Cert-In pivots cybersecurity audits to threat readiness
Empower your mind, elevate your skills
ETtech
The cybersecurity audit guidelines issued by the Indian Computer Emergency Response Team , or Cert-In, will revamp how such audits are approached in the country, shifting the focus from checklist-based compliance to continuous threat preparedness , experts said.The stringent audit framework released last week is expected to compel both public and private entities to implement robust measures that not only prevent breaches but also enable real-time response amid rising cyber threats, they said.'Indian enterprises have recognised the impact due to cyber risk, and the recent spate of cyber incidents has further heightened the sensitivity. The Cert-In guidelines are timely and comprehensive,' said Atul Gupta, partner at KPMG. 'It is heartening to see the inclusion of attack vectors like VPNs, supply chains, and access controls, which have been repeatedly exploited in recent breaches.'Audits are now expected to go beyond policy declarations and cover technical configurations, evidence logs, cloud infrastructure, and even secure code history.Cert-In has made it mandatory for cybersecurity audits to comprehensively cover an organisation's entire ICT structure, including APIs, apps, cloud, and operational technology (OT) systems, using both manual and automated testing. Auditors must follow global frameworks and report vulnerabilities to reflect severity and real-world risk.Operating under the electronics and IT ministry, Cert-In is the national nodal agency for cybersecurity.Firms noted that one of the most significant changes is the expectation for top management to take ownership of cybersecurity audit programs.'There is now a clear top-down mandate,' said Munjal Kamdar, partner at Deloitte. 'Boards must define scope, approve remediation actions, and ensure comprehensive coverage, from secure software setups to risk exception handling.'Auditors are also required to retain logs, review code, and verify secure configurations – practices that were earlier optional or inconsistently implemented.'The real opportunity is in becoming breach-ready, building programs that can detect, respond, and recover in real time,' said Sundareshwar Krishnamurthy, partner and leader, cybersecurity, at PwC India.The guidelines also call on Cert-In-empanelled audit firms to reskill teams to keep track of audit complexities.With hyperconnected applications, multi-cloud adoption, and AI-enabled platforms growing rapidly, security audits must now be conducted by teams that 'understand threat exposure and can apply professional judgment,' noted Gupta of KPMG.Deloitte's Kamdar said, 'Audits are no longer one-size-fits-all. Technical scope, documentation, and manual testing capabilities will all have to scale up.'The Cert-In guidelines even illustrate how firms must handle audit-related data securely, restrict the use of freelancers, prohibit audit subletting, and enforce report confidentiality.Experts said sectors such as banking, telecom, healthcare, and energy, which are already under regulatory pressure, will feel the impact most immediately. However, smaller firms will also have to adapt quickly.'We are seeing a mindset shift,' Krishnamurthy of PwC India said. 'Security is no longer about passing an audit, it's about protecting business continuity, reputations, and national infrastructure.'As India ramps up its cybersecurity defences amid rising attack frequency and regulatory scrutiny, these new Cert-In guidelines may well serve as a foundational framework.Experts believe these could also prompt the development of a more mature, standardised, and transparent cybersecurity audit system – a need long felt by both enterprises and regulators.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Hindustan Times
17 minutes ago
- Hindustan Times
Pakistan lost nearly ₹127 crore after closing airspace to India in 2 months: Report
Pakistan has reportedly lost nearly ₹127 crore in over two months since it shut its airspace to India following the suspension of the Indus Waters treaty after the April 22 Pahalgam terror attack. Pakistan shut its airspace to all Indian airlines on April 24 (Unsplash/Representative) According to a Dawn report, Pakistan's the Ministry of Defence has informed the National Assembly that the country lost the amount from April 24 to June 30, and that the loss was in overflying revenue. However, while it submitted the data of the losses, Pakistan's Defence Ministry reportedly said amounts reflected 'revenue shortfalls, not overall financial losses', adding that overflight and aeronautical charges have remained the same. 'While financial losses occur, sovereignty and national defence take precedence over economic considerations,' the Defence Ministry reportedly said in a statement. Pakistan shut its airspace to all Indian airlines on April 24 as it rejected India's decision to suspend the Indus Waters Treaty of 1960. Islamabad had said that any stopping or diversion of water under the pact would be seen as an 'act of war'. Pakistan has since stopped allowing any Indian plane to use its airspace, reducing its transit traffic by nearly 20%, Dawn further reported. The publication also said that a similar closure of airspace back in 2019 led to a loss of ₹235 crore. Pakistan had shut the airspace to India followed by an Indian Air Force strike on a Jaish-e-Mohammed (JeM) terror camp in Balakot in February, 2019. Both India and Pakistan continue to close airspaces to each other. While New Delhi has extended the closure of its airspace to the neighbouring country till August 23, Pakistan has reportedly extended it till the last week of this month.
Indian Express
17 minutes ago
- Indian Express
Inside Track: Wheeling in Circles
At the start of 2025 we were led to believe that we were Donald Trump's special friend and that India would probably be the first to conclude a trade tariff agreement with the US. Now we are not just back of the queue, but could be blackballed! A close observer of Trump-India relations has a different take from others for the mysterious fallout. It was not initially about Russian oil, Pakistani perfidy or thwarting Trump's Nobel Peace Prize ambitions. Trump was infuriated with India's dilatory tactics in signing a deal, which goes back to his first presidency. His joint appearance with Modi in Texas in 2019 was meant to help seal an agreement, but talks fell through a day later in New York. Time and again, as in Gujarat February 2020, like the traditional smooth-talking Indian trader, our officials assured that a deal was almost through, without confessing candidly that some portions of the deal concerning agriculture and dairy products were non-negotiable. Unfortunately, Trump is focused on just this sector, since his Republican supporters come from the farm belt. As US Commerce Secretary Howard Lutnick remarked angrily, 'You claim to be such a big country and you can't accept a bushel of American corn.' After being re-elected, President Trump was even willing to overlook past slights. (PM Modi did not call or even telephone Trump during his three visits to the US during the Biden presidency.) But in 2025, once again, despite the head-start in negotiations, the deal has not materialised! Retired IAS officer Subhash Chandra Garg's new book is titled No Minister. The former Finance Secretary does not hold back in recalling riveting encounters with his ministerial bosses, some of whom, in fact, refused to take no for an answer, despite bureaucrats citing the rules and the wishes of the incumbent PM. Garg names P Chidambaram among the naysayers who, as finance minister, threatened then PM Manmohan Singh with his resignation unless his proposal that 60-70 secretary level-posts were allotted to the Indian Revenue Service cadre. In Garg's view, this unbalanced the bureaucratic structure without improving tax collection. Similarly, Andhra CM Chandrababu Naidu, on whom the Vajpayee government was dependent for survival, cornered more than 40 % of the portfolios of Indian projects approved by the World Bank in 1999 and 2000. Despite objections from the government, Naidu forced them to agree to his audacious demand, in disregard of fair Central resource distribution. Similarly, Kamal Nath bullied his way so that 5% of the total pool of government houses in Delhi was part of his discretionary quota, which largely included newly constructed category type VII and VIII bungalows in Moti Bagh. Considering it is an intra-party contest to elect the fairly modest position of secretary (administration) of the Constitution Club, it is surprising that the poll has attracted intense national interest and media scrutiny. In contrast, Rajeev Shukla (Congress) has been elected unopposed as secretary (sports) and Tiruchi Siva (DMK) as secretary (culture) without any rancour. There seems more than meets the eye in the fierce tussle between the two ill-matched adversaries for the post of administrative secretary. The jocular, down-to-earth ex-MP and UP Jat leader Sanjeev Balyan, who only joined the club eight years ago, appears to have been pitch forked into the contest, while Rajiv Pratap Rudy, the suave Bihar MP who has been the guiding spirit behind the club for the last 25 years, is credited with upgrading its facilities, including gyms, saunas, lounges and sports facilities. Balyan's most vocal campaigner is controversial Bihar MP Nishikant Dubey, who is fighting with all the vehemence and caste calculations of a panchayat election and throwing names of powerful central politicians. Pratap, more discreet, is believed to be backed by an influential regional satrap, who has not shown his hand openly. Amidst constant reports of Air India's slipping standards, I am pleased to report my recent personal experience of the airlines, which demonstrates that the staff's spirit of service beyond the call of duty, the hallmark of JRD Tata's original Air India, has not vanished. While flying back from Kenya on an AI flight, the senior air hostess noticed my distress as I rummaged through my carry bag and under the seat for my missing iPad, which had obviously been left behind in Nairobi. I presumed resignedly that recovering my iPad was like looking for a needle in a haystack, but I had not reckoned with the resourcefulness of the very helpful air hostess and the AI Nairobi manager. The latter, with the assistance of his counterpart at the Nairobi airport lounge, located the missing iPad, got it identified through WhatsApp photos and arranged to have it returned to Delhi within a week.
Time of India
17 minutes ago
- Time of India
Alexa got an AI brain transplant: How smart is it now
Tired of too many ads? Remove Ads Tired of too many ads? Remove Ads Tired of too many ads? Remove Ads For the last few years, I've been waiting for Alexa 's AI glow-up.I've been a loyal user of Alexa, the voice assistant that powers Amazon 's home devices and smart speakers, for more than a decade. I have five Alexa-enabled speakers scattered throughout my house, and while I don't use them for anything complicated -- playing music, setting timers and getting the weather forecast are basically it -- they're good at what they since 2023, when ChatGPT added an AI voice mode that could answer questions in a fluid, conversational way, it has been obvious that Alexa would need a brain transplant -- a new AI system built around the same large language models, or LLMs, that power ChatGPT and other products. LLM-based systems are smarter and more versatile than older systems. They can handle more complex requests, making them an obvious pick for a next-generation voice agrees. For the last few years, the company has been working feverishly to upgrade the AI inside Alexa. It has been a slog. Replacing the AI technology inside a voice assistant isn't as easy as swapping in a new model, and the Alexa remodel was reportedly delayed by internal struggles and technical challenges along the way. LLMs also aren't a perfect match for this kind of product, which not only needs to work with tons of preexisting services and millions of Alexa-enabled devices but also needs to reliably perform basic finally, the new Alexa -- known as Alexa+ -- is here. It's a big, ambitious remodel that is trying to marry the conversational skills of generative AI chatbots with the daily tasks that the old Alexa did which has been available to testers through an early-access program for a few months, is now being rolled out more widely. I got it recently after I bought a compatible device (the Echo Show 8, which has an 8-inch screen) and enrolled in the upgraded version. (Prime members will get Alexa+ at no cost, while non-Prime members will have to pay $19.99 per month.)The New York Times recently announced a licensing deal with Amazon, which will allow Amazon to use Times content in its AI systems, including Alexa+. The Times is also suing OpenAI, the maker of ChatGPT, and Microsoft for alleged copyright violations related to the training of AI systems.I have good news and bad news for my fellow good news is that the new Alexa+ is, in fact, more fun to talk to than the old one, with more realistic synthetic voices and a more humanlike cadence. (There are eight voices to choose from; I used the default setting, an upbeat female voice.)And I liked some of Alexa+'s new capabilities, such as booking a table at a restaurant and generating long stories and reading them to my new Alexa is also better at handling multistep requests. "Set three kitchen timers for 15, 25 and 45 minutes" and "write a one-day itinerary for a trip to San Diego and send it to my email" were two prompts that worked for Alexa+ doesn't require you to say its wake word every time you talk to it, so you can go back and forth or ask it follow-up questions, which is a nice bad news is that despite its new capabilities, Alexa+ is too buggy and unreliable for me to recommend. In my testing, it not only lagged behind ChatGPT's voice mode and other AI voice assistants I've tried but also was noticeably worse than the original Alexa at some basic I asked Alexa+ to cancel an alarm the other morning -- a request I had made to the old Alexa hundreds of times with no issues -- it simply ignored I emailed a research paper to alexa@ in order to hear Alexa+ summarize it while I washed the dishes, I got an error message saying the document couldn't be also hallucinated some facts and made some inexplicable errors. When I asked it to look up Wirecutter 's recommended box grater and add it to my Amazon cart, it responded that "according to Wirecutter, the best box grater is the OXO Good Grips Box Grater." Wirecutter's actual box grater pick is the Cuisipro 4-Sided Box Grater. Luckily, I caught the mistake before ordering. When I asked Alexa+ to walk me through installing a new AI model on my laptop, it got tripped up and started repeating, "Oh, no, my wires got crossed."And I didn't have access to some of the new Alexa+ features Amazon advertised, such as a "routine" feature that triggers several different actions when a user enters a room. (I wanted to have Alexa+ greet me in the mornings with a motivational speech and a high-volume rendition of "Eye of the Tiger," but the presence-sensing feature hasn't been turned on yet, according to an Amazon spokesperson.)Daniel Rausch , the Amazon vice president who oversees Alexa and Echo, told me in a recent podcast interview that many of these flaws would be fixed soon as Alexa+ rolled out more widely and more of its features came online."We've got some edges to sand," he said the biggest challenge in building generative AI models into Alexa was that they were fundamentally different types of old Alexa, he said, was built on a complicated web of rule-based, deterministic algorithms. Setting timers, playing songs on Spotify, turning off the lamp in your living room -- all of these features required calling up different tools and connecting with different interfaces, and they all had to be programmed one by generative AI to Alexa forced Amazon to rebuild many of these processes, Rausch said. Large language models, he said, are "stochastic," meaning they operate on probabilities rather than a strict set of rules. That made Alexa more creative but less also made the voice assistant slow. Rausch recalled an early internal demo in which Alexa+ took more than 30 seconds to play a song -- an "excruciating" delay, he said, that led the team to rethink its approach."These models are slow to respond when they're following a deep set of instructions," he said. "We're asking them to do something quite hard."Another challenge to overcome, Rausch said, was generative AI's wordiness. Initially, when engineers hooked Alexa up to large language models, the system would sometimes produce long, verbose answers or introduce needless complexity. Alexa+ might respond to a user's request for a 10-minute kitchen timer with a 500-word essay about the history of kitchen solution, Rausch said, was to spend several years combining more than 70 AI models -- some Amazon's proprietary models and some from outside providers, like Anthropic's Claude -- into a single, voice-based interface, with an orchestration system that routes a user's request to the model that is best suited to handle it."The magic, when it is working really well, is to get those new ways of speaking to Alexa to interface with those predictable outcomes or behaviors," he are other barriers, too. One of them, Rausch said, is that many longtime users have learned how to "speak Alexa," phrasing their daily requests in familiar commands that they know the system will understand."We all sort of came up with our way of setting a timer to get the pasta done on time," he Alexa+ processes language in a more fluid way. Users can talk to it as they would talk to a human -- no robot pidgin required -- and that may necessitate some retraining.I assume that many of the flaws will be ironed out and that most users will acclimate to the new way of speaking to Alexa+. I'm also inclined to cut Amazon some slack, since building LLM-based technology into a reliable voice assistant seems like a thorny technical problem, and it's not like anyone else has solved it. ( Apple , which has been struggling to give Siri an AI upgrade for years, certainly hasn't.)I also don't think the limitations of Alexa+ suggest that generative AI models are inherently unreliable or that they'll never work as personal voice assistants. Ultimately, I think it's just really hard to combine generative AI with older, legacy systems -- a lesson many companies, both inside and outside tech, are learning the hard way right now -- and it's going to take some time to work out all the now, I'm going to downgrade my devices to the older, less intelligent version of Alexa and leave the beta testing to others. With AI, as with humans, sometimes raw intelligence matters less than how you use it.
