In the digital domain, there are two types of organizations: the ones that have already been attacked, and the ones that will be attacked. Given the fact that determined attackers will try again and again to penetrate security systems to reach valuable assets, and considering the wide-ranging attack vectors and a very dynamic, multi-layered IT infrastructure, every organization that operates online or uses digital technology in any form will eventually be attacked. It may come in the form of an Advanced Persistent Threat, IoT vulnerability exploit, human error, or even as a malicious insider, the only certainty about an organization’s cyber defence is that it will get breached eventually – if it hasn’t been already. The only question is when?
India has lately emerged at the forefront of global digitization. The nation is playing a pivotal role in bringing the next billion people to the digital domain. The digital penetration has already crossed the 500-million mark in India and forecasts predict that there will be around 627 million internet users within the nation by the end of 2019. So, as the nation experiences superior digital adoption, how does it fare in terms of digital security?
According to an ISACA study, more than 80 per cent of organisations are expecting a cyber breach this year despite investing in the latest cyber security tools. Adding to the problem is the prediction that 60 per cent of the open cyber security positions will remain unfilled and the ones that are getting filled take more than 3 months in 50 per cent of the cases.
This research suggests that the persistent cybersecurity staffing problem is not a financial one. Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organizations critically need.
Most organisations are reactive to the ever-evolving threat landscape and will end up deploying siloed point products. This impedes their ability to improve detection and automate response, due to lack of integrated end-to-end security solutions. Let us analyse the state of cybersecurity within the nation in detail and what is the best way to move forward toward digitizing our nation? Securing our future: Why cybersecurity is imperative for our digitizing nation?
At present, we are witnessing a paradigm shift within our country. The advent of smartphones in India is familiarizing everyone with digital tools, technologies, and approaches. This includes UPI (Unified Payments Interface), Aadhaar Pay, e-commerce, smart appliances, and so on. Perhaps, a truly digital lifestyle. The nation is inching closer to its ultramodern future and, by the coming decade, will also be unveiling 100 Smart Cities – much in line with its digital vision. But this also leaves the nation vulnerable to wide-ranging threats that underlie the digital domain. For instance, back in 2016, right before demonetization, 32 lakh debit cards were recalled by 19 national banks as a protective measure. It was later revealed that it happened because of a malware present in the payment systems. And this is where things get a bit tricky.
As our IT systems are gradually evolving, so are the TTPs (Tactics, Techniques, and Procedures) of the modern attackers. Today, it is too late to address threats after they have taken place. They have to be addressed pre-emptively. The criticality of such cybersecurity measures rises further as IoT (Internet of Things) – something that is used in offices (aka the endpoint), residential settings (smart appliances), and is an integral part of our upcoming smart cities (sensors, surveillance cameras, etc.) – is gaining prevalence. OT security needs to be a prime focus to protect nation’s critical infrastructure like Oil & Gas industry, Airports, transportation sector (Airlines, Railways), Power grids, Nuclear sites etc. To date, more than 70,000 known-CVEs (Common Vulnerabilities and Exposures) have been discovered within the IoT technology. Much more are yet to be discovered. Cyber Sabotage is a reality today.
This sheer dynamism of the IT infrastructure has been making cybersecurity a tough task for Indian corporates and organizations. The EY Global Information Security Survey (2018-19) India edition found 70 per cent of them were planning to increase their budgets soon. But this would barely get them going. The global cybersecurity industry is facing a skill shortage of 2.93 million on a global level. This shortage of skills gets more intense in India because of the lower emphasis on modern cybersecurity in academics and the brain drain that our nation characteristically faces.
So, India needs to be inventive in its approach to battle this predominant disparity. Here are some approaches that can enable the nation in doing so and ensure that its bright digital future is not over clouded by imminent cyber threats:
Train incident response teams in simulated cyberattack environments: The current cybersecurity skill shortage is one of the biggest pain-points for any CISO across the globe today. Also, most security professionals experience their first real life malware attack on the job, as all the industry cyber training certifications are theory based with nil or very little exposure to real- life attacks. And hence in many incidences that have occurred, it is observed that the respective cybersecurity team could not handle the incidents effectively. Therefore, SOC analysts and incidence response teams need to be trained using simulation, that mirrors real attacks pre-emptively, otherwise they will be experiencing their first cyberattack on the job and obviously will not be able to handle it effectively.
Invest in Detection and Response Capabilities: The biggest lesson learned from some of the big recent financial attacks is that they are advanced and evasive and cannot be detected using conventional tools like antivirus or firewalls. Companies should invest in detection technologies like EDR having Machine learning and artificial intelligence capabilities and does not rely on signatures or IOCs, which are used by conventional detection systems but are ineffective to detect evasive and targeted threats.
The volume of alerts that SOCs analyst are experiencing keeps exponentially growing. It is therefore very important to incorporate an orchestration and automation response platform in today’s SOC, which can dramatically accelerate detection and subsequent remediation. We believe organizations today need an integrated incident response platform that orchestrates the entire incident lifecycle in a single window, including everything from detection to recovery.
India manufacturing firms and critical infrastructures: As novel methodologies begin to surface in India, including Logistics 4.0 and Industry 4.0, companies must invest in advanced solutions to counter the related OT & IoT attacks. These attacks can potentially cause physical damage or event risk to human lives. Attackers often penetrate critical OT systems like manufacturing lines or power plant controls, by initially exploiting IT systems to find their way into the OT network. Companies should therefore implement a mix of IT and OT security to protect the ICS (Industrial Control System) and mitigate multi-vector attacks in hybrid networks by equipping them with layered, multi-technology solutions.
These are some of the things that must be on top of the to-do list of all CISOs, might they be in a government agency, a business enterprise, or a manufacturing or logistics firm. Only this will ensure that our comprehensive national infrastructure becomes as much secure as it is becoming digital.
- Mr. Rakesh Kharwal, Managing Director, India at Cyberbit.
Disclaimer: The views and opinions expressed in this article are solely those of the original author. These views and opinions do not necessarily represent those of Deccan Chronicle and/or other staff and contributors to this site.