Mr. Ratan Jyoti,
CISO,
Ujjivan Small Finance Bank Limited,
Creating a resilient IT infrastructure has always been an idea way before the turn of events, but now it seems things are more about necessity than intelligence. It is clear that as businesses become more and more tech-centred, consequential risks such as cyberattacks or systematic faults maturing could crash all enterprise operations. It’s no longer enough to just react to threats; organisations need to plan ahead, ensuring they can both protect themselves from attacks and recover quickly when something does go wrong.
Resilience in IT infrastructure means creating systems that don’t just withstand cyber threats but also guarantee business continuity in the event of a disaster. It is a delicate balance of computer security and running business as usual, often at odds in practice if not strictly by definition.
It is a simple fact: Cyberattacks have become very common. They are the new normal and they continue to advance in sophistication daily. AI-driven attacks, ransomware, and even the prospect of quantum computing breaking today's encryption now present businesses with a more existential threat than ever before. A strong-rooted cyber security background is thus mandatory.
Organisations can’t afford to wait for an attack to happen. organisations cannot be reactive: they must embark on a proactive approach allowing them to continuously monitor the threat environment and receive intelligence in real time as required. Using sophisticated tools such as artificial intelligence and machine learning, companies can recognise patterns and outliers before they materialise in widescale attacks. These technologies can do a better job of predicting and identifying security threats than humans– which means that organisations they help to defend will be able to respond quickly.
Today's encryption methods may be compromised by the new generation of quantum computing. The bottom line is that we must prepare for this shift. By investing in quantum-resistant encryption now, at least businesses can hedge their bets against the fact that this new technology will arrive on the market (via VentureBeat).
Incidents can still happen, even with the best and most robust cybersecurity measures. This is why mixing in security with business continuation and recovery works. A reliable infrastructure not only prevents attacks but ensures the business keeps running with little interruption.
Organisations also face the challenge of managing a dynamic regulatory environment. Moreover, adhering to guidelines like GDPR, PCI DSS and the Digital Personal Data Protection (DPDP) Act, falls straight into legal requirements; it's what will keep us in good books with our customers and more importantly as a credible industry partner.
Governance is vital here. Adhering to regulation is not just about staying legal but building compliance into the operating model of an organisation and being prepared for when new rules are implemented. That includes monitoring risks, conducting audits and remaining informed on the best practices in data privacy.
Security also needs to be embedded in the development process—a concept known as DevSecOps. By including security at every stage of development, from initial design to deployment, companies can ensure that vulnerabilities are addressed before they become a problem. This proactive approach helps prevent breaches, reduces risk, and fosters a culture where security is everyone’s responsibility.
No organisation operates in a vacuum or as silos, especially when it comes to cybersecurity. With modern digital ecosystems where everything is interconnected, a security breach in one organisation affects all others who are connected within that frame. Which is why it requires strong collaboration.
Collaborating allows businesses to create threat intelligence, industry-wide baselines and response frameworks for large-scale attacks. It is not only a matter of protecting individual institutions but that should protect all the industry as such.
The key lies in making cross-industry partnerships and working together with regulators. This partnership extends beyond national borders. Cyber threats are international so the response to them should be likewise. Organisations that share knowledge across nations can fortify their protections and bolster international financial resilience in the process.
Creating a robust IT infrastructure is not only about the latest technology, but it also demands highly skilled staff that know how to use this innovative tech. Unfortunately, the shortage of cybersecurity talent is a challenge that many organisations face. To bridge this gap, businesses need to invest in training their current staff and finding new ways to attract top talent.
But it’s not all about human resources. New technologies like AI can partially bridge this gap by taking over manual work and allowing the human workforce to focus on more complex problems. Businesses that can blend the necessary capabilities of a talented workforce with technology will have what it takes to manage whatever challenges they face.
In a world that is constantly evolving as new technologies are born, organisations should be more focused than ever on creating systems and networks defaulting to an up-to-date resilient IT infrastructure. Security has evolved from basic cybersecurity into a comprehensive strategy that combines security with business continuity, governance and collaboration.
By focusing on the future, investing in both technology and talent and fostering a culture of resilience, businesses can protect themselves not just from today’s threats but from whatever challenges tomorrow may bring. The time to act is now because resilience isn’t just about survival—it’s about leading the way forward.
Mr Ratan Jyoti, Chief Information Security Officer (CISO) at Ujjivan Small Finance Bank, leverages over two decades of expertise in cybersecurity, cloud security, and DevSecOps. At Ujjivan, he leads the security strategy and operational direction for 20,000+ employees across four regions, focusing on incident response, disaster recovery, and digital security.
His distinguished career includes significant roles at Vijaya Bank, where he developed the bank's information security framework, and earlier positions at Corporation Bank and Oriental Bank of Commerce. He also pioneered India’s first Data Warehouse at the Indian Agricultural Statistics Research Institute.
Mr. Jyoti’s contributions to the field have been recognized with numerous awards, including the Top 50 Global Thought Leaders and Influencers on Cloud Computing (January 2020), 100 B2B Thought Leaders and Influencers to Follow in 2020, CSO 100 Award 2019, Champion CISO 2019, Infosec Maestro 2018, CISO Platform 2018, Infosec Maestros Award 2017, DynamicCISO - Magnificent Seven Award 2017, and Infosec Maestros Award 2016.
His influential publications include "Will Blockchain Replace Banks?" (CPO Magazine), "Will the Self-Securing Cloud Replace Security Professionals?" (CPO Magazine), "Are Humans Necessary to Cyber Threat Intelligence?" (CSO Forum), and "Data Security and Privacy Concerns for the Indian Banking Industry" (CIO Review), among others. His certifications, including CISSP, CISA, and CDPSE, further underscore his deep commitment to advancing cybersecurity practices. Mr Ratan Jyoti’s innovative approach continues to drive resilience and security in an evolving digital landscape.
