In an exclusive interaction with Express Computer, Akshat Jain, CTO & Co-founder, Cyware talks about the current trends in cybersecurity and explains preventive strategies against cyber threats.
Some edited excerpts:
How are cyberwars a major concern in cybersecurity?
Geopolitical conflicts in the real world are now spilling into cyberspace as state-backed threat actors target critical infrastructure entities to cause disruption or for espionage purposes. Many public and private sector organisations are getting caught in the crossfire of such cyberwars, leading to loss of data, service outages, reputational damage, financial theft, and more. Nation-state actors come with immense technical skills and resources at their disposal and they actively share attack vectors, malware, hacking tools, and their tactics, techniques, and procedures (TTPs) with other groups to make their attacks more effective. On the other hand, organisations are often left to defend alone against such capable adversaries. Therefore, security teams need to factor in the potential threats originating from nation-state actors and shape their strategies, accordingly.
Please share some current cyber-attack patterns and how we can avoid them?
Ransomware threats have evolved a lot over the past few years and have become a major threat for organisations of all sizes and across all industry sectors. Ransomware gangs now threaten their victims by not only encrypting their data, but also leaking it publicly and even engaging in name-and-shame tactics in some cases. These double-extortion and triple-extortion tactics adopted by ransomware gangs necessitate a proactive approach to stop such threats at an early stage by leveraging threat intelligence insights regarding their tactics, techniques, and procedures (TTPs).
Another significant threat that has come into the limelight lately is that of hardware and software supply-chain attacks. Threat actors are finding clever ways to reach their actual targets by first compromising those who provide critical hardware or software to them and then laterally moving on to their target network. To counter this threat, organisations need to work together with their vendors, business partners, information sharing communities (ISACs/ISAOs), national CERTs, and other stakeholders to prevent threats that could hurt the entire ecosystem. Through real-time threat information sharing and cybersecurity collaboration, organisations can collectively curb such threats affecting their ecosystem.
What are some of the emerging technologies like AI/ML, RPA, and automation helping to combat cyber threats?
Like solving crime in the real world, analysing cybercrime also requires tons of data and analysis of different clues to reveal the whole picture of the who, when, how, and why of a security incident. Artificial Intelligence (AI) and Machine Learning (ML) technologies are helping security teams connect the dots between seemingly disparate malware, vulnerabilities, incidents, assets, and other elements to uncover hidden attack patterns and understand threat actor behaviour in a granular way. This allows them to analyse the true impact of any security incident, and prioritise threats based on contextual factors for a streamlined response. It predicts and preemptively counter the moves that can be made by threat actors, so as to prevent them from accomplishing their malicious objectives.
AI and ML technologies are also being applied to threat intelligence scoring to separate relevant and actionable intel from the rest of the collected information. This improves the signal to noise ratio in threat intel collection and facilitates faster operationalisation of the actionable threat intel. On top of this, ML algorithms can be leveraged to correlate Indicators of Compromise (IOCs) and the Tactics, Techniques, and Procedures (TTPs) employed by threat actors with historical data to map attack campaigns and enable attribution of incidents to specific threat actors.
Another major area of innovation in security operations comes from the use of security orchestration, automation, and response (SOAR) technology which brings the power of machine-driven, cross-functional orchestration workflows to automate a wide range of security processes. This eliminates the need for manual intervention in many kinds of threat analysis, containment, mitigation, and response activities conducted by security teams on a daily basis. It saves time and resources for security teams, allowing them to focus their energy on the most critical threats they face, and shorten the time taken to detect and respond to an incident.
Is there a growing demand for cyber security professionals? If yes, how can we meet this growing demand?
Cybersecurity professionals are the front-line defenders of an organisation, therefore, their importance cannot be understated. Due to the growing cybersecurity demands of today’s distributed technology infrastructure and work environments, the skills of cybersecurity professionals are highly sought-after. While there will always be a need for great talent in cybersecurity, organisations can look towards harnessing the power of security automation to bridge the skills gap when it comes to security operations. Security teams can automate large parts of their crucial workflows, such as threat detection, incident response, vulnerability management, and threat intelligence analysis and dissemination, among others. This provides a synergistic blend of human and machine-driven actions and processes to address various security use cases. Overall, this can help organisations avoid the challenges in the cybersecurity talent market by achieving their objectives even with smaller teams.
What best practices we must follow in order to avoid data breaches and ensure cyber security?
Data breaches have become a frequent occurrence these days and it is having a negative impact on the bottom line for organisations as they can impact customer trust, the integrity of their products and services, and invite regulatory scrutiny as well. Organisations must have a clear understanding of how data flows through their technology infrastructure and what are the weaknesses that threat actors can exploit to steal data. To achieve this, organisations can leverage cyber fusion to orchestrate their detection, analysis, and response processes to quickly flag and mitigate threats to their data security. Cyber fusion provides comprehensive visibility over the entire infrastructure, whether it is on-premise or cloud-based, and uses predictive intelligence to improve response times. This sets the stage for a streamlined end-to-end threat management workflow using security orchestration and automation, while leveraging the last mile delivery and operationalisation of threat intelligence to facilitate effective decision-making in times of a cybersecurity crisis.