CIO TechWorld
Banner Image
Banner Image
  • Home
  • Technology
    • AI/ML
    • API
    • AR/VR
    • Big Data
    • Blockchain
    • Cybersecurity
    • Cloud
    • DevOps
    • IoT
  • Vertical
    • Aviation
    • Construction
    • Education
    • Energy
    • Healthcare
    • Legal
    • Logistics
    • Manufacturing
  • Enterprise Software
    • Asset Management
    • CRM
    • Enterprise Content Management
    • Enterprise Storage
    • ERP
    • HRM
  • Process
    • Procurement
    • Supply Chain
  • Magazines
  • CXO Ladder
  • Authors
  • Events
  • About Us
  • Newsletter
  • Contact Us
No Result
View All Result
CIO TechWorld
No Result
View All Result

Rishiraj Mukherjee: Cyberattacks Confront Promotional Products Industry, How to Counter Them

by Rishiraj Mukherjee, CIO, Hit Promotional Products
0 0
Rishiraj Mukherjee: Cyberattacks Confront Promotional Products Industry, How to Counter Them

Rishiraj Mukherjee, CIO, Hit Promotional Products

Share on XShare on Linkedin

Rishiraj Mukherjee, CIO of Hit Promotional Products, in his The State of Cybersecurity in the Promotional Products Industry article writes: Promotional Products is a sector worth about 21 billion dollars, primarily comprised of small businesses, although there are notable large suppliers, distributors, buying groups, and service providers. Within this industry, only a few companies have a dedicated Chief Information Security Officer (CISO) or Cyber Analysts, largely because it is sales-driven. Lately, most attacks in this industry stem from malicious links in emails, with employees inadvertently clicking on them, leading to the installation of malicious code and enabling the spread of the attack. The upcoming sections delve into my insights about cyberspace and essential tools and concepts. While I may not cover everything, it’s my aim to provide sufficient information to guide our industry in the right direction.

Rishiraj Mukherjee: Why are Emails a Common Attack Vector?

Our industry deals with a lot of art files, Excel sheet lists of addresses in some cases, and tracking URLs. The use of URLs to encapsulate this data is common, making it easy for someone to spoof a link to a malicious URL and download an agent into the computer. One way to mitigate this risk is through user training. There are several good products available to educate users on identifying and avoiding malicious links. Creating training materials that captivate the audience and provide necessary education can be challenging, as is curating that catalog.

The second measure to deploy is utilizing products like Mimecast and Microsoft Defender to check if the URL is malicious and auto-block such URLs. Additionally, it’s important to establish a method for users to tag an email as a phishing attempt. Having a toolkit available for users to safely check URLs in a sandbox environment is equally important.

Rishiraj Mukherjee: Why are WAF’s Important?

Web Application Firewalls (WAFs) are procurable systems that check for DDoS attacks, activity from bots, and traffic from unwanted countries. They also trigger Captcha-like systems when too many requests come from specific IPs. The promotional industry, with its numerous public-facing websites, necessitates WAFs as a vital defense line in the current landscape of cyberattacks.

EDR and XDR are Necessary

Think of EDR as an antivirus system on your computer, but with more capabilities. EDR can be customized to target specific attack vectors and utilize AI to distinguish normal patterns from abnormal ones, triggering alerts accordingly. It is capable of searching for specific hashes, malicious code, and executables. Additionally, EDR can aid in isolating a host and removing it from the network remotely.

On the other hand, XDR is a comprehensive system that monitors cloud devices, endpoints, networks, and more. It operates at a macro level, while EDR focuses on a micro level. The key takeaway is the importance of fine-tuning these systems to ensure that appropriate alerts are thoroughly investigated. The sheer number of alerts can be overwhelming if the systems are not properly tuned.

Rishiraj Mukherjee: PAM, SIEM, and Encryption

·         PAM: Implementing a password management tool for both internal and service accounts addresses a significant challenge, and that’s precisely what PAM aims to resolve. It allows for the rotation of passwords and necessitates passwords being checked out for critical servers to access systems. This effectively eliminates the vulnerability of a single compromised admin account compromising the entire system.

·         SIEM: Given the array of tools and extensive logging, a unified interface that aggregates data and presents it in the form of a dashboard is essential. This is precisely the role SIEM plays. However, it’s important to note that the installation and configuration of SIEM can be time-consuming and complex. Despite this, the effort is completely worthwhile when executed correctly.

·         Encryption: Envision a system that actively monitors the network for sensitive documents and automatically encrypts these files—an ideal scenario that significantly bolsters data security by making exfiltration more challenging. Additionally, integrating a password tool into the system for decryption, based on a structured checkout process for files, enhances security. Fortunately, such systems do exist, making them a valuable addition to any toolkit, offering robust protection for critical documents.

I firmly believe that the promotional products industry could benefit from a more extensive implementation of these tools, thus advancing and fortifying our industry’s security posture.

Rishiraj Mukherjee: 2FA is Easy and Important

There are numerous methods to implement 2FA, and selecting one for logins on systems should be an absolute priority. Passwords can be relatively easy to guess, making 2FA crucial in such scenarios. For your executives, employing a physical key fob for logging in may become a necessary measure.

Rishiraj Mukherjee: Information Exchange

Being a part of an information exchange for cyber attacks is crucial. I am a member of the RH-ISAC, and the insights I gain are invaluable, significantly bolstering our defenses against the evolving landscape of threats in the industry.

Rishiraj Mukherjee: The Journey So Far

My journey in the cyber world started rather late. I dabbled in a few things after I took on the VP of IT role, but I truly began to focus on it about 6 months after assuming the position of CIO. Late last year, I began investigating the possibility of achieving SOC2 compliance for our organization. In March of this year, we experienced a cyber-attack, which we effectively mitigated. We successfully completed the SOC2 initiative in early July. This rollercoaster ride has been an incredible learning experience, contributing significantly to my personal growth. I must acknowledge and appreciate my exceptional and highly skilled team for their invaluable contribution in achieving our goals. Additionally, the unwavering support of the leadership team has been instrumental at every step. Cybersecurity is a matter of utmost importance and should be a top consideration for every executive.

Explore the magazine here: https://lnkd.in/g-9qCrrj
Explore the HTML magazine page here: https://lnkd.in/gEw29Jz5

Rishiraj Mukherjee’s article:

A Word to CIOs for Leveraging AI in Promotional Products

Rishiraj Mukherjee, CIO, Hit Promotional Products
Rishiraj Mukherjee, CIO, Hit Promotional Products

I am a dynamic technology executive with over ten years of experience driving digital transformations, defining organizational strategies, and modernizing processes and solutions. My expertise encompasses machine learning, ERP implementations, IT management, business Intelligence, manufacturing, and supply chain management.

In addition, my background in software development provides me with the knowledge of end-to-end application development, from concept to delivery, and proficiency in data science, core programming, building user stories, and making data-driven decisions. Recognized as a trusted advisor with resilient and empathetic communication skills, I am uniquely able to gain buy-in and align diverse corporate functions under large-scale priorities.

UAE Cybersecurity Leader CPX Acquires Pioneering Cyber-AI Firm spiderSilk
Cybersecurity

UAE Cybersecurity Leader CPX Acquires Pioneering Cyber-AI Firm spiderSilk

Why Privacy Matters More Than Ever Before
Cybersecurity

Why Privacy Matters More Than Ever Before

The Top 5 Questions Keeping CIOs Awake at Night
Technology

The Top 5 Questions Keeping CIOs Awake at Night

Exploring Modern Trends in Workplace Technology
HRM

Exploring Modern Trends in Workplace Technology

Prev Next
CIO TechWorld

Copyright © 2025 CTW

Quick Links

  • Home
  • Technology
  • Vertical
  • Enterprise Software
  • Process
  • Magazines
  • CXO Ladder
  • Authors
  • Events
  • About Us
  • Newsletter
  • Contact Us

Please follow us

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Technology
    • AI/ML
    • API
    • AR/VR
    • Big Data
    • Blockchain
    • Cybersecurity
    • Cloud
    • DevOps
    • IoT
  • Vertical
    • Aviation
    • Construction
    • Education
    • Energy
    • Healthcare
    • Legal
    • Logistics
    • Manufacturing
  • Enterprise Software
    • Asset Management
    • CRM
    • Enterprise Content Management
    • Enterprise Storage
    • ERP
    • HRM
  • Process
    • Procurement
    • Supply Chain
  • Magazines
  • CXO Ladder
  • Authors
  • Events
  • About Us
  • Newsletter
  • Contact Us

Copyright © 2025 CTW