Malicious actors on the prowl; Don’t let your guard down, ever!

Soma Tah & Ashok Pandey 

The enterprise attack surface has grown exponentially during the New Normal of Work. Remote work, virtual meetings along with digitalization and cloudization at a rapid pace, proliferation of IoT unleashed a whole new set of cyber attack tactics, but many organizations have been slow to adapt to the new security climate.

Over the last few years, Cloud and Datacenters, in particular, have grown in importance, ensuring that shared access to applications for companies and their distributed workforce remains seamless. More broadly, the pandemic has accelerated the adoption of hybrid cloud, microapps, and hybrid work models, forcing enterprises to rethink their security postures.

Network deployments in Indian enterprises have changed dramatically. For example, in the manufacturing sector, the Internet of Things (IoT) and IT-OT convergence have had an impact on how networks and data center architectures are designed to keep up with the influx of data from applications and devices.   

The growing affinity to digital, cloud, IoT, and the rise of shadow IT have added new levels of risk, complexity and cost to securing an organization’s data and intellectual property. Organizations of every size must nowadays fight a wide range of increasingly sophisticated threats, including advanced persistent threats (APTs), cybercriminal activity, spam and malware. At the same time, many are also grappling with tighter budgets and don’t have the resources to easily address this.

However, despite having safeguards in place, cybersecurity breaches, particularly those caused by human error, continue to be a problem for business continuity plans. The industry is still seeing phishing and ransomware attacks, in which confidential records and customer information are stolen and sold to the highest bidder, causing irreparable damage to corporate reputations. This begs the question - are these companies overlooking something fundamental in their approach to cyber security? 

Harshil Doshi, Director- Sales, India & SAARC, Securonix said, “Security teams are no strangers to an ever-changing threat landscape. However, the challenges brought in by the pandemic have overwhelmed SOC teams and significantly compromised businesses. New-age threat vectors have majorly risen from the accelerated adoption of cloud by companies working remotely. As a result, the traditional solutions used for threat detection and response have become obsolete.” 

Akarsh Singh, CEO and Co-Founder, TSAARO said, “Competitors may hire hackers to conduct corporate espionage or overwhelm your data centers with a Distributed Denial of Service (DDoS) attack to disrupt operations, impair sales, and drive consumers away. Hence, it has become necessary to safeguard your organization’s systems from such threats.” 

Enterprises need to revisit their security postures in 2022

The threat landscape continues to evolve at a frightening pace. Hence, businesses need to remain vigilant and implement innovative technology to amplify their overall security posture. Cyber perils are one of the biggest concerns for enterprises in 2022. “In order to curb cyber risks, it is imperative that every enterprise invests in educating their employees about their role towards becoming Cybersmart. A vigilant security posture calls for a unified cloud security platform, performing a thorough security review on every existing tool/solution across the enterprise and the adoption of new ones while being onboarded,” said Satya Machiraju, VP, Information Security, Whatfix.

“Organizations are evolving and rethinking their approach to security to ensure resilience. They are realizing that as they may move to embrace hybrid work, their security posture needs to evolve as well,” said Rashmi Chandrashekar, Director- DXC Security, GIDC, DXC Technology.   

An enterprise's security posture refers to a comprehensive cybersecurity readiness status of an organization. There are several challenges in terms of  threat analysis, managing identity and access, endpoint security, application security, cloud security, data security, etc. to name a few.   

Endpoint Security: 

The combination of the work from anywhere and the growing sophisticated threat landscape underscores exactly how important endpoint security is for organizations to secure their infrastructure and users. However, managing endpoints and securing them across various environments is a well-known challenge for enterprises. If you do not have a solution that provides visibility and reduces your response time during an outage or business disruption, you’ll spend a good chunk of your day in troubleshooting and mitigating.   

Anthony Di Bello, VP, Strategic Development, OpenText said, “It’s more important than ever to ensure security operations have visibility into endpoint and network activity occurring across the enterprise. Attackers are well funded and motivated to keep up the relentless pace of attacks. Adoption of Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) technology that empowers analysts to detect and hunt for threats across the enterprise is more critical than ever.” 

However, a patchwork approach of EDR bolted on to traditional Endpoint Protection Platforms (EPP) is simply no longer sufficient for today’s digital organizations and work from anywhere approach. EDR has now evolved to eXtended Detection and Response (XDR), and is increasingly being identified as the technology required to safeguard a company’s endpoints. While EDR focuses on endpoint security, XDR takes a more holistic approach to security – and works across endpoints, cloud infrastructure, mobile devices, among others. It also helps in easier monitoring by utilizing new-age tools such as artificial intelligence and machine learning to provide accurate analysis and reporting of threats.  

A unified endpoint security solution must be designed from the beginning to take a behavior-based approach to pre-infection and post-infection protection as well as detection and response. This unique combination is more effective at stopping breaches and preventing ransomware encryption attacks because it blocks, detects, and defuses threats automatically.  

Application Security:

While applications are the backbone of today’s modern organizations, they are also the focal point for data breaches. Cyber threats disrupt customer experience and cost businesses more than $100 billion a year. So regardless of industry and business size, protecting apps, wherever they reside, is critical to an organization’s security.  

88pc of organizations operate both legacy and modern application architectures, while 70pc operate in multiple clouds. This expands the threat surface area as companies are forced to deploy separate, and often inconsistent, security controls across different environments. Also, as apps evolve and API deployments increase, selective coverage is no longer enough.  

Dhananjay Ganjoo, MD- India & SAARC, F5  

Applications require highly accurate protection for web application firewall (WAF) and API security against DDoS and malicious bots. To dramatically simplify operations, businesses must reduce the number of point solutions and enforce a centralized security policy across the entire estate of apps. 

Anand Naik, Co-founder & CEO, Sequretek

Application security considerations bring a fundamental change in approach for how new applications are written and consumed by enterprises. Reducing the attack surface by identifying and fixing security flaws (e.g. open port communications, non-encrypted data flows etc) helps organizations achieve better security posture.

Cloud Security

Cloud environments are becoming increasingly popular as a target and effective cloud security management is essential to ensure business continuity, protect revenue and confidential data. Mandiant predicts that cloud compromise and abuse will continue to grow in tandem with enterprise cloud adoption throughout 2022. 

As organizations build cyber resilience in an increasingly sophisticated threat landscape, cloud compliance and security will rise in prominence. Having said that, the coming year will still remain challenging in terms of cloud security. According to recent research by McAfee Enterprise and FireEye, the top three cyber risks of 2022 that are the most threatening to businesses in India will continue to be malware attacks, data breaches, and cloud jacking.

Balaji Rao, Country Manager- India & SAARC, Mandiant

We suspect that organizations using cloud and cloud-hosted providers may become more vulnerable to compromises, as well as errors, vulnerabilities, misconfigurations or outages affecting cloud resources.

Saurabh Seth, VP, eSec Forte Technologies

Businesses also create siloes between cloud and on-prem and between different teams that have shared responsibilities. Besides, there are a few loopholes in terms of Data classification, Access controls, technology silos, Insecure APIs, misconfiguration, lack of visibility that make Cloud even more vulnerable.

Arun Balasubramanian, MD- India & SAARC, ServiceNow

In a hybrid work environment, a single data model and integrated cloud platform capabilities are essential for productive business. Centralized traffic analysis, network monitoring, and web filtering require fewer policy and software updates, freeing up time for more technical work rather than monitoring multiple systems. Governments and businesses realize the benefits of linking digital foundations to cyber security strategy. Boards understand cyber security risks are a business risk and that if you don’t have the right visibility of your cloud environment it is difficult to monitor, protect and respond to incidents and potential breaches.

Vishak Raman, Director, Security Business, Cisco India & SAARC

As more companies move their workloads to the cloud, the traditional way of protecting digital assets is no longer enough. Today's cloud requires security that is easy to deploy, use and maintain and builds intelligence into every control point. It requires a zero trust framework, cloud-based security technology, and intelligent security automation to brace the emerging cyberattacks. According to a Cisco study, nearly 60pc of organizations in India are expanding their investments in cloud-based security technology plans.

Cloud Security Posture Management (CSPM) can help to adequately address security risks across various cloud environments. Also, cybersecurity concerns can be dealt with programmatically, with solutions and approaches like the ‘Security as Code (SaC)’. 

Data Security

Data Security continues to be a challenge as there has been a shift of the business networks to the Internet. As businesses are expected to adopt a data-driven approach from system-based forecasting and automation driven by AI, data is now likely completely embedded within every process, from decision-making to end-to-end interaction. Amidst all this, managing data effectively and ensuring data security is anticipated to be critical for every organization. 

Also as remote work models shift to ‘hybrid work’ models, organizations have stepped up the use of cloud-based collaborative tools for enhanced flexibility, but often with inadequate protection measures. This has vastly increased the risk of sensitive data getting compromised, 

It is important to understand that security isn't the only team responsible for data security. They may have a specific data security solution for which they have the approved budget, but that does not make them solely responsible.  

Anshuman Sharma, Senior Manager & Head Investigative Response, APJ, Verizon

Thoroughly review authentication, encryption and patching policies and ensure that the data at rest and in transit is encrypted. Most importantly, do not keep all eggs in the same basket to ensure that the data encryption keys are not stored within the same database. Organizations must also monitor excessive data transfer and out-of-hours use. 

Network Security

Organizations are developing hybrid IT architectures, comprising data centers, campuses, interconnecting branches, home offices, and multi-cloud deployments. This has led to an expanded attack surface while the intensity and sophistication of cybercriminals continues to increase.  

To address this challenge, organizations need to adopt a security-driven networking approach that weaves core security capabilities combined with actionable threat intelligence deep into every environment of their network.   

Rajesh Maurya, Regional VP, India & SAARC, Fortinet 

A security-driven networking strategy enables organizations to have complete visibility across their entire network—from the core, out to the branch, the cloud, the home office, and the emerging edge—helping them to keep relevant, competitive, and resilient. With security woven into their core, networks can also evolve, expand, and adapt to the next generation of digital innovation, including hyperscale, hyperconnectivity, and 5G+ environments. 

Rajesh Kumar S, Head- Systems Engineering Enterprise & Govt., Juniper Networks 

As attack surfaces grow because of a distributed workforce, companies must consider how AI and automation can fundamentally shift network operations from reactive troubleshooting to proactive remediation, minimizing the risk and impact of cyberattacks.” 

Debasish Mukherjee, VP- Regional Sales, APAC, SonicWall  

To combat growing security challenges, more organizations are migrating away from traditional firewalls that focus only on stateful packet inspection (SPI) and access control rules to next-generation firewalls. New Gen Firewall’s (NGFW) have transformed network security by providing more robust protection against emerging threats. In addition to traditional firewall features, NGFWs feature a tightly integrated intrusion prevention system (IPS), real-time decryption and inspection of TLS/SSL sessions and full control and visualization of application traffic as it crosses the network.” 

Embracing Zero-Trust: 

To effectively combat cybersecurity threats in the coming year, organizations must make cybersecurity a business priority. However, many enterprises are still approaching security with the outdated notion of a protected, firewalled corporate network. The first step businesses can take to strengthen their cybersecurity posture is to reframe their security strategy to focus on both external and internal attacks. This means moving away from the old perimeter-centric approach to security, towards a Zero Trust model that focuses on granting the right people the right access at any time, regardless of location.   

One of the key shifts that we are witnessing is that organizations are accelerating the switch from VPNs to Zero Trust Network Access (ZTNA) to increase business resiliency and foster end-user productivity. Fundamentally, ZTNA runs on the principle of “trust no one” and determines if a user or device is suspicious by looking at several factors, including the user, device, network, and access request at a particular moment in time. In fact, as reported by Gartner, 60pc of businesses will phase out their VPN and replace them with ZTNA by 2023. 

Prakash Maharaj, Regional Sales Manager, Jamf, India said, “As work landscapes continue to evolve, organizations have internalized the importance of building an infrastructure that is not just result-focused and collaborative, but also offers uncompromising security. With hybrid work becoming the new norm, we will see a lot more organizations, hospitals, schools, etc. adopt advanced security models like ZTNA in order to create a robust data protection strategy.   

Alok Khandelwal, MD, Accenture Security Lead- Advanced Technology Centers, India

Implementing offensive security frameworks and Zero Trust with a strong focus on digital identity will also be crucial towards building a strong enterprise security architecture. 

Vishal Salvi, CISO & Head- Cyber Security Practice, Infosys 

Built on the least privilege access policy, zero trust security is the need of the hour for enterprises looking to securely fasten their pace of digitization. With identity becoming the new perimeter, zero trust is the only way forward to maintain a strong security posture.

Huzefa Motiwala, Director- Systems Engineering, India & SAARC, Palo Alto Networks

To deploy Zero Trust effectively, companies must adopt a platform approach that leverages next-gen, cloud-delivered tools for better visibility, continuous validation, and automated protection. Relying on such tools is especially important given the lack of cybersecurity staffing and expertise in SMEs. 

Nitin Varma, MD- India & SAARC, CrowdStrike 

Modern organizations need a cloud-native, holistic end-to-end platform approach to tackle and remediate threats quickly. Effective counter measures that CISOs can initiate today include integrating a managed threat hunting program to help stop the most sophisticated threats before they turn into breaches and establishing an identity-centric Zero Trust architecture.    

Sumit Srivastava, Solutions Engineering Manager- India, CyberArk  

With endpoints having migrated outside of the perimeter, security has not necessarily kept up with these altered circumstances, while the need to access corporate data and assets has not changed, even while working remotely. This is why a Zero Trust approach, allied with least privilege principles, is essential to secure the identities and access on endpoints to address the risks associated with these assets. Failure to implement this approach will significantly ease an attacker’s job. 

“Embarking on a least privilege strategy and the adoption of zero trust tactics requires a platform approach with products that are integrated by design. In practice, traditional multi-vendor strategies are simply too complex and incapable of addressing the volume, variety, and velocity of data and threats found in today’s networks. ZTNA solutions need to be tightly integrated. You can then implement least privilege strategies by identifying and classifying all the users and devices that seek network and application access, assessing their state of compliance with internal security policies, automatically assigning them to zones of control, and continuously monitor them, both on and off the network, said Rajesh Maurya of Fortinet.

However, organizations still face a couple of challenges in implementing zero-trust frameworks. Mike Engle, Chief Strategy Officer, 1Kosmos shares some best practices, which help them navigate those challenges.

-For Zero Trust, organizations need to understand what access users request, where the system is located, when the user needs access, and why. Verifying that the user is who they claim to be is perhaps the biggest and most fundamental challenge.

-Many organizations are augmenting passwords with multi-factor authentication (MFA). Unfortunately, these still don’t prove identity and are vulnerable to SIM jacking, phishing, and account compromise. They also deliver a relatively poor user experience.

-Biometrics are progressively being adopted to replace passwords. However, to verify a user’s identity, they need to be validated during enrollment. Otherwise, “whose biometric is it?” remains unanswered.

-Biometrics require anti-spoofing measures; meanwhile, systems that capture them should be certified to standards (e.g., FIDO2, NIST 800-63-3, and iBeta) to help ensure they can’t be spoofed or stolen and are free of decisioning bias.

-Depending on the use case, identity proofing should be flexible enough to support varying levels of identity assertion by matching a verified biometric to government credentials or using pre-verified telecom, banking, and/or corporate credentials. This continuous verification of user identity at every login is required for true Zero Trust.

Pick your tools carefully

Enterprises today need solutions that are flexible, evolve quickly, and combine the troika of prevention, detection, and response, and thus, provide robust protection against a wide-ranging web of threats. Additionally, through a single integrated platform, organizations can segment their data and secure servers on-premises and off, in hybrid or multi-cloud environments. Such a platform can create granular access policies based on user, device, and application to enforce least-privileged access, thus significantly reducing the risk of bad actors invading from endpoints. 

Filip Cotfas, Channel Manager, CoSoSys said, “When organizations are looking to deploy security solutions, they should opt for tools that are easy to deploy and don’t affect the productivity of the employees either. In order to protect sensitive data, the first step is to understand the organization from a data and user point of view and then, choose the right tools.” 

Sachin Bhalla, VP, Secure Power, Schneider Electric, India & SAARC said, “If a business lacks the in-depth experience or resources needed to combat today’s relentless cyber-attacks, specialist services can help in adopting and enforcing more holistic security postures and keep ahead of emerging threats.” 

Organizations nowadays look out for flexible security solutions, making SaaS a preferred delivery method even for security services.  Nitin Varma, MD- India & SAARC, CrowdStrike said, “The threat landscape continues to evolve at a frightening pace and therefore modern organizations need a cloud-native, holistic end-to-end platform approach to tackle and remediate threats quickly.” 

Technology’s scope in cybersecurity is exponential. Ram Narasimhan, Global Head- AI & Cognitive services, Xebia said, “Big Data is one of them which can strengthen the ability of the organizations to deal with attacks and data breaches. AI & Big Data Analytics can facilitate better detection, risk management, monitoring, and automation. Machine learning algorithms can help with analysis of threat patterns and predictions.” 

Piyush Somani, MD & Chairman, ESDS Software Solution

The increased growth of businesses to a digital base may also contribute to the rising concerns for data security, due to which, it may be required to add more security layers to businesses. With the spread of malware from IT to OT, it may be better for enterprises to pay more attention to asset-focused cyber-physical systems and have a proper system in place to tackle them. 

Sidharth Pisharoti, Regional VP- India, SEA & APJ Carrier, Akamai Technologies  

Enterprises need to put into place a strategy that minimizes the risk of cybercriminals reaching critical assets once defenses are breached. This is where micro-segmentation technology comes in. It acts like a waterproof bulkhead, containing the ‘blast radius’ from a malware attack, by enabling businesses to define security controls down to the individual software and workload level – enabling deep visibility into, and control of data movements. 

Venkat Krishnapur, VP & MD, Trellix

Today’s digital architectures need to be open (allow data to and from multiple sources – internally and externally), have the technology to farm vast amounts of data, mine them using state of the art techniques such as AI and ML in a cloud environment, perform the analytics in almost real time and identify the needle in the haystack that would result in the most positive outcomes from a protection standpoint for customers and Enterprises.

Here are some technology and tools organizations must consider:  

Machine Learning enabling Predictions – The machine learning algorithms combined with data from security systems can help analyze the historical and current data for studying and predicting the threat patterns. This approach can help in finding touch points of attackers before any attacks are executed.

Automation & Monitoring at Scale – A large percentage of cyber-attacks are caused due to the ignorance of employees in any given organization. Employees are unaware of cyber threats in many cases and they do not know how to react in different scenarios, hence they are easy targets for attackers.

Real Time Intrusion Detection – It is hard to monitor and hunt down vulnerabilities in real-time but big data analytics can solve this problem by automating this process at scale. The Intrusion Detection Systems (IDS) can be further enhanced with real time analytics for a comprehensive way to detect any malicious activities happening in the system. These systems block the threats before any attacker gains unauthorized access to the system. For example, we could combine other datasets from proxy logs, good/safe domains and track overall health of the systems. 

Risk Management Reporting – The security insights are important to keep your cyber defenses strong and that’s exactly what analytics and reporting can help us with. Big data analytics collects actionable insights from various data sources and systems to help with root cause analysis. Some of the reporting metrics could be exceptions around authentications, user handling, incidents, tasks during non-business hours etc. 

The level of danger your company confronts is directly related to the strength of your security posture. When you take efforts to examine the state of your company’s security posture, you’re reducing risk just by addressing the problem. Knowing what’s wrong with your security posture is the first step in correcting it. Many security products include questionnaires and evaluations that may be used to analyze a company’s security posture. These assessments aid in determining the level of vulnerability that your assets are exposed to, as well as identifying risks and vulnerabilities, allowing you to prioritize adjustments based on their severity. Certain improvements and adjustments to security policies will have a greater impact on your security posture, therefore prioritize them. 

Here are a few steps to improve security posture:

-Automate real-time inventory management for all of your company’s assets.

-Create a risk ownership hierarchy and assign owners to each risk.

-Continuously monitor assets for vulnerabilities across a broad range of attack vectors, such as unpatched software, phishing, misconfigurations, password issues, and so on, assess the danger of these vulnerabilities, and send them to owners for supervised automatic mitigation.

-Review weaknesses in your security controls on a regular basis and make necessary modifications.

-Define metrics and SLAs for visibility, vulnerability and risk resolution, and security control efficacy, and measure and track them on a regular basis. 

While there is an abundance of threat information available today from threat intel providers, OSINT, dark web, and other sources, security teams find it difficult to correlate and analyze the data they collect about security weaknesses and threat campaigns with the existing gaps in their security capabilities. Akshat Jain, Co-founder & CTO, Cyware said, “It is crucial for security teams to focus on advanced threat analysis to figure out the jigsaw puzzle behind every security incident or potential threat.”

"Rigorous vulnerability management and penetration testing program should be implemented and followed at the network and application level. Oganizations should strengthen threat intelligence and leverage it to conduct threat hunting, said Anshuman Sharma of Verizon. Enterprise needs to focus on implementing security controls involving policies, procedures, and technology to secure cloud infrastructure against external and insider threats, including appropriate network segmentation, identification of shared VPCs, VPN and strong authentication via two-factor authentication, and investing in Secure Access Service Edge (SASE) solutions, added he.  

Different pieces of threat information collected from multiple internal and external sources need to be combined to deduce the contextual intelligence pertaining to the organization’s distinct technology infrastructure, business operations, geographical location, and other factors. Lastly, the relevant strategic and tactical insights about cyber threats need to be operationalized to deliver an effective threat response.

“To overcome these challenges, security teams are increasingly leveraging advanced threat intelligence analysis and operationalization capabilities in tandem with Security Orchestration and Automated Response (SOAR) technologies to form streamlined security workflows. In this way, security teams can look to shrink the gap between detection and mitigation of potential threats through a threat intel-driven SecOps process using the best of human expertise aided by machine capabilities,” advised he. 

Alok Khandelwal, MD, Accenture Security Lead- Advanced Technology Centers, India said, “Organizations need to take a proactive, shift-left approach to security and embed it throughout the build cycle, rather than just the end. While implementing cyber hygiene practices are crucial, organizations will need to adopt a higher degree of security automation with industry-specific focus to enable more secure deployments in the future. Implementing offensive security frameworks and Zero Trust with a strong focus on digital identity will also be crucial towards building a strong enterprise security architecture. Lastly, integrating security as a part of the organizational culture, pre-empting the threat landscape with value-driven, differentiated security solutions and expanding security efforts beyond the organization’s own operations to the entire value chain will be key to building cyber resilience.”   

Manikandan Thangaraj, VP, ManageEngine  

Compliance towards regulations can be improved by establishing centralized IAM solutions with built-in features like MFA, privileged access management and central access policies. Organizations must now shift their focus to incorporating IAM capabilities driven by microsegmentation of the network followed by implementation of risk-based authentication to address threats and secure the surface. 

Michael Montoya, CISO, Equinix

Security will become everyone's responsibility in this new era, with CISOs leading the charge. Establishing convergent cybersecurity environments will be a primary responsibility for CISOs as enterprises expand their digital footprints. DevSecOps models and secure software development life cycles (SSDLC) will assure automated security throughout the development process, given that every organization is now a software corporation.

Plugging the Cybersecurity skills gap 

While we look up to the tech providers to develop technology that’s intrinsically more secure and resilient, it is also important for the organizations to maintain a strong security posture with a strong focus on hiring cybersecurity talents. This will help organizations in quickly identifying and fixing vulnerabilities before they can be exploited.

Ripu Bajwa, Director & GM, Data Protection Solutions, Dell Technologies, India said, “Organizations should first address three long-standing problems- the workforce gap, vulnerability management, and the need to build more secure technology. Talent may be the biggest issue facing our industry, with a workforce gap of 2.72 million unfilled jobs. We need to focus on investing in training programs and developing employees’ transferable skills to develop the talent necessary to keep organizations secure.”

“For this, they can transition interested employees from non-traditional security backgrounds like risk, IT, data analytics or engineering roles into security positions. These individuals can build upon the foundation of their existing roles with focused security training,” suggested Indrajit Belgundi, Senior Director & GM, Client Solutions Group, Dell Technologies, India. 

Also Read: 

https://www.pcquest.com/tips-create-secure-work-home-culture-practices/