The threat landscape has expanded with cyber criminals having new and vulnerable targets each day. Cyber-crime has become a multi-billion-dollar business with threat actors using latest techniques to formulate sophisticated cyber-attacks.
There is a growing need for cyber-security best practices in such a complex cyber-threat landscape. Smruti Gandhi , Director – Community Engagement & Executive Editor, DynamicCISO(DCISO) spoke to Vinay Sharma, Regional Director India and SAARC, NETSCOUT(VS) on the current and future complexities around the cyber-threat landscape and the best practices to mitigate security threats.
DCISO: How scaling up security is key to protecting edge and enterprise IoT?
VS: With the increase in the adoption of edge computing, IT teams have the challenge of securing the rapidly expanding number of edges, such as Client edge, Network edge, Data centre or the Cloud Service edge.
As our lives are more interconnected than before, the smart devices are subject to the same risks of compromise as computers. Cyber-attackers can target these IoT devices to steal information or use them to launch attacks against other devices. A layered security approach to mitigate threats are both scalable and cost-effective, and should be taken to secure an IoT network across multiple nodes and geographies. Automatic encryption for the entire file system and ensuring each device has its own credentials are imperative.
DCISO: What are the drivers/market trends that are shaping the cybersecurity landscape in 2022?
VS: Government agencies, corporate sector and individual users are more aware of cyber-attacks and data-breaches than before. Pandemic and lockdowns drove the need for remote work culture and mobile devices became the new workplace. Adoption of Public Cloud Services is on the rise for its operational and cost efficiencies, in addition to scalability benefits.
However, the threat landscape expanded with cyber criminals having new and vulnerable targets. New challenges such as frequent data breaches, oversight to meet regulatory compliances, insider threats, among others, are on the rise. DDoS attacks are overwhelming the servers and networks, besides targeting ISPs. There is a significant rise in the ransomware attacks as well, with attackers becoming more organised and targeted, and India Inc., is among the most hit across the globe.
DCISO: The pandemic struck all of us, however digitisation was the key to business resilience during this period and pandemic just accelerated the digital transformation. How do we defend against more and more sophisticated cybercrime as our entire assets move to digital?
VS:It is true that adoption of Digital Transformation and Automation has accelerated in the last couple of years with organisations investing heavily in these areas. Cybersecurity, which was initially overlooked during the first phase of lockdown and having witnessed the dire consequences, businesses, are taking ‘Cybersecurity-first’ policy route now.
Cybersecurity has to be managed as a business priority and among the top KPIs of the organisation. Security measures must include a strong incident-response plan in addition to proactive controls and processes. Investments in new systems, technologies and tools should become top priority.
A zero-trust approach to security has to be followed across people, technology and process domains. Cyber-threats such as phishing, malware, ransomware, DDoS and Social Engineering are getting more sophisticated and frequent. Security Intelligence with comprehensive visibility and cutting-edge monitoring have to be put in place.
With public cloud services on the rise, it is important to ensure security in the cloud that should follow a shared responsibility model, involving the cloud service providers, SaaS providers and the users. To further tighten cloud security, it is important to have granular visibility into the internet attack surface and the asset landscape with cybersecurity measures, reviewed frequently.
DCISO: The pandemic made all the industries more vulnerable from a cybersecurity perspective. Going forward, what is your outlook for cybersecurity readiness of Indian companies in the world of constantly evolving threats?
VS:With increase in remote working cultures, BYOD approaches and the Cloud Services, the security perimeters are expanding too, adding to data-breaches and higher security risks. Organisations have to look at implementing a robust long-term cybersecurity strategy and short-term security fixes, with continuous monitoring. The cybersecurity challenges in 2022 have to be pro-actively addressed by organisations to ensure business continuity, operational excellence and better customer experience.
By establishing a cybersecurity culture, businesses can integrate both security and business continuity planning into the corporate culture. Employees need to be trained and prepared to address cyber-attacks, as and when then occur. It is important to establish a security-driven networking strategy that converges network and security across the entire connected landscape in addition to building the security into the core infrastructure. There should be collaborative efforts between businesses, government agencies, security vendors and industry bodies against modern ransomware to mitigate attacks. Organisations must ensure the cyber-security strategy is future-proof too.