We have realised in couple of years that cyber attackers have reinvented themselves and reworked on their attack strategies, says Balwant Singh, CISO of DS Group.
Q1. What are the valuable lessons learnt from the Pandemic in terms of business disruptions and other factors affecting the business continuity?
Pandemic has made organizations to rethink their digital transformation / upgradation journey as an utmost priority to sustain and thrive their businesses across the globe. Business continuity a subset of information security should be measured and monitored on regular basis which makes it a best practice for corporates to adopt and follow. Pandemic has provided organizations an opportunity to explore beyond their perimeters and fly in cloud, having resilient and secure networks which enables the workforce to work from anywhere. Cloud technologies like SASE, CASB, ZTA provides wings to organizations to make their businesses more secure, flexible, and accessible.
In the last couple of years, digital boundaries have expanded in large scale resulting in increased associated risks. Various aspects like work from home culture, usage of personal and unsecured internet connections, traditional remote access and VPNs, limited scope of monitoring and analysis of human behaviour, have resulted in increased potential threats. Human factor has been considered as the weakest link in cybersecurity and hence an effective awareness and training strategy is required to educate the employees on information security culture.
We have realised in couple of years that cyber attackers have reinvented themselves and reworked on their attack strategies by working on various phishing and identity theft techniques to deceive unsuspecting users and achieving their objectives. Hence Information security teams should go for an efficacious cyber threat intelligence program integrated with machine learning capabilities, indicators of compromise (IoCs) which helps them to identify, protect and respond to potential cyberattacks timely.
Q2. Which are the key security areas that you would identify which will change the course of security Industry?
Cloud Security: Cloud technology has always been a highly discussed topic and has been used extensively in last couple of years in organizations. This has always drawn the attention of cyber attackers who have been exploiting the security vulnerabilities in the cloud.
Emerging technologies like SASE, Zero Trust security, deep learning, collaborated solutions like application development, SDLC, DevSecOps within the cloud have provided intelligent solutions and security. However, these technologies and security measures should also be continuously evaluated, updated and monitored to ensure data in the cloud stays always secure.
Security Automation: Adaptation of various technologies like artificial intelligence, machine learning, and robotic processes have also given an opportunity to integrate these technologies with security tools to automate the tasks with either minimum or no human intervention.
In future, security automation is one of the key technologies which is expected to grow significantly providing proactive solutions for organizations for incident management, threat detection and prevention, data and user behaviour analytics etc.
Q3. How do you see the future of IT Security industry in terms of innovation and sales when there is a slowdown due to global financial crisis?
While the global financial crisis has its negative effect like recessions, business losses and other effects, the crisis also have positive outcomes for the global organizations. Post pandemic, the significance of cybersecurity in organizations has drastically increased due to unprecedented cyber threats and cyberattacks. There was a time when IT Security and other support functions were used to be called as cost-centres which now has replaced with investment centres and being considered as business enablers. CXOs, board members, entrepreneurs have started investing in security projects and start-ups and are coming up with new hybrid security solutions which cover all your security needs under one umbrella.
Business houses are running after advancement and accelerating their digital transformation journey, this has led innovators, entrepreneurs to understand the need and expectations and accordingly lay down the foundation of future cyber security needs comprising of integrated and automated solutions.
As per Gartner’s report, 30% of critical infrastructure organizations will experience a security breach by 2025, this necessitates skilled workforces and technologies like cloud-based security solutions, AI, ML, block-chain, behaviour analytics systems which are playing key roles in making business operations secure and expected to have substantial growth in next few years.
Q4. As ransomware attacks is one of the key cybersecurity concerns for CISOs, how does your organization deal with this security threat?
One of the main concerns for organizations is the ransomware attack which locks down (encrypts) critical data and attackers leave you with no other option but to pay their ransom.
A continuous approach with following good practices may help in safeguarding from ransomware attacks to some extent.
* Build a strategy: A strong strategy can be planned to recover from ransomware attacks. This strategy should be aligned with people (BCP/ERT teams), Processes (Backup & Recovery, Business Continuity / DR Process, Incident Management) and Technology (controls and solutions deployed).
* Keep testing, monitoring and protecting backups: Your organization’s backups are literally the only chance if a ransomware attack takes place. Hence testing, monitoring and protecting your backups from these attacks should be in your organization’s priority list.
* Effective employee awareness and vulnerability management program: Vulnerabilities are not limited to technical assets but also to humans. Lack of cyber awareness, prone to phishing attacks, weak identity and access management, unfiltered web-content access, misconfigurations are the weakest entry doors for attackers. The more the employees are aware of these weakest links of human factor, less are the chances of accidental and intentional breaches, no matter where they are working from.
Q5. How can the stringent frameworks such as Zero Trust Security, least privilege access, and strong identity management help CISOs secure their organization?
A Zero Trust (ZT) model offers a comprehensive and integrated security solution to organization’s entire digital landscape, which helps organizations to ensure secured digital boundaries. Since zero trust model is based on approach “never trust, always verify”, Identity management and least privilege are the key principle concepts integrated with ZT model where resilient Identity management helps to build a security boundary between your trusted and untrusted digital workplaces. To start with ZT model, a strong identity and access management strategy is the first step towards the ZT journey which requires granular level identities identification (subjects and objects), identity verification, authentication and authorization factors. Likewise least privilege enforces granting access based on who needs access, what access is required, why access is required (context of requesting access) and assessment of risks associated with providing access.
Adopting rigorous zero trust model along with effectively managed Identity and privilege management helps organizations to go for a holistic visibility and flexibility of identities, infrastructure, secure remote work culture, reduction in attack surfaces, enhanced end user experience and many more!!