TASL

Resources

Managing Cyber Risks in Energy Sector: A Key Challenge

A recent cyber-attack on the US popular fuel pipeline operator demonstrated that why cybersecurity professionals worldwide see ransomware as one of the biggest threats to public safety. This attack is a clear indication of how the frequency and complexity of cyber threats targeting critical infrastructures have amplified over the years. Earlier this year, anonymous hackers somehow got access to the Florida water treatment facility and altered the sodium hydroxide levels to an extremely hazardous level.

In short, these incidents showed that essential services providers are on the list of threat actors and more vulnerable than ever before. It would not be an overstatement if the growing digitization of such infrastructures is considered as one of the reasons behind the spike in cyber-attacks. Undoubtedly, modern digital elements have significantly optimized the effectiveness of energy systems. But, at the same time, the chances of cyber intrusions have increased manifold. Other reasons may include (but not limited to) legacy infrastructure and systems, nation-backed actors for cyber espionage, high returns for cybercriminals, etc. In a recent survey done by World Economic Forum, 49% of respondents reported that cybersecurity failures are one of the medium-term risks facing the world.

Security Practices to Keep Critical Energy Infrastructures More Secure

In order to mitigate potential risks and harness the full benefits of digitalization, organizations must work in accordance with the governments and redefine the security strategies of the critical infrastructures. New practices should be embedded to shape up the overall security.

Following are a few suggestions for critical organizations to ramp up their cybersecurity without hampering business productivity:

  • Build a strong cybersecurity governance model

Organizations must adopt a forward-looking approach, instead of following reactive measures, to ensure security. Establishing a robust cybersecurity governance model containing a comprehensive risk management approach, along with a complete set of management tools and a security awareness program, will assist organizations to address all of their cybersecurity needs. 

  • Increase the visibility of third-party risks (safeguard the supply chain)

Marginal flaws in third-party software or products may turn into critical vulnerabilities for your organization. Threat actors may target third-party vendors to penetrate your organization’s security infrastructure. Third-party risks may involve (but not limited to) operational risks, compliance risks, reputational risks, etc. Organizations must check and ensure that their supply chain vendors meet all necessary cybersecurity requirements. They should implement an effective defence plan that includes risk assessments and appropriate mitigations.

  • Test your response plans

Creating an incident response plan is key to mitigate the potential damage. But to check their effectiveness, organizations must conduct regular drills and exercises to look for security loopholes (if exists). Perform a detailed vulnerability scan to determine the potential systems likely to be targeted by the cybercriminals. Such practices help in identifying exactly what your critical weaknesses might be and what actions various personnel will need to take in the event of a breach.

  • Collaborate with other stakeholders in the industry

Industry-wide collaborations can help organizations to address the increasing cyber risks to a great extent. Sharing information regarding attackers and their tactics can reduce the potential risks and help other companies to prepare in advance to thwart them. Conveying data also builds trust among organizations, and sustaining such practices foster confidence in optimizing cybersecurity.

  • Educate Workforce

Companies must educate employees about the most common methods through which different malware, trojans or viruses are delivered. They must conduct security awareness programs, wherein the workforce should be made aware of the common phishing attacks and the steps to look and inspect anything that appears suspicious. Employees must be trained to counter any adverse situation to avoid any data breach or other malicious intrusion.

Towards The End

The cyber threat landscape for power generation companies has been rapidly evolving and expanding with more frequent cyber-attacks leveraging complex and sophisticated malware and other tools. One of the most challenging vulnerabilities to address is the supply chain risk. Organizations must prepare themselves in advance to address the ongoing wave of attacks. They should remain mindful of what is happening in cyber security and persist to work in order to reduce the potential vulnerabilities in their critical systems.

Read More
Morphing State of Cyber Security in APAC

The global cyber security climate is changing rapidly and dramatically as the digital interconnectedness amongst individuals and businesses continues to expand. And, the Asia-Pacific region is no different to get excluded from this shift.

Challenges like low cyber security investment, shortage of skills, and lack of security awareness are some of the contributing factors to the increased cyber intrusions targeting startups to popular business entities and critical infrastructures. According to recent research, over 80% of APAC organisations suffered a cyber attack in 2020. Ransomware, Clickjacking, Man-in-the-middle, Phishing, Social Engineering and Botnets are witnessed as some of the key threats to the organizations in APAC.

This diverse region greatly varies in terms of cyber security obligations and readiness. In the last few years, it is seen that organizations and governments have started speeding up their efforts in combating escalating cyber threats.

Let’s have a quick look at how the whole picture is evolving in some regions of APAC.

Emphasis on Cyber Regulations

India

As a result of the growing demands for regulatory developments in the ever-evolving cyber space, India is preparing to manage and drive the privacy and security of users’ personal data with its Personal Data Protection Bill (or PDP Bill) that is presently under review. This new bill is expected to establish regulations and principles around how personal information should be managed, and create an independent Data Protection Authority of India.

Furthermore, the bill is also likely to propose some changes like the provision of consent at the time of requesting for data and consumer rights to revoke the same consent; and penalties in case of violation of the applicable laws.

Japan

In view of the increased regulatory oversight into data protection, Japan has made tremendous efforts to improve general privacy compliance and cyber security. It has drafted a revised version of the previous Act of the Protection of Personal Information (APPI), which introduces compulsory Breach Notification in the event of a data breach, and is likely to impose compliance requirements (e.g. users’ consent) to organizations while gathering customers’ personal information.

Also, the revisions have proposed to elevate the maximum fine to JPY 100 million in case any entity fails to comply with the applicable law.

Singapore

To stay on top of the increasing cyber threats and prevent the unauthorized disclosure of personal information, the Singapore government has enforced an effective Personal Data Protection Commission (PDPC). However, there are still some amendments that are pending, which upon approval will impose the following:

  • Minimum fine of SGD 1 million or 10% of turnover if any entity fails to comply with the applicable law
  • Obligations to report PDPC (within 3 days) and individuals affected in case of any security event
  • Must conduct an assessment of any suspected data breached

Australia

In 2020 some changes were proposed to the Australian Privacy Act, including increased fines for breaches of the privacy act, extension of personal information (e.g. location data, IP addresses and device identifiers), changes in the consent notification (needs to be more concise, easily accessible and available in plain English), providing users with the right to bring actions against organizations (subjected to the Australian Privacy Principles (APPs)) due to interference with their privacy, etc.

Greater China

The government has introduced an updated version of the previous Multi-level Protection Scheme (MLPS 1.0). This new version, MLPS 2.0, covers all organizations (including critical infrastructures) that operate a network wherein processing of data is involved. It defines 5 main levels of minimum security requirements based on the sensitivity of the industry and the type of information that the enterprise deals with. Each level calls for separate assessment requirement. Level 1 entities will only require a self-assessment, while all above Level 1 will need a third-party assessor.

Additionally, the financial penalties imposed can be RMB 1 million (maximum) in circumstances where highly sensitive data is breached. Also, this version will be applicable to all companies operating within Mainland China.

Cyber Security Market Growth in APAC Region

According to a recent survey from Mordor Intelligence, the APAC cybersecurity market was valued at USD 30.45 billion in 2019, and it is expected to register a CAGR of 18.3%, from 2020 to 2025. The contributing factors include:

  • Increasing penetration of the internet into developing and developed countries
  • Growing wireless network for mobile devices
  • Increasing trend of malware and ransomware in the context of COVID-19

Towards The End

Businesses of all sizes worldwide must understand that they cannot ignore the threat of cyberattacks in this increasingly digital age. They should plan strategically in advance to surf against this rising tide of threats and start exploring and adopting more sophisticated cyber security solutions, imposing better security controls for personal devices and setting up communication policies in the event of a security breach.

 

 

 

References:

https://www.welivesecurity.com/wp-content/uploads/2017/10/State-of-cybersecurity-in-APAC_Small-Businesses-Big-Threats.pdf

https://www.munichre.com/topics-online/en/digitalisation/cyber/evolving-cyber-regulations-in-asia-pacific.html

https://www.mordorintelligence.com/industry-reports/asia-pacific-cyber-security-market

https://securitybrief.co.nz/story/more-than-80-of-apac-organisations-suffered-a-cyber-attack-in-2020-study

Read More
5 Ways to Keep Your Organization Safe from Data Breaches

5 Ways to Keep Your Organization Safe from Data Breaches

Data breaches have become so frequent now that it easily gets lost in our daily feed.  Almost every single day, we are witnessing a plethora of data being exposed and published over darknet forums. Nearly 36 billion records were exposed in the first half of the year 2020 (Source: RiskBased). The consequences of such incidents are way beyond financial losses, damaging the brand’s reputation and consumers’ trust. high-profile data breaches, in recent times, have made organizations take a stand and put data security on top priority.

In this insightful information array, we will look at five effective ways on how to prevent data breaches.

  • Vulnerability Management

Companies can mitigate the chances of a successful data breach by employing/outsourcing dedicated experts and tools for vulnerability management. Continuous monitoring of IT assets and security measures help in identifying vulnerabilities and misconfigurations, and fixing gaps before they are exploited by cybercriminals.

 

  • Regular Audits of Security Posture

As compared to vulnerability assessment & penetration testing, Security Audits thoroughly assess and validate the entire security policies of an organization by determining potential new gaps in compliance or governance.

Security audits may end up in common questions, like:

    • Does your organization have documented information security policies?
    • Do you have an incident response plan ready in case of security breaches?
    • Do you have network security mechanisms in place (next-gen firewalls, IDS/IPS, EPP, etc.)?
    • Do you have a security and log monitoring setup?
    • Are there encryption and password policies?
    • Are applications tested for security flaws?

 

  • File Usage & Access Policies

Illegal redistribution and imitation of sensitive corporate information are some of the major factors behind data breaches. It is important to understand that not every employee needs unrestricted access to your network, resources, and other critical assets. Enterprises must define file usage and access policies (can be done through Digital Rights Management solution) to get real-time visibility of data at rest, in transit and at work; limit access to critical data and restrict actions that can be performed by a specific user.

 

  • Multi-factor Authentication

Since threat actors have become more complex and advanced, businesses need to strengthen security by combining additional mechanisms with traditional methods. Passwords are no longer enough to keep accounts secure as hackers can sneak in using methods like phishing, brute force, dictionary attacks, etc.

One of the best ways to keep intruders away is Multi-factor Authentication. It complements existing security methods with additional features where logging in to a system or application requires entering a code, which is sent to your registered mobile number in the form of text. The best part is that the user will not be able to access the requested resource until the confirmation code is entered.

 

  • Training to Employees

More than 90% of cyber attacks or breaches originate from Humans as they are the first line of defence. Hence, it is imperative for organizations to help them understand the basics of how to remain cautious while working and dealing with corporate data. Enterprises can consider training on the following:

    • Usage of various, unique passwords on different systems and devices used for work purposes
    • Implement a documented system for departing employees, vendors and contractors for passwords, key cards, laptop access, etc.
    • Importance of reporting suspicious data security leakage or data security breaches
    • Create a policy that describes how employees should handle, dispose of, retrieve, and send data

Towards The End

Threat actors may evolve and become more complex over time, but basics will remain the same for enterprises to be secure. Following proactive measures and implementing suggested controls can help organizations to prevent data breaches, as well as to safeguard the integrity of their sensitive resources to a great extent.

Read More
Feed Your SOC with Advanced Threat Intelligence

Why SOC Needs Threat Intelligence?

Growing security threats and the rising volume of related data are making the job of a Security Operations Center (SOC) cumbersome. In a survey conducted by Ponemon Institute in 2019, 53% of respondents reported that their SOC is ineffective at gathering evidence, investigating, and finding the source of threats. There may be several reasons for it. For instance, SOC professionals go through a heap of tasks that include log monitoring, incident response, compliance, alert management, recovery and remediation, root cause investigation, and much more. As a result of which, the number of tasks SOCs have to deal with is overwhelming, which in turn, making it difficult for the security teams to swim through the flood of alerts and prioritise them accordingly.

Threat Intelligence – Utilizing Different Types of Threat Data

In order to turn the tide, organizations need to provide their SOC with some “threat intelligence” that can act as an antidote to most SOC analysts’ troubles. With the help of Advanced Threat Intelligence, an organization can successfully withstand evolving threats, enable a more productive and engaged workforce, and fill the gap between end-user expectations and experiences, as well as enable SOC teams to work faster and smarter.

Threat intelligence provides organizations with valuable insights into the situational and contextual risks and the knowledge to effectively correlate data from several distinct sources to anticipate attacks before they occur. It helps SOC analysts to address the three most commonly faced issues:

  • Lowering the overwhelming volume of alerts

Due to alert fatigue, SOC analysts are often unable to review and investigate all the alerts on their own. They either chase false positives or ignore alerts.

  • Prioritization of incoming alerts

A major portion of the time spend by SOC analysts goes into responding to alerts generated by internal security systems, such as SIEM or EDR technologies. Determining if an alert is relevant and urgent requires gathering related information (context) from a wide variety of internal system logs, network devices, and security tools, and external threat databases. Searching all of these threat data sources is time consuming.

  • Collection of data from multiple sources to get the finest picture of an event

Threat intelligence provides organizations with valuable insights into situational and contextual risks. These insights are very useful while assessing organizational vulnerabilities and often leads to finding infection vectors as well.

Benefits

Advanced Threat Intelligence plays an important role in improving the effectiveness of the SOCs of organizations of all sizes. It helps in processing the threat data to better recognize the attackers’ TTPs, identify high-risk targets, respond quickly to security incidents, etc. In simple words, it is defined as evidence-based knowledge. With all such information in hand, an organization can tailor its defence and go way ahead of the cybercriminals.

Let’s explore some key advantages of embedding advanced threat intelligence in the first line of defence.

  • Provides in-depth information on what threats are most likely to affect the organization
  • Exposes attackers’ motives and their TTPs to help security teams make better decisions
  • Empowers security professionals to understand threat actors’ decision-making process
  • Helps business stakeholders to invest wisely to mitigate risks and become more efficient
  • Improved focus on protecting high-risk targets
  • Quickens investigations for the incident response team
  • Improves response time and remediation efforts

Towards The End

Modern day’s threat actors utilize tactics and techniques that can wreak havoc in a very short period. These cybercriminals have a far reach irrespective of industry vertical or infrastructure classification. Taking this into account, we must implement a comprehensive threat intelligence program that allows organizations to aggressively address the constantly changing threat landscapes as a combined effort.

Read More
THINGS CISOs NEED TO CONSIDER WHILE EMBRACING DECEPTION TECHNOLOGY

Deception is not a new concept for organizations and security professionals. It is being implemented since the late 1990s in the form of “Honeypots”, aiming to deceive threat actors. However, things have now changed to a great extent. Today’s deception technology offers a lot of guarantees, particularly when it comes to early and effective threat detection and mitigation. The best part is that it does not create any false positives and provides deep visibility across all the endpoints.

But to make a successful implementation, CISOs and other C-level executives need to note a few points owing to the secretive nature of the deception technology.

Let’s review these points.

  • Prepare a list of critical assets that you want to protect

You will require a well-defined strategy to achieve your security goals with respect to the deployment of deception technology. List down all the sensitive assets that may include (but not limited to) servers, users, files and databases, which you want to secure against malicious activists. This should be the first step in your action plan while integrating the deception in your security infrastructure.

  • Proactively identify the routes an attacker can follow to invade

As deception is an active defence strategy, it is important for security teams to get a deep understanding of the attackers’ modus operandi. Let your in-house or external red team to launch simulated attacks targeting resources that want to protect. This will help organizations to determine the potential paths a threat actor can utilize to penetrate the network. Also, you can measure the efficacy of your blue team and the deployed deception technology.

  • Be ready with a set of incident response plan

Since deception has a very low rate of false positives and provides real-time alerts, it is vital for organizations to be ready with an incident response plan for responding swiftly to deception alerts. This can reduce the impact of a breach to as much low as possible.

  • Customize the decoys as per your environment

You can maximize the chances of deceiving and catching an intruder by customizing the decoys according to your environment. Turn your network into a trap with realistic-but-fake decoys, breadcrumbs and lures to misdirect attackers into engaging and revealing their presence. By doing so, you are assisting your security professionals to detect an attack in its early stage and gather threat intelligence and indicators of compromise.

  • Ensure that decoys must look real

If a decoy is not fooling you, it cannot deceive any intruder. Make sure the deployed decoys appear as real as possible so that your own in-house/external red team should fall for them during the simulated attacks. The success of the deception technology completely depends upon these decoys.

 

Towards The End

In addition to the most advanced and mature security controls, organizations can employ deception technology to quickly discover what’s lurking inside their environment. Deception has proven to be more effective in detecting in-network threats, lateral movements, privilege escalation, data theft and ransomware, and hence is turning out to be an ideal technology solution.

Read More
Cyber Security Training: Time to Activate Your Human Firewall

“As cybercriminals keep updating and embracing new tactics, tools and procedures to invade, the global workforce also needs to be apprised to security.”

At the moment, cyber security training and awareness have become more important than ever for organizations. This topic has marked its seat in the board room discussions, specifically, when it comes to phishing attacks.

Companies have started investing in the training of their employees, instead of just focusing on the implementation of new security controls. In a recent survey done by Lucy Security in July 2020, around 96% of organizations agreed that cyber security awareness contributes to achieving a higher level of security. Furthermore, growing instances of data breaches and reputational damage across the globe are also encouraging enterprises to re-evaluate their security strategies and employees’ cyber behaviour.

From Where To Start?

When it comes to efficient cyber security, the organizations must find answers to the following questions:

  • Does each person in the organization know its cyber security responsibilities?
  • Are cyber security roles appropriately assigned?
  • Is there any structure for cyber security training and awareness in the organization?

Assess Your Workforce

Cyber security threats can come in any form or disguise – it could be an insider or external entity. Also, humans errors are accounted for a majority of security breaches. So, it becomes more crucial to conduct a comprehensive assessment of your workforce (before beginning the training) to check their level of awareness and knowledge.

This assessment can provide organizations with a brief about how employees’ react to adverse situations, which could be anything ranging from a phishing attack to social engineering. They can even identify if employees are following safe password practices or using same and weak passwords on multiple applications.

Plan Training Post Assessment

Once the assessments are done and results are analysed, companies can program and schedule the cyber security training and awareness sessions accordingly. Results can help them to determine the most relevant topics that can be prioritized and focused during the session. The training areas may include (but not limited to) the following:

  • Social Engineering
  • Phishing
  • Strong Passwords
  • Identification of Security Risks
  • Compliance Issues

This assessment is expected to help organizations a lot as an effective security approach should not be limited to what an employee must know, instead, it must also focus on what they should do. Such assessments should be done for all employees at every level inside an organization.

Encourage Cyber Security Awareness & Training as Culture

Creating and maintaining a cyber security culture within an organization is a continual process that needs to be executed in a timely manner. It is not mandatory to use high-tech solutions always, “awareness and training programs” can help you in getting started with the process. You just need to make it interesting for people, which can be done through different communication channels. These channels may include, but not limited to:

  • Monthly campaigns with powerful slogans
  • Creating some exciting videos
  • Useful blogs highlighting security awareness
  • E-newsletters for quick sharing of information
  • Creative banners or posters displaying security tips
  • Monthly workshops with real-time simulation

Benefits of Conducting Cyber Security Training

The efficacy and success of any training program depend on how it is implemented. A well-designed cyber security training session can elevate the level of the overall security and reduce the chances of a potential cyber attack.

Let’s have a look at some other advantages of an effective cyber security training program.

  • Incorporates security values into the roots of your business
  • Minimizes the probability of a successful security breach
  • Helps in achieving regulatory compliance and improving the audit results
  • Strengthens the cyber security posture
  • Boosts relation with customers and partners

Towards The End…

As cyber threats are evolving rapidly, our dependence on cyber security has soared accordingly. Increased usage of internet and mobile devices have made us more vulnerable than ever before. If we talk about the businesses, a single cyber security breach can cause irreversible damage and bring a company to its knees. Therefore, security awareness and training programs have become vital for organizations. Educating the workforce about different threats can reduce the risks to a greater level.

Read More
Evolving Terrain of Cybersecurity for SMBs

“No businesses are trivial for cyber-attacks.”

We often see small businesses falling victim to cyber-attacks as a majority of them feel that they will not face any such incident and hence do not adopt a proactive approach when it comes to cybersecurity. As a result, the number of cyber-attacks targeting SMBs has seen consistent growth in the last few years. And, this is one of the reasons why around 60% of small organizations fail to recover and go out of business within six months after falling victim to cyber-attacks.

Common Security Strategies Followed by SMBs

SMBs often follow different cybersecurity practices to protect their confidential data and brand reputation, most of which are economical and simple to apply. As per the industry reports, some most common cybersecurity approaches followed by small businesses include the usage of strong passwords, implementation of data encryption techniques, limiting employee access to data, 2-factor authentication, etc.

Security Threats Faced by SMBs

Unlike large organizations, SMBs face a lot of complex cyber threats. Phishing emails are the top and most damaging threats faced by small and medium-sized organizations. They are accounted for a majority of cyber-attacks as such emails are highly difficult to recognize. As per Verizon’s 2020 DBIR report, phishing accounted for 30% of breaches encountered by small organizations, accompanied by more key threats such as stolen credentials (27%) and password dumpers (16%).

Some other leading threat actions involved in SMBs’ breaches include:

  • Exploiting Vulnerabilities
  • Skimming
  • Ransomware
  • Brute Force
  • Misconfigurations
  • Data Mishandling

In addition to the above-listed threats, SQL injection has now become a popular attack vector as companies of all sizes have started developing and utilizing data-driven websites. These attacks, if executed successfully, can allow threat actors to steal, alter or delete business-critical information. Also, Denial-of-Service (DoS) and Man-in-the-Middle (MiTM) can never be placed out of the list when it comes to attacking an organization, particularly, SMBs.

Revamping Security in 2021

SMBs are turning their attention towards cybersecurity after a significant increase in the number of reported frauds and cyber-attacks. As per the 2020 State of SMB Cybersecurity report, 77% of SMBs are worried about cyber-attacks within the next six months, while 73% plan to invest more in cybersecurity in the next 12 months. The report also highlighted that more than half (52%) of SMBs surveyed lack the in-house skills required to effectively address security problems, and 57% lack cybersecurity professionals in their organization. It is important to notice that only 43% of SMBs are currently outsourcing all or the majority of their cybersecurity requirements. But then, 91% responded that they would consider moving to a new “MSSP” if they are provided with the right security solutions.

Let’s now glance through some effective methods that can help SMBs to ensure a safe working environment in 2021.

  • Perform Regular Audits: SMBs should conduct security audits at particular intervals to look for red flags, which indicates your systems have been compromised. It helps security teams to fix and remediate the loopholes and prevent future cyber-attacks. Also, conducting security audits helps in maintaining compliance with different industry regulations like PCI-DSS, HIPAA, etc.

 

  • Ensure Cloud Security: SMBs are swiftly turning to the cloud to grow their business and welcome benefits like easy access to resources, increased productivity and greater flexibility. They must choose cloud platforms and applications that offer the maximum level of security and have in-built defences to protect against vulnerabilities.

 

  • Investment in VPNs & Firewalls: SMBs should consider implementing more security products like VPNs and advanced Firewalls. Firewalls are generally considered as the first line of defence. VPNs have also played a critical role in allowing employees to safely connect to critical networks during the pandemic. Now, organizations must re-assess their VPN solutions and resolve issues which may have surfaced during the remote work.

 

  • Cybersecurity Training: Not every attack is a result of brute force attempts; instead human errors are accounted for a majority of cyber-attacks. SMBs should conduct training sessions to promote cybersecurity awareness and encourage employees to follow safe practices like using strong passwords, paying attention to anonymous emails, installing the latest system/application updates, etc.

 

  • Look For Mobile Malware: As cyber-attacks targeting mobile devices are increasingly becoming popular, SMBs need to draft mobile usage policies and security solutions like Mobile Device Management (MDM) to protect their critical data, internal systems, software and networks.

 

Towards The End…

As we move forward into 2021, the priorities to ensure a cyber-safe working culture will evolve. SMBs need to recognise the threats emerging in modern cyberspace. Tackling cybersecurity challenges can be daunting for SMBs but they can keep their infrastructure safe from cybercriminals by using advanced security controls, or outsourcing MSSPs. With support from MSSPs, SMBs can successfully address potential cyber threats and maintain their business continuity.

Read More
Cybersecurity in 2021: Plan Now To Confront Future Challenges

As 2021 has come close to our doors, it is an opportune time for companies to relook and set an effective strategy to navigate through the cybersecurity challenges in the coming year. All the C-level executives must brainstorm to effectively deal with concerns such as meeting regulatory compliance, keeping pace with emerging trends and technologies, preparing a strong incident response and remediation plan, and creating policies to securely manage critical data throughout its lifespan. All these tasks need to be accomplished while keeping in mind the security of sensitive digital assets, which becomes even more difficult when we all are in the midst of a pandemic. It is important for organizations to set their goals and priorities regarding the cybersecurity challenges right from the beginning of the new year.

Let’s discover some promising ways that can help in mitigating cybersecurity risks and strengthening the IT infrastructure in 2021.

  • Focus on Cloud Security

Cloud migration has increased incredibly in 2020. As per a report from the Synergy Research Group, global spending on cloud infrastructure services increased 33% in Q2 2020 over the same period in 2019 to $30 billion. During this pandemic, the velocity of creating digital-native business applications and services has greatly enhanced as enterprises are preparing themselves for survival in the post-pandemic period.

In 2021, organizations must look for misconfigurations and human errors, implement strong practices for container security, and meet compliance with industry regulations such as PCI, HIPAA, GDPR, etc. Companies should adopt and execute such a cloud security strategy that accelerates significant workplace transitions, to incorporate constantly increasing remote workforce. They can also prioritize Privileged Access Management (PAM) & Identity Access Management (IAM) to provide the least privilege access to the confidential data. Also, investment in Zero Trust Policy and Micro-segmentation will be a good option for cloud security.

  • Look for Insider Threats

Insider threats are one of the biggest drivers of the security risks faced by organizations as an insider has all the necessary rights required to assess the company’s critical assets. Identification and detection of malicious insider activities is a daunting task as companies often lack the ability to detect such unusual activities within their premises. According to a report by Forrester, it is expected that internal incidents will be accounted for 33% of data breaches in 2021.

Organizations should consider insider threat defence in order to prevent such incidents while being cautious not to degrade employees’ privacy, company’s culture and standards for labour practices. They can follow the below-mentioned security procedures to mitigate insider threats:

    • Conduct regular risk assessments
    • Create and document security policies such as account management, user monitoring and password management policies
    • Invest in security software like endpoint protection, intrusion detection and prevention and traffic monitoring
    • Strengthen the network security
  • Add Multi-factor Authentication (MFA)

Throughout 2020, data breaches remained at the top of the headlines across the globe. Malicious activists have gained incredible success in stealing sensitive business data with the help of stolen usernames and passwords, which are now easily available on underground marketplaces like Dark Web. Threat actors take advantage of the fact that most of the users still do not select strong and unique passwords for their accounts.

MFA reduces the risk by providing additional security methods, apart from username and password, such as One-Time Passwords (OTPs) that you often receive via emails & SMS. It is expected to be a crucial factor in protecting a user’s identity and preventing unauthorised account accesses. As per a recent report from MarketWatch, the global Multi-Factor Authentication (MFA) market size is expected to reach USD 32110 million by the end of 2026, with a CAGR of 19.6% during the forecast period (2021-2026).

  • Keep an Eye on Human Vulnerability

In 2021, enterprises must keep a sharp eye on the security of their workforce against the growing and evolving social engineering and phishing attacks. CISOs and other security leaders need to focus on and improve the casual attitude of employees towards cybersecurity in order to reduce the occurrences of data breaches and cybersecurity attacks.

It will be vital for organizations to look into cybersecurity education and training of their workforce, particularly when remote work is being followed globally. Employees should be made aware of the basic practices such as the creation of a strong password and double-check the URLs (embedded in emails) before clicking on them.

  • Review Data Security & Privacy Policies

In 2021, the data privacy landscape will remain in the spotlight. With the increasing focus on compliance with industry regulations, organizations will be looking forward to the security and privacy of data more seriously than ever. Classifying data as public, private and confidential is not sufficient enough to avert data breaches. Companies often provide employees with access to data that they do not need, and hence they are more likely to face a data security incident.

Strong data access controls and policies should be considered as one of the top priorities in 2021 in order to ensure the security of critical business data. Solutions, like email security, can be viewed and implemented to keep a check on what data is being transferred or received to/from outside the organizational perimeter. Companies must regularly review policies to track how their critical information is being stored and update authorizations on a regular basis.

Read More
Cybersecurity Preparedness – Lessons We Learnt In 2020

To call 2020 a year filled with unprecedented challenges would not be an overstatement. Right from the eruption of COVID-19 pandemic to a comprehensive list of disruptive cyber-attacks, 2020 has engendered enormous concerns to enterprise cybersecurity teams. While these cyber-attacks have caused terrible damage to many organizations globally, they have also presented several key lessons for cybersecurity and information security professionals moving forward. By taking into consideration these lessons, enterprises can augment and strengthen their security posture against the rising wave of cyber threats.

Now as we move towards a new calendar year, let us have a look at some critical areas that need to be looked after cautiously.

Data Security is Crucial

As per a recent report from Risk Based Security, the number of records exposed through the end of September 2020 has increased to 36 billion. Two breaches in Q3 leaked more than 1 billion records and four breaches exposed over 100 million records, which together accounted for approximately 8 billion exposed records.

Therefore, companies must look to protect their sensitive data in all forms i.e. at rest, in motion and in use throughout its lifespan. They should ensure data integrity, security and consistency by heeding advanced security controls like robust encryption policies that can help in reducing the impact, to some extent, if data is exfiltrated or stolen. They can establish a data governance program to manage the flow of critical information across the organization. This program may include (but not limited to) the below points:

  • Assigning roles and responsibilities for managing and monitoring the consistent and effective management of the data assets
  • Identifying who can take what actions, with what data, under what circumstances
  • Establishing different security levels for different categories of data like highly sensitive, moderately sensitive and publicly available information

Check For Vulnerabilities

Threat actors discover and exploit vulnerabilities in order to penetrate corporate networks and infect critical resources with malware, Trojans and worms. Organizations must seek to identify and address the existing security gaps through vulnerability assessments that should be followed as a continuous practice performed at regular intervals. Such assessments have become more important than ever as employees have started coming back to their offices after a long break of remote working. Safety practices such as patching vulnerabilities and reviewing security settings will play a key role in mitigating cybersecurity incidents.

Cybersecurity Awareness & Training for Employees

As humans are more likely to create errors in comparison with digital assets, threat actors primarily target them using popular techniques like Social Engineering and Phishing. So far, we have witnessed several instances where cybercriminals leveraged human vulnerability to cause damage and gain huge profits.

Did you know that around 22% of breaches in 2019 involved phishing? (Source: Verizon DBIR 2020)

In 2020, the phishing attacks have continued to explode. As per the APWG’s Trend Report Q3 2020, around 199,133 unique phishing websites were detected in September. The report revealed that Saas & webmail sites were the most targeted industry sectors in Q3 2020. The most noticeable thing is that 80% of phishing sites were protected by the HTTPS encryption protocol.   

Therefore, enterprises must mitigate the probability of human errors through regular training and awareness sessions. Improving awareness will not only enhance cyber hygiene and reduce cyber risks, but also help in cultivating cybersecurity culture within organizations.

Look For Ransomware

Ransomware has been the most prevalent cyber-attack faced by organizations across the world in 2020. As per a recent report by SonicWall, ransomware attacks globally have increased by 40% to reach 199.7 million in the Q3 2020. Enterprises need to remain careful and can follow the below-mentioned practices to ensure their safety:

  • Encourage employees to avoid clicking on the unknown URLs
  • Create data backup
  • Avoid disclosing personal information to unknown calls, texts or emails
  • Promote usage of anti-virus/anti-malware software
  • Conduct security awareness sessions

Be Ready with Incident Response Plan

Companies should follow a proactive approach while preparing themselves to defend cybersecurity incidents. This approach can help organizations to protect their critical data, brand reputation, customers’ trust from getting impacted by malicious activities. An Incident Response plan may include (but not limited to) some key phases including preparing a plan to prevent and respond to events, identify incidents and its severity, containment of the incident before it causes damage, addressing the root cause of the incident and restoration of systems to normal operation.

Towards the End…

Cybersecurity is not an overnight process. It is an ongoing practice that takes time and continuous efforts. This COVID-19 crisis has taught us the reason behind why we are at risk. And that is, we are not enough prepared. We often wait for things to happen and then react accordingly. To stay safe and secure, organizations need to follow a proactive approach and invest in their security infrastructure to prevent themselves from falling short to evolving, complex cyber threats.

Read More
Vulnerability Assessment: Increasingly Becoming Top Priority for C-Suit in The New Normal

Conducting an assessment to look out for vulnerabilities existing within the networks, applications or infrastructure has always been an ideal approach to safeguard your organization against evolving and complex cyber threats. And, doing so on a regular basis takes an organization far ahead of the reach of cybercriminals.

But, during these uncertain times when businesses have adapted to a remote working model, the attack surface has exploded to a large scale. After which, Vulnerability Assessment (VA) has now surfaced as the core requirement of the CISOs, CIOs, COOs and other C-level executives. The reason behind the expansion of the attack surface and growing demand for security assessment includes:

  • Introduction of Personal Devices: Most employees were not provided with company-issued laptops or computers to continue work from home. Consequently, they were using their own devices to access corporate resources and data that may have vulnerabilities or already been compromised. Also, they have made a huge dependency on web conferencing & collaboration tools like Zoom, Microsoft Team Meeting, Google Meet, etc. for daily operations. Throughout this global crisis, threat actors have leveraged such platforms to deceive people and compromise their devices.
  • Migration to Cloud: Owing to the current pandemic, organizations have promptly moved to the cloud to accommodate remote workforce requirements. But this swift movement has also opened them to multiple risks including configuration errors, vulnerabilities within the applications, security oversight issues, etc. As per the Cloud Threat Landscape Report 2020, any unauthorized access to cloud assets can result in losses of more than $50000 in less than one hour. Also, over one billion records were stolen in 2019 due to misconfigured cloud servers.   
  • Insecure Home Networks: Home networks often lack sufficient security measures that are required for a secured connection with corporate resources. For instance, it does not include intrusion prevention systems, advanced firewalls (say WAFs), etc. This may allow cybercriminals to enter into and get access to critical corporate data and applications. As per a report from BitSight, it was found that home networks are 3.5 times more expected as compared to office networks to be infected by malware. Threats like Mirai malware and Trickbot were observed 20 and 3.75 times, respectively, more frequently on home networks in comparison with corporate networks.

How Vulnerability Assessment Helps

As the new normal has begun, businesses are recognizing the need for a proactive approach to detect and remediate the security flaws (if any) to prevent threat actors from causing havoc and stealing sensitive business-critical data. The VA provides a clear picture of the effectiveness of the security controls in place. It enables organizations to fill the security gap in their security posture before getting exposed by the cybercriminals. An effective VA can yield several benefits including:

  • Find known security vulnerabilities before attackers exploit them
  • Discover all the critical assets present on the network, including vulnerabilities associated with each asset
  • List of required future upgrades
  • Define the level of risk
  • Prepare a well-defined response plan

Outsource Vulnerability Assessment Services

Typically, it is often seen that organizations prefer to have their in-house vulnerability assessment team. An in-house team has its business advantages like it has a better understanding of the systems being assessed, and availability as per the company’s schedule or requirement. But due to the lack of skilled resources, it is somewhat difficult to find the right talent and create your own VA team. Alternatively, businesses can outsource security teams to conduct VA in their environment. It saves time and efforts that can be further utilized in other business functions. It can also help CISOs and CIOs to reduce dependency on internal resources, improve prioritization of human assets, meet compliance with different industry regulations, etc.  

How Market is Shaping

As per a report from MarketsandMarkets,  the global Security and Vulnerability Management market is predicted to increase from USD 12.5 billion in 2020 to USD 15.5 billion by 2025, with a Compound Annual Growth Rate (CAGR) of 4.5%. The contributing factors include growing cyber awareness among developing economies, soaring mandates for adhering to regulatory compliances across organizations in different verticals, growing volume of cyberattacks such as phishing, ransomware, DDoS and malware. According to an estimate by Cybersecurity Ventures, the global annual cost of cybercrimes will reach USD 6 trillion by 2021.

Conclusion

Rather than a quinquennial review process, Vulnerability Assessment should be viewed as a continuous process performed after regular short intervals. An in-depth understanding of the potential security risks within the security posture of an organization can aid C-level executives and their security teams to effectively manage business operations in the new normal while reducing the risks of being compromised. Conducting assessments, along with the implementation of appropriate security solutions like Zero Trust and Privileged Access Management will expand the security capabilities of businesses and help them to stay on top of the vulnerabilities.

If you are looking to assess and revamp the security posture of your organization, connect with us at contactcs@tataadvancedsystems.com or visit at https://www.tataadvancedsystems.com/cybersecurity.php

Read More

Subscribe To Our Resources