give them an opportunity to bloom in this field of cybersecurity. I hope that one day we will build an empire where talent will find its way to QRC to get its wings to fly high.

Can you tell us a little bit about what you do? What methods do you use to assess one’s state of security?

We take the “complexity out” of data protection and support in attaining the Governance, Risk, and Compliance goals for our clients, by delivering Quality Services and Integrated solutions in the Data Security & Privacy domain.

Being a Qualified Audit Firm for various global standards and frameworks like (PCI DSS, PCI 3DS, PCI SSF, ISO 27001, ISO 27701, SSAE Standards), QRC supports entities to define, document, maintain and certify robust security and privacy practices within the organizations. We support by providing sufficient knowledge through various training, supporting organizations to establish documented systems across all levels, reviewing the system (People, Process, Technology) controls and provide recommendations for improvements. We perform the assessments as per the criteria as required by various stakeholders of the organizations.

One of our key offerings is to provide integrated audits and assessments for multiple security and privacy compliance requirements. The methods that we use to assess one’s state of security depend on the requirement, and the methodology used can be auditing, assessment, scans, and testing.

When it comes to organizational cybersecurity, what myths and misconceptions do you think people tend to have most often?

The challenge is that, in many parts of the world and in our country as well, people are still not aware of what cybersecurity is and what the relevance of protecting the privacy of an individual person is.

Coming to the question, the biggest myth and misconception about organizational cybersecurity is that, often it is thought and believed that cybersecurity is the responsibility of an Information Technology department and just deploying a few solutions can keep them away from any breach of security in terms of confidentiality, Integrity, and Availability of the Information.

However, with the growing awareness of this topic and more so because of the growing cyber-attacks, organizations are now learning things the hard way and now the role of People, Processes, and Technology is becoming more evident and acceptable.

The governments of the countries are also playing a significant role in bringing in appropriate and adequate bills, laws, and acts to this effect. We as an organization try to demystify the approach and methodology for cybersecurity audits and assessments.

Do you think the recent global events have affected the cybersecurity industry in general?

Indeed, recent global events, specifically the pandemic, have impacted the cybersecurity industry in a positive perspective, for a simple reason that until that time, most organizations were working in the so-called protected “four Walls”. But the pandemic forced them to adopt a remote work style with more and more data and information traveling online from many unsecured places like homes and hybrid areas. This led to more awareness and that too at a rapid pace defying geopolitical and societal boundaries.

Almost everybody in the urban geography and part of the rural world was forced to quickly adapt to the new normal, which lasted well over 2 years. This has brought a huge population of online platforms and hence data at risk, and it has increased concerns over data privacy and data security. This has also led to more awareness on how to adapt to the secure posturing for the organization and its people process and technology to be aligned to the cybersecurity goals.

What are some of the worst habits that can put not only an enterprise’s workload but also their customer data at risk?

There would be many habits. However, here are some of the most common:

  • Not having basic Security Controls within the organization
  • Provide information access based on the positions rather than the roles
  • Not having adequate employee awareness over security and privacy
  • Not having adequate NDA with third parties while sharing the information
  • Not testing the business assets for any security loopholes
  • Access confidential data over public Wi-Fi
  • Conducting work via personal email
  • Emailing confidential data to those outside the company

In your opinion, why do certain companies still fail to recognize the necessity of regular audits and tests?

Firstly, there is a lack of understanding among the top management about the importance of information Security and Privacy for their business. Once they understand the value of the information they are holding, then they will surely convince themselves of the requirement of protecting the same.

Secondly, lack of Subject Matter experts who really want to support such organizations to create awareness and help them to understand the organization’s risks and mitigate the same. Regular Audits and Testing on the business assets, surely help the organization to understand their security posture and how much risk they are carrying, and provide some transparent inputs for improvements.

However, without addressing the First and Second points, any other approach will be merely a waste of time and money. The companies fail to recognize this aspect maybe because of two reasons. One is that they are ignorant about the basics and fundamentals, and another is that they are trying to cut corners to maximize short-term profits and are ignorant about the impending disaster in the making.

What issues can an organization run into if it doesn’t have appropriate compliance certifications in place?

There are two aspects to this element. One is not meeting the required regulatory requirements and hence will, for sure, lead to license revocations and ultimately closure of the business. However, the worst is when non-compliance leaves you at risk for financial losses, security breaches, business disruptions, poor customer feedback, erosion of trust from both clients as well as employees, and a damaged reputation.

Having relevant certifications assures their internal and external stakeholders like employees, customers, regulatory bodies, and vendors about the culture of the organization on security practices and this can be used to attract new business opportunities. It also helps them differentiate themselves from their competitors.

Talking about personal cybersecurity, what safety measures do you think everyone should have implemented?

This is indeed a wish-list of expectations. We do feel that the personal cybersecurity topic is very important and many & most of us would already have understood the need for adequate safety measures that we should be deploying. There are indeed do’s and don’ts for this. However, the actual situation remains different. There is no question about whether safety measures should be implemented. It is more important that we push for the implementation of the below minimum personal cybersecurity measures like:

  • Keep your software up to date
  • Use Anti-Virus protection & personal firewall
  • Use strong passwords
  • Be vigilant while opening any unknown emails, or messages, and downloading any materials from unknown sources
  • Don’t disclose your sensitive and personal information to unknown people
  • Backup your data regularly
  • Don’t use public Wi-Fi
  • Review your online accounts & credit reports regularly for changes

Would you like to share what’s next for QRC?

So far, QRC has focused on providing quality services to the customers in the domain of Security Compliances. However, going forward, we want to build a whole ecosystem where customers can get end-to-end transparency and control while implementing the various compliances. QRC is on the verge of launching its first product developed in-house called CPMS – Compliance and Project Management System.

CPMS is a single centralized platform that helps organizations to understand the requirements from a global security standards perspective and provide sufficient guidelines to implement the controls, collaborate, communicate with all stakeholders in real-time, generate compliance posture reports, etc. I would say overall CPMS is a proactive compliance management system for businesses of all sizes that allows organizations to manage compliances, which will help minimize regulatory enforcement exposure, increase business efficiency, and enhance customer satisfaction.

Some of the key features might be: Centralized Compliance Control, Tailored IT compliance templates for quick-start implementation, forecasted compliance efforts, and real-time dashboards to monitor your risk and compliance posture. And for the key benefits, I could mention automated alerts and triggers, an integrated and comprehensive view of your Compliance Status, concise risk reports, and tracking of international compliances.



Comments

Venkata Readdy Challapati Nagaraj Swami
Venkata Readdy Challapati Nagaraj Swami
prefix 30 days ago
Good Article indeed, give good insight into the life of an Entrepreneur.
Leave a Reply

Your email address will not be published. Required fields are marked