“As new cyber threats emerge daily, the threat landscape changes accordingly. So, it can be difficult for organizations to keep up with the latest threats. ”Srinivasan Mahalingam, CISO, C Square Info Solutions Pvt Ltd (A subsidiary of Reliance Retail Limited)
Over the past twelve months, 85% of organizations were attacked at least once; up from 76% in last year. IT leaders feel they aren’t sufficiently protected and as IT environments continue to grow more complex and demanding, it’s now obvious that Modern Data Protection must be integrated into the overall cyber preparedness plan. Enterprise IT World spoke to Srinivasan Mahalingam, CISO, C Square Info Solutions Pvt Ltd (A subsidiary of Reliance Retail Limited). With more than 15 years of experience in information security, Srinivasan understands the security landscape much better than many of us. Excerpt.
How do you see the threat landscape evolving in 2023?
The Constant evolving nature of cyber threats is directly proportioned to cyber threat landscape. As we know Ransomware and cyber extortion will remain among the top cyber threats in 2023. When you are at threat, you will always be the target. which can include anything from malware and phishing attacks to ransomware and data breaches.
As new cyber threats emerge daily, the threat landscape changes accordingly. So, it can be difficult for organizations to keep up with the latest threats.
Thread is stronger than the execution because it encompasses the whole range of potential and identified cybersecurity risks impacting user groups, corporations, certain sectors, or a given timeframe. So, evolution of Cyber thread landscape remains incessant & Perpetual.
What are your major challenges?
The threat landscape is constantly evolving, and organizations face a wide range of challenges to maintain effective cybersecurity. Some of the major challenges of the threat landscape include:
- Increasing sophistication of attacks: Cybercriminals are becoming more sophisticated in their attack methods, using advanced techniques such as social engineering, artificial intelligence, and machine learning to bypass traditional security measures.
- Insider threats: Insider threats, whether intentional or accidental, can pose a significant risk to organizations. Insider threats can include employees, contractors, or third-party vendors who have access to sensitive information or systems.
- Rapidly evolving technology: As technology continues to evolve at a rapid pace, organizations struggle to keep up with the latest security solutions and best practices.
- Compliance requirements: Organizations are required to comply with various regulations and industry standards related to cybersecurity, such as HIPAA, PCI-DSS, and GDPR, which can be complex and time-consuming.
- Lack of skilled cybersecurity professionals: There is a shortage of skilled cybersecurity professionals, making it difficult for organizations to build and maintain effective cybersecurity teams.
- Increased use of mobile devices and the Internet of Things (IoT): The proliferation of mobile devices and IoT devices has expanded the attack surface for cybercriminals, making it more difficult for organizations to secure their networks and data.
- Budget constraints: Many organizations struggle with limited budgets for cybersecurity, making it challenging to invest in the latest technologies and hire skilled cybersecurity professionals.
Overall, these challenges underscore the importance of a comprehensive and proactive cybersecurity strategy to address the evolving threat landscape.
What are your strategy to keep your organization safe?
Every Organizations must implement “robust thread landscape management strategy”. One of the Key components of this strategy is to regularly monitor and assess the thread landscape. e.g. subscribing to threat intelligence feeds, conducting regular threat assessments, and monitoring social media and other online platforms for potential threats.
Secondly, implementing adequate security controls such as firewalls and intrusion prevention systems (Technical controls) & employee awareness training and incident response plans (non-technical controls)
Finally, some of the implementations likes respond and mitigate threats when they occur, regularly conducting vulnerability assessments & penetration testing (VAPT) helps in identifying weaknesses before they can be exploited by attackers and robust policies and procedures in place for managing cyber threats.
In addition to these strong leadership and governance by having dedicated cybersecurity staff and resources, as well as establishing clear roles and responsibilities for managing cyber threats. By implementing these measures, organizations can better protect themselves against the constantly evolving threat landscape and reduce the risk of a successful cyber-attack.
How cyber security is being perceived by your management in today’s scenario?
In general, many organizations today consider cybersecurity a top priority. With the increasing frequency and sophistication of cyber-attacks, organizations have recognized the importance of protecting their digital assets and sensitive information from theft, damage, or unauthorized access.
Moreover, the COVID-19 pandemic has further highlighted the importance of cybersecurity, as remote work and digital communication have become the norm, and cyber criminals have taken advantage of the situation to launch more attacks. Many companies have implemented or increased cybersecurity measures to prevent breaches and minimize the risk of cyber-attacks.
In summary, cybersecurity is increasingly being recognized as an essential aspect of modern business and is often a top concern for management in many organizations.
Insider threat is a big area of concern for all organization, what are you doing to prevent this.
An insider threat is a security risk that arises within an organization. statistics reveal that more than 34% of businesses around the globe are affected by insider threats yearly and 66% of organizations consider malicious insider attacks or accidental breaches more likely than external attacks.
Firstly, detect an insider threat: To provide secure cyber security against an insider threats, you must monitor “unusual behaviour” and “digital activities”.
Signs of Behaviour
There are several signs of an insider threat that should be kept an eye out for, including:
- A disappointed or unsatisfied employee, contractor, vendor, or partner.
- Efforts to get around security.
- Working off-hours on a regular basis.
- Shows anger towards co-workers.
- Violation of organisational policies on a regular basis.
- Consider resigning or discussing new opportunities.
Signs of Digital
- Logging into company apps and networks at odd hours.
- Increase in network traffic volume.
- Having access to resources that they normally do not have or are not allowed to have.
- Accessing information that is irrelevant to their work function.
- Requests for access to system resources that are unrelated to their job purpose.
- Employing unapproved devices, such as USB drives.
- Crawling the network and searching for sensitive information on purpose.
- Sending critical information outside the organisation via email.
Protect Against Insider Attacks
- Develop a comprehensive security policy: Organizations should establish clear security policies and procedures that define acceptable use of company resources, handling of sensitive data, and access controls. This policy should be communicated to all employees and contractors and enforced consistently.
- Conduct background checks: Conducting thorough background checks on all new employees, contractors, and vendors can help identify any red flags before granting them access to sensitive data or systems.
- Limit access to sensitive data: Organizations should implement a least privilege approach to access controls, meaning employees are only given access to the data and systems they need to do their job, and access is removed or adjusted when no longer required.
- Monitor activity: Organizations should monitor employee activity on their networks and systems, looking for unusual or suspicious behaviour that may indicate an insider threat.
- Provide cybersecurity awareness training: Regular cybersecurity training for employees can help them identify potential security risks and protect sensitive data.
- Encourage reporting of suspicious activity: Organizations should encourage employees to report any suspicious activity or security incidents they observe.
- Implement data loss prevention (DLP) technology: DLP technology can monitor data movement and detect when sensitive information is being accessed, copied, or transmitted outside the organization.
These are some of the steps that organizations can take to prevent insider threats. However, it’s important to note that preventing insider threats requires a combination of technical controls, policy and process changes, and employee education and awareness.
People are talking about zero trust access. Do you also believe that zero trust strategy should be there in every organization?
Philosophically, everybody wants to implement zero trust. But practically it is very challenging to enable.
Zero trust access is a security model that assumes that every user, device, and application is untrusted, regardless of whether they are inside or outside the organization’s network perimeter. It aims to prevent unauthorized access to data and resources by continuously verifying the identity and security posture of every user and device before granting access.
Implementing a zero-trust strategy can help organizations enhance their security posture by providing granular access controls, reducing the risk of data breaches, and improving compliance with industry regulations. It can also help organizations detect and respond to security incidents quickly by continuously monitoring user and device behaviour.
However, implementing a zero-trust strategy requires a significant investment of time, effort, and resources, and may require changes to the organization’s infrastructure, processes, and culture. It is important for organizations to carefully evaluate their security needs and capabilities and consider the potential benefits and challenges of implementing a zero-trust strategy before making a decision.
What is your overall learning from various other organizations that you want to implement in this new organization.
- Implement a comprehensive cybersecurity program: Organizations should implement a comprehensive cybersecurity program that includes policies, procedures, and technical controls to protect their assets from cyber threats. This program should be reviewed and updated regularly to ensure it remains effective against emerging threats.
- Conduct regular cybersecurity training: Organizations should provide regular cybersecurity training to their employees to help them understand the importance of cybersecurity and the role they play in protecting the organization’s assets. This training should cover topics such as phishing, social engineering, and password security.
- Use strong authentication and access controls: Organizations should use strong authentication mechanisms such as two-factor authentication and access controls to restrict access to sensitive data and resources.
- Regularly update and patch systems: Organizations should regularly update and patch their systems and applications to address known vulnerabilities and reduce the risk of cyber-attacks.
- Regularly monitor and audit systems: Organizations should regularly monitor and audit their systems to detect and respond to cyber threats. This includes implementing intrusion detection and prevention systems, monitoring for unauthorized access, and conducting regular vulnerability assessments.
- Develop and test incident response plans: Organizations should develop and test incident response plans to ensure they can quickly and effectively respond to cyber-attacks and minimize the impact on their business.
These are just some of the best practices that organizations can consider enhancing their cybersecurity posture. It is important for organizations to continuously evaluate and update their cybersecurity practices to address emerging threats and stay ahead of cyber criminals.