Embed Cyber Security into Products and Services, Supply Chains and Partnerships: Rohit Kachroo, CISO Indiabulls
Rohit Kachroo, CISO, Indiabulls Group, in conversation with dynamicCISO, gives an insight into what is it that’s keeping the CISOs up at night and how they need to transform themselves to stay relevant in today’s dynamically evolving threat landscape.
DynamicCISO: As a CISO, what's your vision for the near and mid-term future?
Rohit Kachroo: In general, monitoring, repelling and responding to cyberthreats while fulfilling compliance requirements are the key responsibilities of a CISO. But, the continuously evolving landscape of security threats has widened the role. The approach is now focused on encountering the futuristic security threats effectively and aiming to protect the critical information assets in terms of reducing organizational exposure to cyber risk, ensuring priority response and recovery, and increasing cyber resilience.
Also, time has come to transform from being a business-support function to a business-enabler and shouldering with business leaders by ensuring adequate security controls as well as response mechanism, which will help business grow safely and rapidly. To cater to the new threats, one has to be both dynamic and visionary. A CISO today should be someone who can provide security resilience as well as can handshake with business leaders to guide the business through a secure path.
DC: What is keeping a CISO awake at night in these challenging times?
RK: In recent times, we've witnessed plenty of targeted and very scary rogue malware such as Ransomware that have created havoc across businesses. Unfortunately, the growth in cyber security talent pool is unable to keep pace with the growing sophistication of cyber attacks. These attacks are keeping CISOs tossing and turning at night. The larger issue is the absolute volume of threats and the relative ease with which the least funded adversary can attack and be successful. This is predominantly because of lack of readiness in majority of organizations when it comes to pre-emptive infrastructure.
Keeping in view the dynamic technology changes, we have to introspect on the sheer volume of vulnerabilities that can be exploited if an organization’s infrastructure is open to credential thefts. Hackers can lock your confidential business information and charge a ransom or even steal your data and conceal the tracks. Most of the time businesses as well as government orgs, with the lackluster defense, become vulnerable to the simplest of malware attacks.
DC: In view of the scary scenario, what best practices would you recommend to follow?
RK: To tackle these challenges, CISOs need to reassess their common concerns and consider a different approach. Here are the top three things to keep in mind.
- Increase the awareness among cyber security staff that understand networks and know how to protect those. Team should be equipped with necessary time and skills to both react to an attack and proactively hunt for them to ensure that organizations remain operational and secure.
- Security is not only the matter of information but it severely threatens the organization’s reputation. To maintain the confidence of shareholders and customers, organizations must align their brand with one of security — and make sure they can back it up.
- In the present scenario, businesses are more exposed to unseen risks than ever before from employee devices, automated manufacturing, the global supply chain and the Internet of Things. So, organizations need to embed cyber security into their products and services, into their supply chains and into their partnerships.
DC: What are the top five information security challenges you foresee in 2018?
RK: After analyzing the historical information security related industry facts and figures and predicting about the almost unknowns, the following top five challenges will persist/emerge in next one year:
- Data leakage through Internet of Things (IoT)
- Access of sensitive business data on mobile devices
- Protection from cyber attacks like Ransomware
- Increasing demand of network traffic that may restrict the legitimate business applications
- Managing the business security expectations of top management
As digital transformation initiatives gain pace, the threat of cyber attacks grows in tandem. Further, risks stem from the evolving business and regulatory requirements and technology trends that are posing new cyber security challenges and endangering the success of digital programs.
DC: How are you preparing yourself to address these challenges?
Challenges will always be part of information security because of its consistent progressing nature and vast landscape. However, there is no single security solution to rely upon for the security needs of the organization. Solutions should also mature themselves enough to counter the new challenges.
In order to counter the future cyber security challenges, we, as an organization, have taken various measures. Few of them are mentioned below, but not limited to:
- Controls in place to collect logs from standard security sources, enrich logs with supplemental data, Global Threat Intelligence (Black Lists), Human Resource / Internet Download Management, correlate finding the proverbial needles in the log haystacks, Investigate - follow up and fix, document SOPs & SLAs and Incorporate Build white lists.
- Control has been embedded in identifying the privileged accounts, understand the requirement of privilege accounts, design and implement, define PIM policies to meet the compliance requirements, define or enhance the privileged access and increase the operational efficiency.
- Control placed for accurate threat detection, respond to threat faster, easy administration and effective scaling security across the network.
- Control placed for enhanced data protection using layered security, flexibility and control while creating and applying policies, block data loss, secure the encrypted traffic and customized dashboard as per business need.
- Control implemented in fast detection and protection from security threats, speedy analysis of security incidents, immediately block or allow specific files and certificates.
- Control implemented for protecting the web application on the application level, protect from the known vulnerabilities based on blacklists.
- Control implemented for DDoS protection by absorbing attacks, prevent DNS forgery, cache poisoning, faster resolution of DNS. Integrated with content delivery network coupled with transparent operational excellence along with over-provisioned resilient infrastructure without impacting legitimate request helps in mitigating the slowdowns.
DC: What initiatives around information security have you undertaken in the last one year?
RK: Keeping in view the present and future security threat scenarios as well as key business objectives, we have identified the following solutions in order to achieve our business as well as regulatory compliance requirements:
- SIEM – helps in collecting logs from standard security sources, enrich logs with supplemental data, Global Threat Intelligence (Black Lists), Human Resource / Internet Download Management, correlate finding the proverbial needles in the log haystacks, Investigate -- follow up and fix, document SOPs & SLAs and Incorporate Build white lists.
- PIM/PAM – helps in identifying the Privileged Accounts, understand the requirement of Privilege Accounts, design and implement the PIM/PAM solution, define PIM policies to meet the compliance requirements, define or enhance the Privileged Access and increase the operational efficiency.
- ATD – helps in accurate threat detection, respond to threat faster, easy administration and effective scaling security across your network.
- Web Gateway – helps in enhanced data protection using layered security, flexibility and control while creating and applying policies, block data loss, secure the encrypted traffic and customized dashboard as our business need.
- TIE – helps in fast detection and protection from security threats, speedy analysis of security incidents, immediately block or allow specific files and certificates.
- WAF – helps in protecting the web application on the application level, protect from the known vulnerabilities based on blacklists.
- Secure DNS – helps in DDoS protection by absorbing attacks, prevent DNS forgery, cache poisoning, and faster resolution of DNS. Integrated with content delivery network coupled with transparent operational excellence along with over-provisioned resilient infrastructure without impacting legitimate request helps in mitigating the slowdowns.