- Please tell us how the threat landscape has altered in the last 12 – 18 months, especially last year after the pandemic.
Remote working guidelines have put archaic models of corporate networks to test, as organizations
look to ensure availability of the same sensitive, corporate data and resources in environments outside of the secure corporate infrastructure. In doing so, many businesses have discovered, often times a little too late, that the architectures they have in place are not prepared for the scalability and security challenges of a decentralized workforce. To this effect, threat actors have intensified their efforts in exploiting the situation with Covid-19-themed ransomware, RDP exploits, scam URLs and spam designed to lure remote workers into clicking unverified links or opening insecure attachments.
Our report from Q4 2020 examined cybercriminal activity related to malware and the evolution of cyber threats in Q2 2020 and saw an average of 419 new threats per minute as overall new malware samples grew by 11.5%. We also observed nearly 7.5 million external attacks on cloud user accounts.
All through 2020, we detected the emergence of phishing campaigns exploiting pandemic themed messaging to deliver malware and trojans, as the workforce learnt to adjust to a remote working culture. Ransomware-as-a-Service strikes continued to pursue healthcare, financial and corporate targets. Mobile threats ranging from ransomware samples, to spy agents in android apps, misusing keywords linked to the pandemic also witnessed an increase. Using spear-phishing techniques, cybercriminals are targeting select employees to gain access to critical information like staff credentials, customer data, intellectual property, and more.
- Is cybersecurity the topmost priority of CEOs – where are the gaps, if any?
With the onslaught of high-profile, organised cyberattacks, putting corporate reputation and valuation at risk, CEOs are now noticing the importance and realizing the value of cybersecurity. In the event of a breach, the board holds the CEO, and in some cases the entire executive team responsible. This makes it apparent that responsibility for thwarting a cyberattack is steadily being seen as a broader business concern.
Every business needs a tailored, comprehensive, and holistic approach to cybersecurity. This holds true for organisations where information and its security are not elements of the business; they are the business. The CEO today plays an expanded role in managing a company’s ‘security health’. They are now realizing that security is a key business risk that must be minimized in order to maximize goals like customer trust, stakeholder value, brand reputation and growth. Cybersecurity has increasingly found a permanent place in the CEOs priority list as it is one of the top pillars supporting digital business transformation.
While CEOs, boards members and CISOs earlier had parallel paths, they are now taking the journey to cyber maturity together, discussing the connected nature of cyber risk and business reputation. As we head into an increasingly unsafe digital world, it is imperative that the board becomes more technology aware, takes more direct ownership of cybersecurity and becomes more security-savvy as their organizations undertake greater digital transformation.
- A deep-dive on the ecosystem – please take us through the industry and its dynamics.
There couldn’t have been more turbulent times for the industry post the outbreak of Covid-19. The stay-at-home orders and lockdowns across the globe, have forced the industry and citizens to adopt a virtual life-work style at a scale that has been unprecedented. The digitization that would have typically taken more than five years has taken place in just a few months as most activities transitioned online.
And unsurprisingly, cybercriminals have seized on the increased opportunities for their nefarious gains in this highly networked, vulnerable digital environment. Cyberattacks have increased exponentially.
State-sponsored cyberattacks, as evidenced by the latest, highly sophisticated Solarwinds hack for example, is on the rise. Fake news and social media mis-information campaigns are at their highest levels leading even to citizen unrest across many nations.
The misuse of the internet and digital information is a serious cause for concern that requires nations to come together to combat this menace, that is assuming alarming proportions in a world where information has no borders.
It is humanly impossible to combat cyberattacks without the right tools and the right degree of caution that requires a trained mindset and heightened alertness. Remember, in the world of war, what you can’t see is your most formidable enemy and that couldn’t be truer in cyberspace. The need for cybersecurity across devices, network and cloud has never been greater. Today, protection and appropriate, secure management of digital information has to take the highest priority given its large-scale impact on both industry and society.
In short, co-operation and the right cybersecurity framework across citizens, industry, state and nations is the need of the hour to make this medium which is otherwise so hugely beneficial to be a platform of safety that everyone can operate on and benefit from.
- How does cybersecurity need to be addressed in Cloud Computing?
Cloud computing has empowered organisations to accelerate their business with more agile technology at a moderate cost. However, security of data has also been in the limelight as businesses migrate to cloud-based platforms. Potential cloud computing security vulnerabilities could stretch across the entire enterprise and reach into every department, every employee and device on the network. This means, security needs to be robust, diverse, and all-inclusive.
The primary step in cloud security should focus on understanding and measuring current preparedness along with evaluating risk. Identifying sensitive or regulated data, understanding its accessibility and shareability, discovering shadow IT, securing connections, auditing infrastructure-as-a-service (IaaS) configurations and setting limitations on how data is shared can mitigate both internal and external data loss.
Once the cloud security risk posture is set in place, the second phase involves applying data protection policies, encrypting sensitive data and limiting it from moving to unmanaged devices, to strategically applying protection to the entire cloud infrastructure. In the third phase, enabling controls for additional verification for high-risk access scenarios, adjusting cloud access policies to handle with new services and removing malware from a cloud service can help security managers address security challenges on an ongoing basis.
Application of technologies such as CASB (Cloud Access Security Broker) further cement organisational attempts in enabling data loss prevention, access control, and user behaviour analytics. To improve the organisation-wide cloud computing security strategy, it is essential to develop a comprehensive approach that is all-encompassing, yet flexible enough to quickly respond to new threats and cloud security challenges.
- Policy recommendations that you have for India.
As India accounts for close to 761 million internet users as of 2021, concerns around data protection and cybersecurity have come to the fore. At a time when ‘Right to Privacy’ is recognised as a fundamental right making it imperative to protect personal data, the Personal Data Protection (PDP) Bill, is India’s first and most significant effort to domestically legislate on the concerns of data protection. The India PDP Bill explicitly advocates protection of autonomy of individuals, concerning their personal data and upholds enforcement of data sovereignty.
With the PDP setting out stringent policies for collecting, processing, and securing personal data, it also makes the IT industry’s compliance levels far greater. This presents an opportunity for businesses to ramp up their systems, policies, and overall IT infrastructure. For individuals, it puts the ownership of their data in their own hands, ensuring right to data portability.
Even in the face of the most anomalous global pandemic, much has been talked about the PDP, undeniably presenting a huge opportunity for India to make privacy a competitive advantage and be recognised as a global enabler of digital enablement. This bill is set to be a landmark legislation that would revolutionise the country, as it brings India in the same league with progressive countries that explicitly guarantee privacy as a fundamental right. As India looks to build a proactive approach towards data protection laws, the proposed PDP Bill is a right step in that direction.
Additionally, law enforcement – both from a detection and conviction standpoint needs to be improved with the right resources and funding as the technologies being used by the criminals are extremely sophisticated and require specialised skills and tools. Traditional methods of forensics and data handling are often no longer relevant.
This story – possibly fictitious, of a policeman who punched holes through CDs, and tied them in a knot when asked to bring the evidence files, illustrates how traditional methods no longer work and there is increased need for training and handling data.
Cyber training for citizens is the critical need of the hour. With digital transactions on the upswing, we have to recognise that citizens, especially of rural India are not adequately equipped to handle digital information and can be conned very easily resulting in huge impact to their lives. We need a strong, robust, scalable, localised content that is easily available for consumption in a manner that the common people understand the vulnerabilities and therefore use the right tools and mindset to stay safe online.
Finally, policies should enable equal digital opportunities for all, including incentives especially for school children to be able to have affordable digital education and access to digital assets. If not, the digital divide would only widen the societal divide leaving millions of citizens out of the digital ecosystem which is now increasingly becoming a necessity for survival.
- Your comment on talent development specific to cybersecurity and how do we get there. The focus areas?
While cybercrime grows exponentially, the dearth of cybersecurity talent is a challenge for every industry sector. A cloud-first strategy puts different strains on the network and requires a rethinking of methodology, a skill set not yet abundant in the talent pool. The competency shortage amplifies the already complex task of managing a range of cybersecurity risks. High-value skills are alarmingly short in supply, the scarcest being secure software development, intrusion detection and attack mitigation.
There is a sophisticated, well-funded and highly organized underground criminal network that fosters innovation. As defenders, we need to match that. Despite the boom in the IT sector, cybersecurity talent can be hard to recruit and retain and there is a dire need for well-equipped security engineers.
To overcome this, the IT industry must invest in skills growth and development that keeps pace with emerging technologies, groom talent internally and look at upskilling and reskilling the current workforce. Another way of getting there, is by looking outside traditional talent pools, rolling out training programs for a broader employee-base and investing in external managed security, and third-party support services to fill gaps and improve overall cybersecurity posture.
From an education perspective, a bachelor’s degree is usually considered as an added advantage to enter this field. However, cybersecurity-specific offerings in higher education are scarce and cybersecurity as an academic discipline is often inaccessible to students. Our education system will potentially need to evolve, to offer a more structured cyber security curriculum, built into the system which in turn helps build more cybersecurity trained engineers for the industry.