Information security (InfoSec) is critical for companies, as malicious players look for newer ways to infiltrate network defenses, steal user information and account credentials and hold that information hostage. The one broad theme that is emerging in this space is the challenge posed by the ever-increasing number (and variety) of devices and technologies, which are coming together.
So, what is happening in the world of InfoSec?
“Ransomware of Things” – Attackers compromise internet connected devices and then hold them hostage till the user/companies pay.
Vulnerabilities – 40% of all vulnerabilities reported in 2016, were Critical.
Attackers act more Commercial – Capabilities to write bespoke codes, collaborate and improve faster than the defender’s ability to cope.
Cyber risk insurance to boom – Coverage for loss of revenue, loss of reputation and customer trust.
Closer home, we interviewed Mr. Pankit Desai, Co-founder and Co-CEO of Sequretek, to understand the state of InfoSec in India. Considering that India still has a huge base of computers which are running on older OS’s and a lot of smaller businesses are heading towards cloud based operations, there is a huge scope for helping them sort through information security.
What are some of the trends in the Cybersecurity space? Are more companies “outsourcing” their security requirements?
With an unprecedented increase in cyber incidents and data leakage incidents globally, organizations are trying to re-architect their cyber security environments, to include new generation detection and prevention technologies. The technology companies are now focusing on proactive security rather than reactive one. Some of the new trends include:
- Artificial Intelligence and Machine Learning: Using AI and ML algorithms to find anomalies in customer environments, to detect suspicious software / malware. Using advanced AI tools to detect Advanced Persistent threats and Zero Day attacks.
- Security Analytics (Managed Detection and Response): Deploying big data security tools, multi dimensional analysis and Machine learning techniques to detect, prevent and respond to cyber threats.
- Endpoint Detection and Response: Compared to traditional anti-virus software, the EDR technology focuses on behaviour and AI engines to detect threats and implement automated protection mechanisms, to prevent advanced and hard to detect threats.
- Threat Detection, deception and shadowing technologies.
- Cloud Security Access Brokers.
- Integrated Cyber Incident Response.
Yes, there is an increase in companies “outsourcing” their security requirements due to increasing complexity of their environments and lack of skilled resources.
Is Cloud security an additional cyber security issue?
Yes. Cloud (SaaS, PaaS, IaaS) brings with it a set of additional challenges for organizations. These include authentication of organization users, communication and data flow between cloud service provider and customer environments, data access between in-house and cloud or applications running between different cloud providers, data privacy issues during contract period and data purging issues post contract period. Threat scenarios for organizations usually increase due to a surge in attack surface vectors for organizations.
Are cloud computing platforms like AWS, MS Azure & GCP etc. safer than legacy infrastructure systems?
Depends on case-to-case basis. Most of the countries and government regulators require that enterprise and customer (citizen) data remain within the country. Also, most of the governments and large organizations are required to use their own data centers or set up private clouds. Data Privacy contracts, data sharing and information sharing between the enterprises and cloud service provider is another aspect to focus while looking at cloud platforms. Some cloud service providers bundle security services as a part of their offerings.
How does Sequretek offer cyber security to its customers?
Sequretek is an enterprise security product / solutions company. We are building products that reduce the complexity of how security is used within organizations. Company has focused on the most complicated part of organization’s security i.e. the enterprise user and the device that the user uses to interact with the company.
Our product Avatar – Access Governance product – focuses on solving the issue pertaining to governing all technology privileges that are given to its employees from the time they join up to their exit from the company.
Our second product Kawach – Endpoint Detection and Response (GA in Q4 2017) – will look to secure the endpoints from various different types of threats i.e. external, internal, and device related.
Our Integrated Managed Cyber Security offering, helps ensure that organizational security is monitored on a 24×7 basis across all threat vectors.
With increasing number of cyberattacks like Petya malware attack, Yahoo accounts data breach & Dyn DDos attack etc. what do enterprises require to ensure their data safety?
Both Petya and Wannacry incidents revolve around exploitation of vulnerability within the operating system environment. These vulnerabilities were published along with the fix by the respective OEMs. Most of the data theft has happened due to poorly patched environments or incomplete implementation of access control and security measures. Organizations need to look at the following:
- Implement proper and well rounded cyber security policy based on their organization’s requirements
- Make sure the required security patches and updates are done on a regular and timely basis across IT environment.
- Create an information centric security framework rather than infrastructure only focus.
- Create corporate security awareness among employees and extended teams.
What role can AI/ML play in fending off the new age cyberattacks?
As I mentioned earlier, AI / ML play a big role in all three aspects of security –Detection of threats and malicious activities, Protection and Prevention of threats, Management of entire security environment for the organization. Specifically, AI / ML play a big role in detection of Zero day threats and APT’s (Advanced persistent threats) by detecting anomaly and creating long term relations for suspicious traffic respectively.
What is the state of Cybersecurity in India? Traditionally, Asian countries lag way behind countries like USA, Israel, China in cybersecurity, why is that so?
It’s is very difficult to generalize the state of cyber security across the country since the size and complexity of the country plays a role in how each organization or for that matter everyone looks at security through their own lens of experience. For example, India’s banking sector especially the scheduled commercial banks have done a relatively good job of understanding the security risk that their segment faces and with help of the regulator has taken steps to beef up their security investments.
Sequretek works with some of India’s largest banks and we have seen their journey up close and feel that the journey undertaken by these organizations to improve their security, has kept pace with how the threat landscape has changed.
On the other hand, there are companies in the manufacturing and the SME sector who perceive that the risk of cyber security related threats is limited in their environment and therefore they don’t need to make similar investments. As far as Government is concerned, especially the current government is very proactive and believes that cyber security readiness is essential for safety of the country. They are promoting startups in this space, looking at creating policy framework for the segment to adhere to and allocating budgets towards investment to improve the security readiness.
What skills do young IT graduates need to learn to establish & succeed in a career in InfoSec?
InfoSec is a wide domain and the challenge is – how to impart the same through a construct of an institutional framework? This is one area that continues to struggle as the gap between what gets covered in the traditional curriculum v/s what the industry wants is still wide.
- Challenge which universities face is that, whilst while the curriculum is broad based, they lack the ability to provide hands-on experience, which is so absolutely required.
- Industry participation in universities’ curriculum formation, internships, trainings is still much to be desired.
- For the private institutions, the focus is primarily on clearing a certification exam, which per se guarantees nothing as far as the quality of output is concerned.
- Ideal candidate from an industry requirement perspective would be someone who has spend 1/3 time on theory, 1/3 on lab work and balance 1/3 working with a customer or industry partner
Do InfoSec professionals need to re-skill themselves in the age of cloud computing?
Yes, absolutely, not just because of cloud computing though. There are forces that are in play which will completely change how we look at technology in the next few years. And that will have a much bigger impact on security viz. Mobility, Artificial intelligence, Industrial Internet of Things, Embedded devices etc. All of this while we change the lifestyle for citizens and productivity for companies it will have a significant security impact as well. One will need to be a continuous student to ensure that one stays relevant.
As we are getting used to a world increasingly shaped by technology, IT security is essential and a broad InfoSec strategy should be a norm. Businesses need to ensure that they put adequate focus and budget, on securing their organizations network and devices. From regular review of personal data encryption to being aware of latest vulnerabilities to something as basic as employee training, proactive approach is the key to ensuring secure business operations.