By Rajarshi Bhattacharyya, Chairman and Managing Director, ProcessIT Global.
Technological innovation has become an essential aspect in organizations for business continuity and staying ahead of the curve. Unfortunately, tech-savvy cybercriminals are on the rise too. The growing number of cybercrimes is indicative of the use of sophisticated technologies and tools by attackers to disrupt secure networks. The recent attempted ransomware attack disrupted the operations of SpiceJet leaving passengers stranded at airports due to flights getting delayed. New research from Thales, the French Tech firm says, one in four organizations in India (26%) have experienced a ransomware attack in the last year higher than the global figure of 21%. It is not cheering to know less than half of the Indian businesses (47%) have a formal ransomware plan. With the evolution in cybercrime and the birth of Ransomware-as-a-Service, all techniques and operating models of legitimate businesses are also, unfortunately, getting adopted,
The rapidly evolving threat landscape is outpacing cybersecurity measures and all organizations are vulnerable, it is a matter of only when. Cybersecurity teams now have come to terms with the reality that cyber-attacks cannot be prevented from happening so the only solution to this challenge is to make the business become cyber resilient. With data becoming more pervasive across the organization, securing the data is the responsibility of all involved beyond the IT domain, as well.
To achieve cyber resilience, there should be scalability and flexibility in the approach while being adaptable and on the path of continuous improvement. A robust framework should be established to help the organization to remain cyber-resilient.
Adoption of Zero Trust
With organizations incorporating remote work, hybrid, and multi-cloud environments, it is only Zero Trust Architecture that will work well. Implementing zero-trust measures will improve the data centers, cloud environments, and networks while making them more efficient. Based on the concept of least-privileged access controls and strict user authentication, this approach is already followed by some businesses. The practice of Identity and Access Management (IAM) here ensures users and entities have the necessary access to resources in the organization. Artificial Intelligence for IT Operations (AIOps), enables managing complex IT operations by leveraging Machine Learning, Predictive Analytics, and AI to identify and report IT issues in real-timeThose organizations which are in their mature stage of Zero Trust deployment have reduced the average breach cost significantly. However, there is a growing concern about the lack of subject expertise and skill sets necessary for implementing best practices, especially for micro-segmentation.
Invest in SOAR, SIEM and UEBA
SIEM or Security Information and Event Management is a complex collection of technologies to automatically analyze the security alerts generated by applications and network hardware. This solution is critical in the ever-expanding threat landscape where it identifies risks and events accurately. Just as SIEM helps in providing alerts, the real objective is to act and improve effectiveness by taking the right action and addressing suspicious behaviors. This is made possible by threat intelligence feeds and automating the appropriate responses, which is done by Security Orchestration Automation and Response (SOAR), the next evolution of SIEM.
Alerts are triggered by the User and Entity Behavior Analytics (UEBA) solution, whenever such unusual user or entity behavior is observed. This analytics is becoming very critical with credentials getting stolen in abnormal or unusual approaches.
Leverage XDR and NGFW to protect endpoints
Security teams require granular and deeper visibility across the devices, network, and endpoints, while monitoring and protecting them. XDR (Extended detection and response) solutions are designed to provide enhanced detection and response capabilities. It helps with improved holistic visibility and brings a context to threats, and delivers automated monitoring, detection, and remediation efforts.
By providing capabilities beyond a stateful and traditional firewall the Next Generation Fire Wall (NGFW) has additional features such as application and user control, integrated intrusion prevention, and leverages cloud-delivered threat intelligence feeds. It has additional layers of security built into them and also works together with the security architecture to keep sophisticated threats at bay.