By Manoj Chugh, President – Group Public Affairs and Member, Group Executive Board, Mahindra & Mahindra
As Covid rages on, global economies continue to remain disrupted, bringing untold misery to Billions. Businesses have focused rightly, on employee health and safety, as a first important step in this long drawn out battle. As we well know, “Work from Home” protocols were enabled at lightning speed and the Network became everything. Whilst we deservedly celebrate our COVID Warriors who are helping fight the Health pandemic, with great humility, may I add that we should also stand up and clap for the tech heroes, who enabled us to remain ever so productive, working from home, without missing a heartbeat. The Network Engineers, End Point enablers and many others toiled to ensure that we continue to work effectively, well ensconced, in the warmth and comfort of our homes.
As employees settle down to their “new routine”, organizations have to start rethinking their strategies to combat the imminent cyber security attacks. Clearly the risks have increased manifold. The situation has become more complex for organizations that have a wide- spread manufacturing footprint or those running a utility. Security aspects relating to assets in the units, factories as well as those impacting Industrial Control Systems have to be thought through carefully. Critical elements need to secured given the increasingly sophisticated threat landscape with a myriad of hackers smelling blood. Consider an under-protected SCADA Network and the worries that it brings, if an attack were to be launched. It brings a chill down one’s spine. A Country’s entire infrastructure could be on it’s knees. Automated and fast-moving threats, like ransomware are a primary concern. Actors can easily capitalize on the slightest vulnerability and hijack operations, leading to a significant loss of revenue and even physical harm.
The need to deploy solutions that are innovative and flexible, is paramount. The ability to effectively detect, inspect and respond to issues in real-time is key for owners of critical infrastructure. A lackadaisical approach can result in a catastrophic outcome. The ability to have in-depth visibility into the behaviour of users, devices, and the network enhances the security posture of the organization. Having a state- of- the art toolkit with best of breed solutions that are well integrated is a necessary starting point. In addition, the organization must have readily available trained cyber security experts, that are adept at combating threats that have never been seen before, including zero-day and Advanced Persistent Threats is becoming increasingly important.
As one reviews the armoury, a good place to start is by acquiring and deploying an AI enabled Network Traffic Analysis (NTA) solution. On installation, security analysts can identify unusual activities that are occurring on the network. By catching erratic behaviour in the very early stages, a potential hijack can be thwarted, well in advance. Specialized tools help users gain complete network visibility, as it begins analysing users, device and network behaviour, in real time, and detects anomalies with respect to a baseline. It further assists in resolving identified security incidents with concrete evidence, actionable intelligence and response workflow integrations.
On sensing an attack, the organization is immediately alerted of the potential intrusion that has occurred. It is not uncommon for new malware to bypass all standard security tools that are looking for “signatures”. By leveraging Machine Learning algorithms, the solution is able to detect the slightest abnormal behaviour including ‘unknown unknowns’, thereby enabling the security team to detect and respond to attacks before a possible freeze. Risks can be categorized enabling an effective response and an optimal utilization of resources, so that one does not press the Red Alert Button in each and every situation. Security and risk management teams, proactively assess security postures on an ongoing basis and fine tune detection rules to remain one step ahead. It is important that efforts in enabling advanced predictive analytics do not impact on going operations. They system learns about the BAU patterns of behaviour of operators, workstations and automated systems within that environment. The machine learning algorithms are taught to distinguish and react to emerging threats on-the-go. Advanced behavioural analytics senses even previously unnoticed, customised attacks, regardless of whether they emerge in the corporate IT or OT domains or somewhere in between. The ability of the solution to transcend the IT and OT Networks is key. A compromise in either, creates a threat for the entire organization.
In the wake of the pandemic, the technology led challenges that organizations are facing have intensified further. There is evidence of a high level of inadequacy in the ability of many organization to detect, analyse and respond to security threats, particularly in Integrated IT-OT environments. On the occurrence of a breach, it may not be realistic to shut down the business.
‘Catching them early” is the mantra one needs to work on. Advanced Cyber defence technologies, which are now mainstreaming can be deployed across both IT and OT environments to provide full cover surveillance to an organisation, thus allowing security experts to combat the most deceptive attacks that endanger critical infrastructure, regardless of whether those threats are internal or external.
As Cyber Defence and Cyber Security technologies begin the converge, the hope for a Safer World becomes brighter. So, cheers to that!!!
(Disclaimer: The views expressed in this article are those of the author. They may or may not reflect the opinions or views of the author’s organisation)
Other articles by Manoj Chugh
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]