In an exclusive interaction with Express Computer, Lalit Trivedi, Head IT & CISO, ITI Mutual Fund shares his views on how DNS can be leveraged to improve threat resolution, best practices to protect a remote workforce, multi-cloud strategies, and the role of AI in improving an organisation’s security posture
Some edited excerpts:
- What are some of the emerging threat vectors that enterprises need to be careful about?
A threat vector is a path or a means by which a cybercriminal gains access through one or more routes into a computer system by exploiting a route vulnerability. Organisations need to be careful because cybercriminals are always targeting big and well-known companies, but medium and small organisations also need to save themselves from such incidents.
The list of threat vectors continuously grows as hackers discover new methods to exploit people and system vulnerabilities to deliver malicious software, access sensitive data, or access operating systems.
- What are some of the best practices you recommend to protect a remote workforce?
Working from home is convenient and has many benefits, but it also exposes both individuals and businesses to a range of cybersecurity risks. That’s why it is essential to give serious consideration to home cybersecurity. By following best practices, you can mitigate most cybersecurity work-from-home threats quite easily.
One of the most effective security tips for working from home is to invest in a comprehensive antivirus suite for you and your employees. While working remotely, trust yourself and your tech-savvy employees to keep themselves safe online. It’s worth remembering that working from home means company computers are more likely to be exposed to young children and other members of employees’ families. Therefore, it’s important to keep devices safe and not allow other household members to access them.
Working from home usually means taking part in teleconferences and video calls which require the use of your webcam. Unfortunately, savvy hackers can easily access your webcam without permission, compromising your privacy.
Remote working often means connecting your computer to the company’s Virtual Private Network (VPN connection) – but this, in turn, creates new home office safety ‘back doors’ that hackers could potentially expose. VPN security can be enhanced by using the most robust possible authentication method. One of the simplest ways to ensure cybersecurity for remote workers is to strengthen your home Wi-Fi network’s security. You can achieve this through some straightforward steps.
- Request you share your views on protecting multi-cloud environments. What are some of the best practices you recommend?
Multi-cloud space continues to mature and become a mainstream component of enterprise IT environments, CIOs must have a clear picture of business objectives, constraints, and deliverables.
It’s also necessary to understand that multi-cloud is not a solution to every problem that enterprise IT teams face. Also, since there is no single, all-encompassing approach for all organisations. Each company will need to build its own multi-cloud roadmap for its unique business needs.
At the same time, organisations need to follow some best practices, to ensure the long-term term success of their multi-cloud strategy.
-Mapping workloads is possibly the most critical step in creating a robust multi-cloud strategy. This enables the right infrastructure components and cloud services to be allocated/provisioned to the right business need.
-Incorporate hybrid cloud concepts
-Streamline vendor management – In a multi-cloud set up, vendor management runs the risk of becoming disjointed, often departmentalised, resulting in a loss of control and increased business risks.
-Centralise IT governance
-Create a robust integration framework
-IT decision-makers need to centralise and standardise security policies across the enterprise and may need to partner with managed security service providers (MSSPs) to unify their security environment.
-Continuous improvement
- DNS attacks have gone up significantly. How can DNS be leveraged to improve threat resolution
DNS is widely trusted by organisations, and DNS traffic is typically allowed to pass freely through network firewalls. However, it is commonly attacked and abused by cybercriminals. As a result, the security of DNS is a critical component of network security.
Hackers always target DNS-level attacks to explode the external connectivity of the organisation. DNS attacks are any type of attack that involves the domain name system (DNS). There are many ways that attackers can take advantage of weaknesses in the DNS. Most of these attacks are focused on abusing the DNS to stop internet users from being able to access certain websites. These fall under the wing of denial-of-service (DoS) attacks
Reputation filtering: Like any other internet user, most malware needs to make DNS requests to find the IP addresses of the sites that it is visiting. Organisations can block or redirect DNS requests to known malicious domains – based on threat intelligence
DNS inspection: The use of DNS for data exfiltration (via DNS tunneling) and other malicious activities can be detected and blocked by an intrusion prevention system (IPS) integrated into a next-generation firewall (NGFW).
Secure the protocol: DNSSEC is a protocol that includes authentication for DNS responses. Since the authenticated response cannot be spoofed or modified, attackers cannot use DNS to send users to malicious sites.
Secure the channel: DNS over TLS (DoT) and DoH (DNS over HTTPS) add a secure layer to an insecure protocol. This ensures that the requests are encrypted and authenticated, unlike traditional DNS.
- How can AI play a vital role in improving security posture? What are some of the possible use cases?
AI identifies data patterns, allowing security systems to learn from prior encounters. Furthermore, AI’s role in boosting security posture includes faster detection and reaction times and ensuring authentication.
AI works in cyber security by learning from past data to identify patterns and trends. This information is then used to make predictions about future attacks.
AI is becoming increasingly important in cybersecurity. It can help analysts detect and respond to threats much more quickly and effectively. By using machine learning algorithms, AI can constantly learn and adapt to new threats. Moreover, it acts as a powerful tool in the fight against cybercrime.
- Best practices recommended for improving ROI from existing security investments
Security investment is to save businesses from external threats it is difficult to calculate ROI for this.
What is a security investment? This kind of investment neither increases revenues directly nor provides immediate payback, rather, security investments are about risk management that results in loss prevention and risk mitigation.