TASL

Resources

Data Protection Officer (DPO): A Guide to Foster Data Security Culture in Organizations

Need for DPOs is gaining momentum with the rising spike of data breaches globally. As per the Internation Association of Privacy Professionals (IAPP), around half-million organizations registered data protection officers across Europe in 2019. Businesses are experiencing the necessity to secure their corporate data, revamp security approaches, and align themselves with different data protection laws governing the collection, utilization and disclosure of personal data.

Data Protection Officer (DPO) is an expert responsible for ensuring compliance with data protection laws, like GDPR and PDPA, and nurturing the tradition of data protection within an organization. The DPO works together with other functional units engrossed in the processing of personal data as it helps in attaining detailed visibility into the regulatory and data segment of an organization.

Explore more about the responsibilities, challenges and other important aspects of a DPO.

What functions does a DPO perform?

A DPO executes a myriad of tasks to ensure that the organization fulfils all the requirements of protecting business-critical data. Following are some primary functions of a DPO that will help you understand the importance of its role:

  • Designing and implementing policies and processes for managing personal data to ensure compliance with data protection laws such as GDPR and PDPA.
  • Guiding organizations and their employees on data protection obligations.
  • Reviewing organizations’ internal data security strategies, which may include (but not limited to) allocation of responsibilities, internet audits, training of individuals engaged in the processing of personal information, etc.
  • Handling issues (raised by data subjects, public authorities or relevant supervisory authorities) related to data protection, data breach, Data Subject Access Requests (DSARs), etc.
  • Regular evaluation of data processing activities to monitor compliance with data protection laws.
  • Reporting to concerned authorities in case of security risks that might occur concerning sensitive personal information.

Who Needs to Appoint DPO?

An organization is required to hire a DPO if:

  • It is a public institution or body (except for courts).
  • Its core activities require large scale, regular and systematic monitoring of data subjects (such as employees and customers).
  • Its core activities include processing of sensitive, personal information that may include (but not limited to) health information, criminal records, etc.

Besides above-mentioned factors, an organization can voluntarily hire a DPO as a matter of good practice. Also, the DPO doesn't need to be hired internally. Organizations can also outsource the role of a DPO to address the compliance demands of the data protection laws.

What challenges does a DPO face?

While addressing the requirements for an organization to achieve compliance with data protection laws and create a safe environment for data processing, a DPO has to go through several challenges including (but not limited to):

  • Cooperation from other organizational units
  • Finding the right talent to prepare the privacy team
  • Insufficient privacy budget of the organizations
  • Lack of support from principal actors of the organizations
  • Conflict of interest between DPO responsibilities and other duties
  • Unavailability of DPO tools

Why choose us?

  • Vast array of working experience with different sectors
  • Result-oriented and customer-centric approach to data protection
  • Pool of professionals having extensive experience in data security and privacy

 

To start your data protection journey, connect with us at contactcs@tataadvancedsystems.com

Read More
Ensuring Data Protection in times of COVID-19 using DLP Solutions

Data security and privacy are no longer viewed as just a part of compliance or regulations. Remote working has shattered the situation as organizations are facing unusual hindrances in restricting malicious insiders and outsiders from exfiltrating company’s data. Accordingly, businesses are compelled to adopt advanced security controls to prevent critical information from going outside the corporate perimeter. Data Leakage Prevention (DLP) solutions are one of those controls that are growing in popularity as organisations are looking to minimize the risk of data leaks. It can deal with problems, which fall out of the perimeter of conventional security measures like firewalls, intrusion detection systems, anti-viruses, etc. that aims at external threats only.

Let’s inspect how DLP solutions help organisations to ensure the security and confidentiality of business-critical data.

  • Identify & Manage Critical Data

DLP solutions allow users/administrators to establish specific policies that help in identifying confidential information residing at different locations such as databases, repositories and endpoints throughout the organization. Then, customised policies can be applied against which identified data can be evaluated to detect and prevent data leaks.

  • Provide Improved Visibility

DLP solutions provide a comprehensive insight into how sensitive information within the organization is stored, utilized and shared. It helps in monitoring how the company’s internal members deal with confidential information, which further allows administrators/privileged users to identify suspicious behaviour patterns (malicious insiders) that could put the organization’s data security at risk.

  • Monitor Data Leakage Vectors

Emails are the most common channels of data leakage and widely exposed by threat actors to compromise legitimate accounts and gain access to sensitive information. DLP solutions apply specific policies (like content-aware policies) to identify and alert users while entering sensitive information in the mail body or attachments. Based on the configuration of policies, multiple actions can be taken to prevent data from leaving the organization, including creating alerts for risky behaviour, blocking such emails and quarantine email messages for further review. These solutions also allow users/administrators to apply controls to prevent other data leakage vectors such as portable storage devices and web communications (like file upload and Web mails).

  • Reporting

DLP solutions also provide reports to meet internal or external auditing requirements and determine areas of improvement, which further helps in taking corrective measures. These solutions can also be triggered to provide real-time incident reports in case of a suspicious event.

  • Achieve Compliance with Emerging Data Protection Regulations

Growing data breach incidents are getting the attention of regulatory bodies, pushing them to encourage organizations to embrace required data security controls. Organizations that store customers’ data, including Personally Identifiable Information (PII), Protected Health Information and Payment Card Information (PCI) need to redefine policies and create a framework that secures the information being stored and processed throughout its lifecycle. DLP solutions assist enterprises to review and administer their compliance risks for multiple regulations including (but not limited to) GDPR, PCI, HIPAA, PDPA, etc.

DLP Solutions Getting Attention Globally

According to Mordor Intelligence report, the DLP solution market was estimated at USD 1.21 billion in 2019 and is likely to reach USD 3.75 billion by 2025, at a CAGR of 23.59% during the forecasted period. The contributing factors behind this tremendous growth rate include the rising crest of data breaches amid COVID-19 outbreak, sharing of data across cloud platforms, increasing volumes of data, etc. Asia-Pacific region is expected to receive the highest market share during the forecast period. Explore Image 1 for more details about other regions.

    

Image 1: DLP Solution Market Growth Rate by Region

Conclusion

Embracing data protection is not a one-time activity. Threats originating from malicious insiders, nation-backed and independent cybercriminals groups will continue to evolve and target global businesses. Organizations need to remain vigilant and keep updating to advanced security practices, just like DLP, to ensure that their crown jewels (sensitive information and critical assets) are safe.

For more information on DLP solution, connect with our cybersecurity experts at contactcs@tataadvancedsystems.com

 

Read More
Digging Out the Most Common Ransomware Vectors in 2020
“How” is probably the first thing that comes to our mind when we witness our systems getting infected with ransomware. Cybercriminals make use of a variety of techniques to inject malicious code into targeted systems and encrypt/exfiltrate sensitive data. Watch out the most common ransomware vectors utilized by hackers in 2020 so far.
 
Remote Desktop Protocol (RDP) Compromise: RDP is a network communication protocol designed by Microsoft that allows users to remotely access the other computers. It has now become a very popular means of infecting networks and deploying ransomware. Nearly 60% of all ransomware attacks are a result of poorly secured RDP access points/ports. SamSam, GandCrab, CryptON and CrySIS are some examples of ransomware variants that spread via RDP. The security of the RDP is majorly impacted due to the poor password practice among users, making it easy for attackers to intrude and harvest credentials. Hackers utilise credential stuffing and brute-force attacks to crack the login credentials and gain access to the target machine. But now, attackers can also purchase RDP credentials for a very low cost on the dark web. Post getting the credentials, an attacker can easily circumvent existing security controls and start causing damage, including deleting/encrypting data backups, deploying ransomware, leaving a backdoor for future attacks, etc.
 
Some best practices to boost the security of the RDP include:
    • Use strong password
    • Change the default RDP port from 3389 to any other
    • Implement two-factor authentication
    • Conduct regular vulnerability scans
    • Maintaining logs and monitoring RDP
 
Phishing Emails: Transmitting emails containing malicious URLs and attachments has been the most preferred attack vector of ransomware operators for years. So far, in 2020, threat actors have remained successful in tempting victims to click on a malicious link redirecting to an infected website or download a malicious attachment after which ransomware automatically begins downloading. Attackers have improvised email subjects to catch the victims’ attention and make them believe that the mail is genuine. For instance, some common strains of ransomware have found using email subjects like overdue invoices, account discontinuation, and undelivered packages. In addition to email subjects, some ransomware operators have also noticed using geography-specific language in their emails to target the victims.
 
Glance through some preventive tips that may help you avoid falling victim to phishing:
    • Conduct a security awareness program to educate employees about evolving cyber threats and attack vectors
    • Follow good cyber hygiene
    • Open attachments from trusted users
    • Hover over the embedded link before clicking
    • Check sender’s email address first, if found anything suspicious
 
Software Vulnerabilities: Software vulnerabilities are the third most common vector used by attackers to deploy ransomware. Unpatched software is similar to a door without security that welcomes hackers and allows them to inject malware into the connected applications and network. They can easily exfiltrate data and cause maximum damage to the targeted systems. Regular vulnerability and threat scans are the best methods to discover and eliminate the known and unknown vulnerabilities in the applications/software.
 
Along with these three most common ransomware vectors, there are some other methods as well through which cybercriminals target victims. These methods include Drive-by Downloads, Malvertisements, Exploit Kits, Infected Mobile Applications, etc. Threat actors are making huge benefits by targeting industries across all verticals while implementing these above-mentioned methods. So, to minimise the risk of infection and safeguard your organization from growing ransomware attacks, it is essential to understand how ransomware commonly propagates. This will also help you identify the best security controls that can be placed to prevent ransomware attacks.
 
For comprehensive information about ransomware protection, connect with us at contactcs@tataadvancedsystems.com
Read More
How Ransomware has Marked its Presence in 2020?

Are you aware that ransomware attacks1 have increased by 25% in the first quarter of 2020, as compared to Q4 2019? Financial institutions, followed by healthcare and manufacturing sectors, reported the maximum number of incidents during the period. From Travelex to Garmin, we have witnessed companies falling victim to ransomware attacks and paying a million-dollar ransom to attackers. A recent report2 revealed significant growth of 72% in new samples of file-encrypting malware in the first six months of 2020. It shows that threat actors are discovering new methods to execute cyber-attacks and extort entities for their sensitive data. Consequently, the global average cost3 to remediate a ransomware attack has also increased to USD 761,106.

Contributing Factors
Some of the key factors that have influenced the amplification of ransomware attacks across the world include:
  • Remote Working: The tide of ransomware rose when a majority of organizations globally opted for remote working (work from home) due to the COVID-19 pandemic. This transition brought new vulnerabilities and risks, along with continued business productivity. Lack of appropriate security controls like VPN, web-application firewall and anti-phishing solutions accompanied by the use of weak passwords have provided cybercriminals with an array of opportunities to penetrate the network and steal business-critical information. 
  • Ransomware-as-a-Service: Ransomware-as-a-Service (RaaS) is another major factor that has taken ransomware attacks to a whole new level. In this new ransomware delivery model, malware developers offer their tools and services to help novice cybercriminals (with little or no technical expertise) launch their ransomware attacks at a wide scale without much difficulty. Satan RaaS Platform is a perfect example of this new delivery model that is available over the dark web and offering services to allow its customers to initiate customizable ransomware attacks.
  • Cryptocurrency Revolution: Cryptocurrency revolution has shifted hackers’ focus from relying on bank accounts or credit cards for ransom collection to mine cryptocurrencies directly as they are untraceable and make incident difficult to resolve for security professionals. Some of the prominent cryptocurrencies available across the world include Bitcoin, Monero, Zcash, Ether, Litecoin etc. These digital currencies are increasing in number as well as value, making them a profitable target for cybercriminals.
  • Lack of Regular Security Assessment: Known and unknown vulnerabilities lurking in the organization’s networks, workstations or applications enables threats actors to inject malware and damage business-critical data and resources. Also, the lack of security awareness among employees aids threat actors to exploit human vulnerability and get access to sensitive data.

Are SMBs Isolated from Ransomware?
The answer is No. Ransomware attacks are targeting small- to large-scale enterprises globally. A recent survey3 uncovers that ransomware is no longer an unusual activity in the SMB community. It indicates that 46% of such businesses have already been hit by ransomware attacks, and 73% of those have paid the ransom to recover their data. Among those who had suffered a ransomware attack, 43% of SMBs have paid ransom between $10,000 and $50,000 while 13% were forced to pay more than $100,000.
For SMBs, it is imperative to implement effective security measures in place to mitigate the chances and implications of ransomware as a successful attack might end up in devasting loss to such organizations. Also, recovering from ransomware attacks becomes difficult especially when a company has no safeguards like proper data backup.

Threat actors are utilizing different attack vectors including social engineering and phishing attacks at a broad scale to inject malware into targeted systems and get hold of the underlying data. They are found using a variety of ransomware strains such as Maze, Sodinokibi, DoppelPaymer, Nemty, CLOP, Sekhmet, etc. to execute attacks. Thus, organizations need to keep assessing the effectiveness of their security ecosystem at regular intervals. Moreover, they should archive data at different but secured locations to successfully recover data in the event of a ransomware attack.

The Cyber Security Practice of Tata Advanced Systems Limited is dedicated to providing advanced and industry-best security solutions to safeguard organizations from disastrous ransomware attacks. We help you quickly detect and remediate the loopholes within your organization’s security posture and mitigate the likelihood of experiencing a cyber-attack.
 
For more details, connect with us at contactcs@tataadvancedsystems.com 
 
References:
1 - Beazley Breach Insight Report
2 - Skybox Security 2020 Vulnerability and Threat Trends Report
3 - The State of Ransomware 2020, Sophos
4 - Infrascale Survey
Read More
Why Organizations are Concerned about the Security of Critical Infrastructures?

The moment since Operational Technology (OT) and Information Technology (IT) have fused, new doors to possibilities have opened. This convergence has added new capabilities to industrial control systems (ICS) and brought several benefits including enhanced productivity, improved system performance, and reduced costs. Along with numerous advantages, it has also generated a new set of vulnerabilities and expanded the attack surface of the critical infrastructures like power generation plants, water treatment plants, oil & gas refining plants, transport systems, etc. As per a recent report1, 74% of IT security professionals globally are more concerned about a cyber-attack on critical infrastructure compared to an enterprise data breach.

Growing Attacks on Critical Infrastructures

The world has witnessed a lot of devastating cyber-attacks on industrial control systems right from the year 1903 when hackers compromised the Marconi’s secure wireless telegraph presentation with Morse code. One of the famous cyber-attacks that holds a special place in the books of history took place in 2010 at Iran’s Natanz uranium enrichment facility, where the Stuxnet worm reportedly destroyed numerous centrifuges.

The primary factor behind this rising frequency is the growing reliance on Supervisory Control and Data Acquisition (SCADA) systems, Programmable Logic Controllers (PLCs) and distributed control systems for controlling physical devices and monitoring processes.

Now, let’s glance through some recent cyber-attacks on critical infrastructures in India and across the globe:

  • In May 2020, Taiwan’s state-owned energy company, CPC Corp., hit by a massive ransomware attack. Later, in the same month, Israel also reported an attempted cyber-attack on control systems at water facilities.
  • In March 2020, the ransomware attack targeted a US-based natural gas compression facility.
  • In November 2019, Kudankulam Nuclear Power Plant in Tamil Nadu experienced a major malware attack.
  • In May 2019, the computer systems of power distribution companies (Discoms) of Telangana and Andhra Pradesh were hit by a ransomware attack.
  • In December 2018, Italian oil firm Saipem suffered from Shamoon malware attack that erased data residing on the company’s computers.
  • In March 2018, Haryana Power Discom suffered a cyber-attack on its Automatic Meter Reading System (AMR) that encrypted billing data of about 4000 industrial consumers.
  • In November 2017, a huge malware attack disrupted operations of THDC Ltd’s Tehri dam in Uttarakhand.

Challenges to the Security of Critical Infrastructures

  • Increased Connectivity: The increasing infiltration of internet-connected devices in OT networks and industrial control systems have provided threat actors with a multitude of entry points to critical infrastructures. Since the OT networks were not primarily designed for exposure to the Internet, the likelihood of cyber-attacks in such environments is constantly growing.  
  • Skill Shortage: Lack of skilled cybersecurity resources is a major challenge faced by organizations across the globe. When it comes to the security of critical infrastructures, businesses need some talent that understands both IT & OT systems and can determine and remediate potential vulnerabilities in both environments. This is why a majority2 (93%) of cybersecurity professionals believe that OT security should be encompassed into the education and training of IT security practitioners. 
  • Lack of Visibility into the Attack Surface: Lack of detailed visibility does not let security teams to completely defend valuable assets against sophisticated cyber-attacks. It creates blind spots that help attackers to circumvent security controls and breach unsecured elements including IT & OT systems. Thus, it is imperative for security teams to have a clear picture of incoming and outgoing IT traffic and existing anomalies. In a recent survey3, it was found that only 36% of critical infrastructures have a high level of cyber resilience.

Apart from the above-mentioned major challenges, there are some other factors as well that impact the security of critical infrastructures.

  • Growing rate of automation in industrial processes
  • Increasing complexity of industrial control systems
  • Evolution of cyber threats

Recommendations to Ensure the Security of Critical Infrastructures

Let’s go through some useful tips that can help organizations to optimize the security of their critical infrastructures.

  • Identify all available critical assets
  • Enhance visibility into the IT & OT networks
  • Search proactively for abnormal activities that may cause severe damage
  • Maintain backup of system data and configurations
  • Disable unnecessary ports and services
  • Implement a risk-based approach that incorporates detection, response, and recovery plans as well
  • Meet necessary compliance with industry regulations
  • Improve collaboration with government bodies, corporate entities, and other institutions
  • Conduct OT security training for IT security professionals

 

Protecting critical infrastructures from the growing threat of cyber-attacks has now become a topic of boardroom discussion for CISOs, CIOs and business stakeholders. Organizations must adopt a proactive and predictive approach to bridge the widening gap in the security of IT and OT networks.

The Cyber Security Practice of Tata Advanced Systems provides an advanced and comprehensive set of security services for quick threat detection and incident response across IT and OT environments. We help you design an effective OT security program to determine and eliminate potential risks while ensuring business continuity without interruptions.

For more information, connect with us at contactcs@tataadvancedsystems.com

References:

1,2 – Global State of Industrial Cybersecurity Report

3 – Greenbone Networks Research

Read More
Why SMBs Need MSSPs & What Benefits Can They Reap?

One of the most common misinterpretations among SMBs is that they are less likely to be targeted by cybercriminals. Most of them believe that large scale enterprises are the center of attraction for threat actors. Unfortunately, this belief is completely overruled by the attackers. They have realized that a majority of small businesses possess a large attack surface, do not have sufficient security controls in place, and lack dedicated in-house IT & cybersecurity professionals. This makes SMBs more prone and an easy target to cyber-attacks. Moreover, the growing implementation of advanced technologies like Cloud & IoT creates ample opportunities for cybercriminals to exploit the vulnerabilities in the security posture and cause financial and reputational damage to the enterprises.

Recent findings indicate that:

  • 28% of data breaches in 2019 involved small businesses.
  • The global average cost of a data breach is $3.9 million across SMBs.
  • Only 28% of small businesses rate their ability to mitigate cyber risks and attacks as highly effective.
  • Phishing and Social Engineering are the most prevalent cyber attacks against SMBs.

Sources: Verizon 2020 DBIR, 2018 State of Cybersecurity in Small & Medium Size Businesses, Cybint – 15 Cyber Security Facts and Stats

Why MSSPs?

SMBs can optimize their security ecosystem, fill the existing gaps in cybersecurity and meet the compliance and regulatory requirements by employing a Managed Security Service Provider (MSSP). One can define an MSSP as a third-party vendor who helps organizations in monitoring and management of IT networks, security devices and systems, and keeping security infrastructure up-to-date. It delivers a multitude of services including managed firewall, virtual private networks, intrusion detection, network threat detection, managed UEBA, vulnerability scanning, etc. using their 24/7 available Security Operations Centers (SOCs).

Some of the key security services offered by MSSPs include (but not limited to):

  • Continuous Log Monitoring & Management
  • Continuous Vulnerability Monitoring
  • Web Content Filtering
  • Threat Intelligence
  • Endpoint Security
  • Data Loss Prevention
  • Patch Management
  • Incident Response
  • Reporting, Auditing and Compliance

An MSSP assists businesses to proactively detect, respond and eliminate threats, and transform the overall cyber defence. By outsourcing an MSSP, SMBs can effectively cut down costs on hiring and training of new cybersecurity professionals.

Let’s have a look at some other benefits that SMBs can reap by outsourcing an MSSP:

  • Improved Security: MSSPs come with experienced cybersecurity experts and best-in-class security systems to 24/7 monitor the security posture of an organization. They put in advanced security controls along with the existing measures in order to protect business-critical data against growing cyber-attacks and help organizations to prepare risk mitigation strategies, as well as incident response and disaster recovery plans.  
  • Quick Response to Threats: Since MSSPs remain functional 24x7x365, the cybersecurity threats can be discovered and handled very quickly. On getting a security alert, the dedicated team can immediately react to neutralize the threat and take necessary actions to minimize the chances of its occurrence in future.
  • Focus on Business: Security threats often distract SMBs from their core functions. The ability of MSSPs to operate from an off-site location helps companies to continue business operations with minimal cyber intrusions. MSSPs maintain constant communication and provide timely reports containing the status of security issues, audits and maintenance to their clients.
  • Reduced Cost: Setting up new security controls like advanced firewalls, intrusion detection systems and threat detection tools require a large investment in manpower and technology. Due to the budget limitation, SMBs either ignore or deprioritize such requirements. One time investment in MSSP can help small businesses to eliminate extra costs on the security infrastructure.
  • No Need to Find Talent: Cybersecurity skill shortage is a major concern for all businesses of all sizes across the globe. As predicted by the Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs globally by 2021. With such a shortage of talent, it becomes even more difficult for SMBs to find, hire and retain cybersecurity professionals. Outsourcing an MSSP is a better option for SMBs as the MSSPs comprise experienced cybersecurity professionals. 
  • Improved Compliance: With time, data regulations are increasingly becoming popular with growing volumes of data. It has become imperative for businesses (of all sizes) to maintain compliance with industry regulations. An MSSP guides organizations on how to comply with mandatory security standards and ensure the security of sensitive business data.

In the age of rising cyber threat landscape, security is the topmost concern for every business across the globe. No industry is left untouched from growing cyber-attacks including ransomware, phishing, DDoS, etc. A proactive approach to cybersecurity using managed security services can help SMBs to reduce the exposure to cyber threats and strengthen their cyber defence.

Being a managed security service provider, the Cyber Security Practice of Tata Advanced Systems is dedicated to offering reliable and robust cybersecurity services to business of all sizes across verticals. From fraud management, security device management to security monitoring and threat intelligence services, we have a wide spectrum of services to protect your organization from cybercriminals looking to damage your brand reputation.

For more information, connect with us at contactcs@tataadvancedsystems.com

Read More
Web Application Firewall: Don’t Let Attackers Damage Your Web Presence

The prevalence of web applications has exponentially increased as companies are focusing on interactive websites and web applications to streamline interaction with customers, collaboration with employees and make data 24/7 available to the users. Many of these applications hold a vast amount of data, making them a profitable target for cybercriminals.

In recent times, web-based attacks have increased at a rapid rate and become the major cause of data breaches. According to Verizon 2020 Data Breach Investigation Report, attacks on web apps have increased to 43% this year, more than double the results from 2019. Moreover, NTT’s 2020 Global Threat Intelligence Report also says that 55% of cyber-attacks in 2019 were a combination of web application and application-specific attacks.

Let’s have a close look at the key points regarding websites and web apps.

  • Over 25% of web applications have at least one high-severity vulnerability.
  • 24% of websites have WordPress vulnerabilities.
  • Hackers can attack users in 9 out of 10 web applications.
  • 82% of the web application vulnerabilities are found in the source code.

Source: Acunetix 2020 Web Application Vulnerability Report, Positive Technologies Report

In view of the above-mentioned points, it seems imperative for businesses to implement an effective security solution like Web Application Firewall (WAF) to mitigate the risks of cyber threats and provide users with a smooth digital experience.

What is a WAF?

WAF monitors and filters the HTTP traffic between a web application and the Internet. It applies a set of rules known as policies to every HTTP request in order to filter out and block the malicious web requests. These policies define what to look for and what actions to take if suspicious behaviour, vulnerability or malicious traffic is found. It also allows you to customize the rules and write specifically for your application if it is hosted on a platform that has a known vulnerability. This will prevent malicious traffic from exploiting the vulnerability until you apply a patch to it.

Unlike a regular firewall, WAF protects Network, Transport, Session, Presentation & Application layers of OSI (Open System Interconnection) model from common to sophisticated cyber-attacks. It is deployed in front of the web applications and analyses the bi-directional HTTP traffic between the web application and the Internet.

Some of the specific tasks performed by WAF include:

  • Scan & filter out unauthorized traffic: WAF assesses all the incoming traffic before it reaches to the target application. It looks at the GET & POST HTTP requests, which are responsible for retrieving and transmitting information to/from the server. Then, it applies the set of rules to identify whether there is anything malicious or suspicious that might exploit the vulnerabilities. It analyzes all the content of the data packet, along with the header and blocks the requests if found illegitimate. A few WAFs also challenge requests to verify whether it’s a bot or human. 
  • Examine access to sensitive pages: WAF protects the access to the critical sections of your web application by re-verifying the credentials of users. It uses IP whitelists and blacklists, along with other specific rules to filter out illicit identities.
  • Bad bot identification: WAFs also checks for bad bots that interact with applications and often imitate human interaction to break into user accounts, illicitly scrape data from websites, exploit hidden vulnerabilities, etc.

Why WAF is Imperative for Organizations?

The ongoing digital innovation has undoubtedly increased the speed of business operations globally. But, this phenomenal transformation has also left web applications at risk. Basic security controls like anti-virus, regular firewalls and intrusion detection systems (IDS) are not sufficient enough to prevent hackers from breaking into websites and web applications. Organizations require an advanced and comprehensive WAF to block incoming malicious HTTP traffic and safeguard business-critical applications from a variety of cyber-attacks.

Let’s explore different cyber attacks a WAF can prevent.

  • DDoS
  • Zero-Day Exploit
  • Man-in-the-Middle
  • Injection
  • Broken Access Control
  • Insufficient Logging & Monitoring
  • Cross-Site Scripting (XSS)
  • XML External Entity (XXE)
  • Insecure Deserialization
  • Security Misconfiguration
  • Broken Authentication
  • Sensitive Data Exposure
  • Using Components with Known Vulnerabilities

What are the benefits of having a WAF?

Some of the key advantages of implementing a WAF include:

  • Reduces the risk of downtime and data breaches
  • Monitor, control and analyse the web traffic
  • Provides real-time visibility into security events
  • Meet compliance with regulatory standards
  • Provides environmental security to deploy & deliver applications

The Cyber Security Practice of Tata Advanced Systems provides effective and unconventional WAF solution to help organizations protect sensitive business information and intellectual property from growing cyber-attacks.

For more information, connect with us at contactcs@tataadvancedsystems.com

Read More
Securing The Most Vulnerable Asset - Human

Humans are viewed as the most susceptible link in the People-Process-Technology triad. Despite having robust security solutions like Intrusion Detection Systems (IDS) or firewall, your weakest link could let attackers bypass the security controls. Cybercriminals always take advantage of the fact that people are more likely to create mistakes, which could be intentional, unintentional or lack of action. According to the Human Factor 2019 report, 99% of cyber-attacks require some level of human interaction to execute.

Trends like flexible working and personal device usage amidst the new normal have completely changed user behaviour. It has also observed that most of the employees do not restrict their family members and friends from accessing their work devices that may create a myriad of cybersecurity risks for organizations. That’s why most of the security professionals think that inattention among employees for security practices is putting the enterprises at risk. They believe that employees can easily misuse their access to reveal, erase or alter the business-critical information. As per the 2020 Data Breach Investigation Report from Verizon, 30% of breaches involve internal actors. This indicates and proves (at a great extent) that insider threats pose a significant risk to the cybersecurity of an organization.

How Cybercriminals Target Humans

Phishing, Social Engineering & Business Email Compromise are the most common cyber threats posing a serious concern for organizations globally. These attacks have a high success rate as humans are the first contact point. Let’s have a close look at each cyber threat.

  • Targeted Phishing attacks have increased at an incredible speed since businesses have started to continue operations remotely. The remote locations do not have adequate security measures in place to counter the ongoing threats, which make employees more prone to cyber risks. Cybercriminals are leveraging the current situation by flooding remote workforce with COVID-19 themed phishing emails intending to steal credentials, data and gain access to critical business resources. They are also imitating the most renowned brands like Apple, PayPal & Netflix to launch phishing campaigns.
  • Social Engineering is another common method used by attackers to target people and businesses. It involves human psychological manipulation to trick them into making mistakes like giving credentials to access corporate data/systems, providing critical information, etc. This attack generally happens in several stages. Initially, cybercriminals gather required information about the target through social media websites like Facebook, Twitter, LinkedIn, Instagram, etc. Then, they establish a relationship with the target. Once the trust is built, they communicate further to exfiltrate the data.
  • Business Email Compromise (BEC) is the most sophisticated form of phishing that utilizes social engineering tactics to manipulate and trick victims. The attackers implement techniques like display-name spoofing, domain spoofing and lookalike domains to execute BEC attacks. These attacks revolve around impersonation in which the attacker takes over the email account of someone the victim trusts. This could be a senior-level executive of the same organization or a trusted counterparty. When the victim receives the email, it seems like a legitimate & usual business request. Consequently, the victim processes the request without having any idea about what is going on in the backend.

How to Mitigate Human Vulnerability

Recommended security controls can be followed to mitigate the risk of employees becoming the victims of cyberattacks:

  • Initiate a security awareness program to enhance security, reduce errors and prevent damage to brand reputation.
  • Identify your VAPs (Very Attacked People) as they highlight significant areas of risk to the business.
  • Conduct a regular risk assessment of employees to mitigate cyber risks.
  • Provide in-depth security training to help employees recognize phishing emails and other growing cyber threats.
  • Encourage employees to follow best practices of proper password management.
  • Actively manage and monitor the privileged accounts of your organization.
  • Appreciate those who follow proper cybersecurity hygiene throughout the organization.

The need of the hour for organizations is to follow a people-centric cybersecurity approach that must include an effective security awareness program. Investment in the training of employees will make them aware of the increasing cyber threat landscape and help them to react accordingly if they are hit with a cyberattack. Also, improving cybersecurity understanding among employees will assist organizations to meet the regulatory compliance.

Read More
Don’t Get Phished in the Rising Tide of Phishing

Phishing is one of the escalating and hard-to-detect threats for all Internet users as it does not seem malicious at first look. Over the last few months, it’s frequency and intensity have increased significantly. Researchers from Barracuda Networks reported that COVID-19 related phishing attacks have increased by 667% since the end of February 2020. The cybercriminals are leveraging the amplified focus on COVID-19 to deliver malware and scam victims out of money. They are also using the renowned brands to trick people and steal sensitive information like personal data and login credentials. As per the Q1 2020 Phishing Report from Check Point - Apple, Netflix, Yahoo, WhatsApp & PayPal are the top 5 mimicked brands for phishing attempts.

This tremendous growth in phishing attempts is posing a great challenge for organizations as a majority of businesses are running remotely. Thus, organizations must understand different phishing techniques and thereafter make employees aware of them through proper security awareness training.

Different Phishing Techniques

Deceptive Phishing

This is the most common phishing attack in which attackers impersonate a legitimate organization to make victims believe that the received email is originated from an authentic source. Such emails come with a sense of urgency i.e. requesting users for immediate actions like log-in to change passwords, payment failure, etc.

Spear Phishing

It is an in-depth version of deceptive phishing that incorporates specialized information about the victim. For instance, it might include information of employees within an organization or personal details of the targeted entity. This helps threat actors to make victims believe that they have a  connection with the sender. Social media websites are common sources for attackers to get relevant information about the target.

Clone Phishing

In such phishing attacks, cybercriminals create an identical copy or clone of the legitimate, previously transferred email messages and then replace the attachment with a malicious file or link it to an infected URL. When the victim receives the infected email, it appears to come from the original sender. Therefore, it is much harder to detect than other common phishing attacks.

Whaling

This type of phishing attack is directed to target high-profile, senior-level executives of an organization with the aim of stealing money, sensitive information or gaining access to their computer systems. Cybercriminals masquerade themselves as a senior employee like Finance Manager or Board Member and send malicious emails containing relevant information gathered online to the target employees.

How Victim Gets Infected

                                                             

 

Data Compromised During A Phishing Attack

  • Personal Identifiable Information like complete names, residential addresses, birthdates, social security numbers etc. This could be used for identity theft.
  • Financial Information like credit/debit card numbers, bank account numbers, etc. Hackers can utilize this data to steal money and commit fraud.
  • Company Information like ongoing projects, partner & client information, sales database, etc.
  • Contact Numbers help cybercriminals to bypass the two-factor authentication as well as launch smishing campaigns.
  • Usernames and Passwords let attackers to login into your personal and corporate accounts and cause severe damage. 

How to Deal with Phishing

Recommended security controls for organizations to combat with the increasing phishing attacks:

  • Implement two-factor authentication (MFA) as it adds an additional layer of security while logging into critical applications or resources.
  • Use email filters to highlight high-risk email messages.
  • Implement Anti-Phishing or complete Email Security solutions to prevent phishing emails from reaching the inboxes of your employees.
  • Use a robust web application firewall to block malicious requests.
  • Conduct security awareness programs to keep employees aware of the possible threats.

Recommended security practices for employees to avoid falling prey to attackers:

  • Never click on links or download attachments from unknown or unauthorized sources.
  • Never send critical information like credit/debit cards pin or internet banking credentials over email or text.
  • Always look for red flags like generic greetings, spelling and grammatical errors, urgent action requests, wrong logo, etc in the suspicious emails.


The Cyber Security Practice of Tata Advanced Systems is constantly supporting businesses to transform their cyber defence and continue operations in a secured environment through its comprehensive cybersecurity services. 
To know more about our offerings, reach us at contactcs@tataadvancedsystems.com

 

Read More
Remote SOC: A Challenge for Security Professionals

As the COVID-19 outbreak has strained the global workforce to stay home, most of the organizations have established work from home policies to maintain business continuity and productivity. This immediate shift has raised challenges for the security operations team to stay connected and overcome the possible risks in this critical time. Since personal devices and networks are more prone to cyber-attacks, the global pandemic is giving C-Level executives as well as SOC managers sleepless nights.

CERT-In, in its latest advisory, notified that there has been a substantial rise in the number of cyberattacks on personal computers, routers and networks as most of the security professionals are working from home.

When it comes to the security operations center (SOC), it is important to discover how to achieve effective remote SOC operations. The only key to the success of this transformation (from on-site to remote) is “security”. Whether the teams are working on-premises or remotely, the basics of maintaining an effective SOC will remain the same.

Secured Devices

An on-site SOC is contained in an environment with advanced cyber as well as physical security measures because of the nature of the information resides in it. Since it is not possible to deliver the same set of security procedures to the team’s residence, remote SOC becomes a bit challenging. Therefore, each analyst’s device (including the home router) must be configured carefully and given secured access (preferably via VPN) to SOC resources.

Most security researchers believe that multifactor authentication must be implemented while requesting access to such critical resources. They also suggest that blacklisted IPs should be removed and monitoring tools must be retrained for new user behaviors.

Proper Communication

Communication and Collaboration are one of the most crucial parts of successful SOC operations. They become even more important when everyone operates remotely. The information must be shared regularly through collaboration tools used for group chats, conference calls, or videoconferencing. It is also vital to ensure that the information is shared over a secured platform, preferably, an internal platform as business-critical information cannot be shared over a public messaging platform. This will help in preventing the exploitation of intellectual property in case it gets compromised.

It is also important to ensure that your entire network is secured with a VPN as it encrypts the traffic and makes it difficult for the intruder to read.

A good communication plan could be:

  • Ensure that appropriate notifications are set up and reaching to the relevant teams
  • Ensure that the contact information of each team member is updated (including both work and personal phone numbers and email addresses)
  • Provide a contact matrix for information on who to contact on different issues that could arise

Update IR (Incident Response) Plan

As it is uncertain, how long WFH will continue, it becomes important to focus on response planning, adversarial threat modeling, and vulnerability/patch/remediation management. The senior executives and managers need to reassess the cybersecurity incident response strategies, particularly while triaging events and collecting artifacts.

How TASL Driving SOC Services Amidst Global Pandemic

We know that security is not the only thing that needs to be focussed while talking remote security operations center. Confidentiality, Integrity and Availability also need to be addressed at the same time. In the midst of this COVID-19 situation, we believe that every security analyst needs to be available and perform respective duties to keep SOC operational.

Our “Martial” – Next Gen SOC provides next-level assurance of protection and security in a world where cyber-attacks can now affect almost every aspect of our lives both personally and professionally. It embraces security controls like multi-factor authentication, strong encryption over data transmission, and real-time collaboration solutions that enables SOC professionals working remotely to support businesses to continue function and maintain productivity in this critical time.

We are dedicated to seamlessly improve your organization's security posture and make you future-ready against all advanced and complex threats, regardless of the circumstances.

Trust in us with confidence!!

Read More