In an exclusive interaction with CIOAXIS, Rohit Rane, Head – Information Security, Nayara Energy, discusses the cyber security challenges of InfoSec leaders during COVID-19 pandemic and how they should gear up to meet the crucial issues in future.
1) In the context of uncertainty of COVID-19 Pandemic, what are the key cyber security challenges that InfoSec leaders are experiencing?
During the COVID-19 Pandemic, there have been a significant rise in the number of ransomware, spear phishing and social engineering attacks on organisations and government bodies across the globe. Cybercriminals are seeking to exploit the current pandemic situation to target companies and individuals for their benefit.
The key cyber security challenges that most of the InfoSec leaders are experiencing are:
a. Limited or no visibility and control on end-points to contain attacks emanating from them.
b. Struggle to maintain cyber hygiene on end-points for formidable stand against the attacks since they are not connected to corporate network.
c. Restrictions on continuous monitoring and incident response on end-points as they are connecting through untrusted WiFi to corporate network and data resources.
d. Maintaining same security capabilities on end point as compared to that in corporate network to prevent or contain attacks and restrict potential frauds.
2) Businesses have been exposed to greater cyber security risks due to Work From Home (WFM) — in this context, what are your recommendations to stay secure from WFH cyber threats?
In the current pandemic scenario, the strategy should aim to maintain a balance between productivity and security. For this, the following process are required to secure from WFH cyber threats:
a. Perform a fresh Risk Assessment for the WFH scenario and understand the threats to your organization. Work with business teams to identify likely attack vectors related to remote/virtual working and prioritize the protection of their most sensitive information and business-critical applications.
b. Provide the security capability to all corporately owned or managed devices, extending the same network security best practices that exist within the enterprise network to all remote environments.
c. Security teams should provide a clear cut security policies for home-working users so that it would be easy for them to follow those policies and stay secure.
d. Run an email awareness campaigns for all users to ensure they are made wary of COVID-19 scams and users should reach out to internal security team in case they come across any such online scams or suspicious activities.
3) How do you see the future of IT Security Industry in terms of innovation and sales when there is a slowdown due to global financial crisis?
Regardless of the Pandemic situation, cyber criminals will continue to find new innovative ways to attack company network. Hence the IT security team should continue to innovate and plan and deploy counter-attack strategies / solutions.
In testing times of global Pandemic, InfoSec leaders should not let their guard down and look out for the upgrading their existing cyber security capabilities with more sophisticated cyber security solutions involving AI & ML to counter the sophisticated cyber attacks.
The IT Security Industry will continue to grow and expand in future.
4) Which are the key security areas that you would identify which will change the course of security Industry?
With a major shift in strategy of organisations to migrate to cloud native solutions and applications as part of Digital Transformation Journey, the following security areas will change the course of security industry:
* Rapid adoption of Zero Trust framework,
* Adoption of SASE framework,
* Security automation, Artificial Intelligence & Machine Language,
* Browser Isolation proxies.
We love to hear from our readers. Send us an email at writetous@cioaxis.com / writetous@cisoconnect.com
Disclaimer: The views expressed in this Interview belong solely to the author, and does not represent or reflect upon the views of his organization.