‘Critical national infrastructure is a tempting target for cyber threat actors’

California based cybersecurity company CrowdStrike effectively tackles the most modern-day and malicious cyber threats.  Mike Sentonas, VP Technology,  CrowdStrike, claims that none of the establishments which are under Crowdstrike shelter, fell to prey to any internet crime. In an interaction, Sentonas shares more about the company and how it is geared up for the Indian market. Edited excerpts.

What are the cyber security industry trends- globally and locally?

The findings of the 2019 CrowdStrike Global Threat Report points to the escalating activities of nation-state actors and global eCrime actors across all targeted industries. Some notable trends identified include:

• The continued rise of “Big Game Hunting,” the practice of combining targeted, intrusion-style tactics for the deployment of ransomware across large organisations.
• Increased collaboration between highly sophisticated eCrime threat actors. The use of geo-targeting to support multiple eCrime families was observed through a variety of tactics.
• Industries at high risk for malware-free intrusions include media, technology and academia, highlighting a growing need for defenses to be strengthened to safeguard against more sophisticated, modern attacks.
• Several targeted intrusion campaigns by China, Iran and Russia focused on the telecommunications sector was identified over the past year, likely in support of state-sponsored espionage activities. Subsequent lures to drive more effective social engineering campaigns also resulted in compromised telecom customers, including government entities.
• There is increasing operational tempo from China-based adversaries, which is likely to accelerate as US-China relations continue to be strained.

As for India, PWC points out that Privacy and personal data protection will be a key focus area for organisations in order to align themselves with the Personal Data Protection Bill. Machine Learning (ML)/Artificial Intelligence (AI) will become a cornerstone of organisations’ digital defence. With the focus on Smart Cities across India, IoT security will become a focus as regulators work to secure critical infrastructure and as cloud adoption continues to grow in 2019, efforts to protect sensitive data stored in the cloud will multiply.

What issues and challenges does India face today when it comes to cybersecurity?

Digital India is a significant opportunity that can generate huge economic value for the country. Cyber attacks, however, remain a significant risk, and major incidents over the last 12 to 18 months have demonstrated inadequate protection in a number of organisations across India.  While the true impact is hard to measure without widespread breach notification reforms, the publicly disclosed incidents highlight the gravity of cyber security challenges.  As India is aggressively building its digital economy, cyber security needs to become a critical phase in the design process.

Basic hygiene remains a significant challenge, with numerous cases reflecting patching deficiencies that have led to significant breaches.  Attackers are finding it easy to exploit vulnerabilities that have not been mitigated with patches, which at times have already been available for a significant amount of time. This is a pressing issue in India: Ransomware, as an example, has been a growing problem with attackers today using the EternalBlue vulnerability from 2017.  Hygiene is simply a critical requirement every organisation needs to focus on – think of it as a low-hanging fruit that deters attackers from having an easy way in.

Additionally, in late 2018, Microsoft tests showed that 91 per cent of new PCs from India were loaded with pirated software, and this is also a pressing issue.

Whilst spending on security in India is growing, India remains a very price sensitive market—this means a number of organisations in India are under-prepared to face today’s cyber attacks, given the significantly low level of security spending outside large Indian multinationals.

All companies are placed in a difficult position when giving access to corporate data, but small and medium businesses are especially vulnerable to data breaches and cyber attacks? How do you think this situation can be tackled?

A lot of small and medium businesses don’t see themselves as a target— they believe that their cyber security is good enough and that they don’t have anything of value to a cyber attacker. Adversaries love to focus on small and medium businesses as a result, viewing them as a softer target lacking robust cybersecurity infrastructure.

SMBs unfortunately have the perception that tackling cybersecurity challenges is expensive. This is far from the truth, as there are pragmatic measures SMBs can implement to secure the organisation— which do not necessarily involve buying technology and which do not really cost much. These are around basic user awareness, patch management and hygiene, doing basic things like keeping your operating system up to date—a feature in every operating system. By turning updates on and rolling out new operating systems or application patches, organisations can be assured of the remediation of vulnerabilities and insecure configurations. Multifactor authentication is also crucial—as this ensures that a scammer does not easily get access to credentials.

Cyber attackers are well-funded and technically advanced. Their attacks pose a threat to national initiatives such as Smart Cities, E-Governance, and digital public identity management. Government and military organisations and other businesses store and process significant volumes of confidential data, regularly transmitted across networks, thereby increasing their exposure to cyber threats. How do you think these can be addressed?

Critical national infrastructure, including government services and defence, is becoming an increasingly tempting target for all kinds of malicious actors.  There are three main motivations for attacking critical national infrastructure: disruption, financial gain, and espionage, and these motives can apply to all kinds of attackers, from nation states to individuals.

At the moment, most of these infrastructure attacks seem to have been perpetrated by nation states, but it is easy to see how other actors could attack the same targets.

With threat actors utilising increasingly sophisticated attack methodologies, organisations can no longer rely solely on traditional antivirus (AV) software in their security estate. Traditional AV software are capable only identifying known virus families, and is therefore vastly ineffective at spotting new strains or families of malware. Organisations must invest in capabilities that can detect attacks through means other than their unique “fingerprint”. These capabilities identify threats based on abnormal behaviour– such as sending large volumes of email or trying to access or alter files – rather than relying on spotting known virus signature.

Another key attribute of every modern security estate is the ability to monitor indicators of attack (IoA), such as code execution or suspicious process, which can potentially identify imminent attacks before they have even occurred or even before its formal identification as a cyber threat.

How are AI and ML used in cybersecurity?

Artificial intelligence and machine learning have a critical role in cybersecurity.  Effectively used, AI can better detect new and unknown threats in real time,  providing higher efficacy levels to protect organisations. The sheer number of attacks seen on a daily basis is beyond the capability of traditional signature-based detection.  Many of the attacks that have devastated organisations over the last few years are simply due to failed detections. While improving the ability to detect new threats, AI and ML alone do not simply fix the cybersecurity challenge. Having comprehensive endpoint protection – not only including AI and ML but also offering exploit prevention and behavioural analysis – should be an integral part of any solution used in organisations.