In an era where supply chains are increasingly digitized and vulnerable to cyberattacks, the role of the CISO has never been more critical. The Cyber Express sat down with Mihirr P Thaker, CISO at Allcargo Group, to discuss the challenges and opportunities facing cybersecurity professionals in the logistics industry. With over two decades of experience in the field, Mihirr shared his journey from an IT professional to a cybersecurity leader, reflecting on the complexities of securing global supply chains in a digitized world.
In this interview, he offers a CISO’s perspective on the critical balance between security and operational efficiency, the role of AI in threat detection, and the importance of collaboration in building resilient cybersecurity frameworks.
Here’s an excerpt from the interview.
TCE: Can you share your personal journey into the cybersecurity field and what led you to become the Chief Information Security Officer at Allcargo Group?
Mihirr P Thaker: Well, after my initial formal education in Computer Science and early jobs with system integration partners into business roles for IT infrastructure services, my professional journey into the cyber security domain started in 2005. I was introduced to ISACA (Information Systems Audit and Control Association) by a friend. ISACA is a global community of IS/IT professionals, offering a platform for continuous learning and training and idea exchange. As a young IT professional with five years of experience at that time, becoming a member of ISACA was a turning point in my career.
I achieved Certified Information Systems Auditor certification in 2006 and launched my career in information security, cyber security, business continuity management, the risk management practices, etc. It’s an exciting phase of continuous learning which is still going on. In 2021, I achieved a Cybersecurity Nexus Professional (CSX-P) certification at ISACA to further strengthen my knowledge base and skills, as data protection and cybersecurity practices are at the centre stage of business & evolving constantly due to the ongoing technology advancement and growing digitization and proliferation of the internet.
Meanwhile, I rose through the ranks in various organisations banking on my knowledge and expertise. The role of Chief Information Security Officer (CISO) at Allcargo Group gave me an opportunity to reinvent myself as a seasoned cybersecurity professional and unleash my learning and experience to build a robust cybersecurity and information security system.
The entire process of developing an advanced cybersecurity framework for the global logistics conglomerate by deploying essential technologies and human capital pushed my limits. I was on a steep learning curve. Having said that, in the cybersecurity domain, you cannot afford to rest on your laurels. So, our team members are always on their toes to face emerging challenges.
TCE: What are some of the major pain points you’ve encountered as a CISO, and how have you addressed them?
Mihirr P Thaker: A CISO requires both collaborations and co-operations across the organizational IT landscape to make the desired impact. The process of implementing security controls requires cooperation, as control mechanisms are applied at various points—endpoints like desktops and laptops, servers, applications, databases, or even perimeter defences like firewalls.
These controls are managed by different teams such as server managers or desktop application managers. Implementation of security measures across these platforms involves significant collaboration, as the expectations and security objectives need to be communicated clearly and aligned with operational priorities.
The human psyche is that everyone prefers seamless access. Therefore, the idea of entering passwords each time to access software, systems, etc. can face resistance. In such a scenario, effective communication becomes essential in conveying the importance of these measures. Security must be seen as a growth enabler, not a hindrance. Cybersecurity is akin to the best braking system of Formula One cars. It facilitates higher performance by providing the necessary safety.
In the realm of cybersecurity, India is making rapid progress in terms of technology deployment. The successful roll-out of UPI equipped with enhanced cybersecurity measures is a proof of that advancement. However, the emergence of zero-day vulnerabilities in software poses a challenge, requiring vigilance and prompt patching to maintain robust security.
Effective vulnerability management, which involves proactive identification, assessment, prioritisation and alleviation of cybersecurity threats is the key, much like maintaining immunity in the face of a pandemic.
TCE: How do you manage the balance between strategic oversight and the day-to-day operational demands of a CISO role?
Mihirr P Thaker: If a CISO immerses himself or herself in managing day-to-day operations, he or she loses focus on the broader strategic objectives and the larger organizational goals. Attention to detail is undeniably important. After all, the saying goes that the devil is in the details. So, there is also a need to step back and see the bigger picture. In the information age, the ability to analyze data, extract meaningful insights, and translate them into actionable intelligence is vital for making informed decisions.
But, there is a fine line between doing too much yourself and delegating too much to the team. If everything is delegated, there is a risk of losing connection with critical details. On the other hand, doing everything yourself can hinder the development of the team and limit the overall strategic supervision. A CISO needs to find this balance to both maintain control and develop connections with the team.
My recipe for striking the balance is to hold daily interactions, and weekly, monthly, and quarterly reviews with the team to engage with ongoing operations while maintaining a strategic perspective. I try to create a balance between them to ensure effective strategy-making and operational resilience.
TCE: How crucial is collaboration with external cybersecurity experts and vendors in ensuring the security of logistics systems?
Mihirr P Thaker: A digitally enabled supply chain operation requires a strong cyber-security framework as it is critical service for the functioning of the industry. So, mitigating the possibilities of cyber security incidents becomes a priority in the process of building operational resilience. In an interconnected economy, supply chain companies engage with multiple partners over multiple digital platforms such as mobile apps, email, APIs, etc.
So, seeking external collaborations with cybersecurity experts often helps in developing stronger security shields against unauthorized access and cyberattacks. However, precautions need to be taken while onboarding external experts and such safety measures include carrying out due diligence, keeping a tab on external experts’ data access activities, specifying a limit to data access, etc.
TCE: With the rapid advancement of technology, how do you see AI-driven threat detection and response transforming cybersecurity in the logistics industry?
Mihirr P Thaker: AI strengthens predictive decision-making capabilities in identifying cyber threats and cyber security breaches. It enhances threat detection competencies by processing vast datasets from various sources, and identifying subtle warning signs that human analysts might fail to notice. It also automates tasks without human intervention.
This in a way helps logistics and supply chain organizations in channelizing human intelligence in addressing vital problem areas. As the global supply chain is becoming increasingly complex, AI can help in optimizing cyber security capabilities to prevent attacks.
TCE: How do you strike a balance between implementing strict security measures and maintaining the efficiency of logistics operations, which often require speed and real-time data access?
Mihirr P Thaker: The digitization aims to create a seamless and frictionless user experience for both the internal and external stakeholders. However, at the same time, it is important to hold discussions with the stakeholders at the initial stage to align them with the cybersecurity objectives. Because rushing through digitization without proper security measures and practices in place can lead to increased vulnerabilities.
It is also critical to make everyone understand that the role of cybersecurity is not about policing. Ensuring security is everyone’s responsibility. In an organization, everyone needs to contribute to cybersecurity efforts. Educating stakeholders about the importance of these practices is essential in fostering a secure environment. That’s how digital trust is built which eventually leads to adhering to robust security practices. One should keep in mind that a strong cybersecurity framework is based on confidentiality, integrity and availability triad and a cybersecurity professional is a key architect of that foundation.
TCE: From your perspective, what are the top cybersecurity challenges currently facing the logistics industry, and how are they evolving?
Mihirr P Thaker: Logistics and supply chain operations require cooperation and collaboration among multiple stakeholders at various levels for efficient transportation of goods. The emergence of electronic data interchange (EDI) and application program interface (API) have made data exchange among supply chain stakeholders swift and the collaborations synchronized. Now, with the growing adoption of those technologies, one of the key responsibilities of a cybersecurity head of a logistics company is to keep those vital system interconnects free from cyber risks.
In addition, given the growing demand for enhanced logistics service efficiency, logistics companies are overhauling their legacy systems and adopting cloud computing. Therefore, instead of calling them a challenge, I would like to look at the scenario as an opportunity for cybersecurity professionals to improve the learning curve and address the vulnerabilities of the complex digital supply chain.
TCE: What do you believe are the key areas where the cybersecurity industry still lacks innovation or improvement?
Mihirr P Thaker: Well, the cybersecurity landscape in India is in a state of flux and digital advancement presents both opportunities and potential for further improvement. Having said that, in the midst of the rapid pace of technological advancements, technology adoption demands a strategic, rather than reactionary, approach. Adopting new technology simply because it’s trending can lead to poor outcomes. For example, AI is currently a buzzword, but security has long used similar concepts like SIEM (Security Information and Event Management). The mechanisms consolidate logs and provide actionable insights.
AI and data science now have enhanced these capabilities, facilitating faster and more efficient processing. Therefore, it is important to identify real benefits from hype. Gartner’s hype cycle illustrates that every technology goes through various lifecycle stages and cyber security leaders must carefully assess its relevance and value before adoption.
Moreover, the threat actors in the cybersecurity domain are now smarter than ever. So, to identify and prepare a defence against these malicious individuals or groups, cybersecurity professionals must collaborate and exchange inputs. The collective efforts in knowledge sharing will drive continual improvement, ensuring that cybersecurity defenders stay ahead of emerging threats.
