Why Cyber Security Should Be...
Cyber Attacks are constantly evolving. Earlier Hacker’ main targets used to be the BFSI sector for monetary gains, but the recent targets on Health Care, Critical Infrastructure, Oil and Gas Sector, etc. have made things worse and made it very clear that Cyber-attacks are no more for monetary gains alone. With all these Cyber-attack on Organizations and Critical infrastructures, it is clear that it’s going to be a lifelong battle between countries/organizations/Hackers, and Security Experts. Nation-state-sponsored Cyber Attacks on Critical infrastructures are proof that Cyber Attacks are a major threat to Humanity. Attacks on NHS in England, Florida City water supply, Colonial pipeline hack, Solar winds, Fire eye, Kaseya are few examples that show how Nation state-sponsored hackers can make countries/organizations helpless with one single Cyber Attack. The lust to become Super Power making top countries target their challengers. With all the highly-trained Hackers, Cyber Technologies, solutions in place the future wars will not be fought with Nuclear Weapons, Missiles, or Fighter Planes but through Cyber-attacks on Critical infrastructures, etc.
Even though organizations are spending
Even though organizations are spending huge investments on Cybersecurity Technologies/Solutions the Cyber-attacks are still becoming very common. With RaaS (Ransomware as a Service) even bad actors with minimum knowledge are easily making their targets more successful. Questions arise as how these attacks are becoming so common.
The chances of Cyber-attacks are high on global companies and Government organizations who are going digital and adopting cloud technologies. Additionally due to the ongoing pandemic almost every organization has allowed their employees to work from home without undertaking proper security measures. This has also let the hackers to easily target their victims. Cloud Technologies are still new for many organizations. Roughly 30% of the Global Companies have moved to cloud technologies and we already have seen the consequences. Imagine the level of attacks if there will be more percentage of companies adopting cloud technologies. One of the major problem we observed during the last few years is that every Information Technology and Information security Expert has changed their titles to Cybersecurity Expert.
Cybersecurity is not limited
Cybersecurity is not limited to Information Technology or Information Security domains. It is beyond IT and IS. Cybersecurity is like the Intelligence agency whereas IT and IS are like Local police and Military organization. Every organization should have Cybersecurity Team separate from IT and IS Teams. What Cybersecurity dedicated Professionals (Threat Intelligence Teams/Red Teaming/Blue Teaming/Digital Risk Professionals/Attack Surface Management Team etc.) will do cannot be done by IT and IS teams. Cyber Threat Intelligence is a vast domain that needs highly professional executives covering the 360 degrees of the Cybersecurity posture of the organization. One of the major challenges that organizations go through is the limitation and restrictions on Cybersecurity Budgets. It is very unfortunate that organizations are ready to pay huge ransoms after the Cyber-attacks but are not willing to secure their Network, Cybersecurity posture by spending some extra budget before the attacks.
It was rightly said by John Chambers, (Ex CEO CISCO Systems) "There are two types of companies: those who have been hacked, and those who don't yet know they have been hacked." If we look at all the recent Cyber-attacks on global critical infrastructures and cybersecurity companies we can realize how true this statement is. Every organization is still taking every cyber-attack lightly until they are also getting hit with it. We would not have seen the recent Supply chain attacks if Organizations have understood the criticality of cyber-attacks.
Govt Agencies, Banking sector
Govt Agencies, Banking sector, Critical Infrastructure sectors, etc. should collaborate and exchange detailed information of cyber-attacks such as (IOCs, Incident of Warning (IOW), Signal Intelligence) with their local CERTs, ISPs, and relevant authorities responsible for handling such cyberattacks. This way they can at least stop the next targets of Hackers.
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu.
Below are some of the fundamental steps every organization should take to lower its cyber risks and protect against cyber-attacks.
1. As per the recent research reports and investigations from top Organizations, more than 90% of the scams, attacks have happened via Emails. The top three aspects of psychology used by the majority of hackers in their emails are urgency, greed, and fear. People should be very careful whenever they receive any emails containing the above-emphasized keywords. Any email can be spoofed easily. Organizations should ensure to train employees in basic cybersecurity principles, especially in Phishing awareness.
2. Prioritize adoption of IAM, PAM, Technologies. Even if hackers attack your organization, they may not be able to perform certain sensitive tasks even if they have compromised user credentials with limited privilege access. Ensure to implement strong multifactor authentication mechanism, Zero trust network architecture for all process.
3. Regularly update antivirus and antispyware software on all servers and workstations used in your business.
4. Use a strong perimeter firewall, IPS/IDS solution. Make sure you have Next Gen SOC solution and L3 experts who can hunt, triage, and respond to critical Cyber Attacks. No matter what tools you use for threat hunting, eventually it’s going to be the expert analysts who will identify the cyber-attacks and take immediate actions.
5. Ensure to have regular backups of all your critical data. Even if your organization falls victim to a ransomware attack, you need not worry about paying up.
6. Control physical access to your computers and network components. Ensure to conduct frequent VA/PT scans, Risk assessments from third-party service providers. Update inventory of Hardware, Software including 3rd Party Tools used for administration, monitoring or managing the networks.
7. Implement Global standard Cyber Security Frameworks like NIST, MITRE, ISO27000, PCI DSS, etc.
8. Decoy Technologies, XDR with AI, Data Encryption, SOAR, Threat Intelligence Platform/Solutions, Digital Risk Protection, SIEM, Password less Authentication, Breach attack simulation(BAS) and Quantum Encryption security services are some of the important Cyber Security Solutions which plays a very crucial role to prevent cyber-attacks.
9. Ensure you conduct regular Cyber drills, Security Awareness programs with all the employees along with the Board Members.
10. Along with strong Email Security solutions ensure to Implement DMARC (Email Authentication) to provide visibility and protection from spoofing attacks.