Mukul Gupta, CISO at ATCS Pvt. Ltd., recently shared his views on the challenges of CISOs in the context of Pandemic and other aspects of cybersecurity.
Q1. In the context of continuous uncertainty of Pandemic, what are the cyber security challenges for CISOs?
COVID-19 has created a plethora of new challenges for CISO’s that ranged from workforce suddenly starting to work from anywhere, unprecedented scaling and exposure of company’s IT infrastructure to internet. Given the fact that, entire focus of the industry was on making work form anywhere possible, we now face a huge gap in terms of where we are in terms of IT infrastructure and where we are in terms of its security (which wasn’t so wide earlier).
This could also be understood from the fact that most of the solutions that boomed in last 2 years take security as a layer outside the system as lock and key approach instead of being built inside out.
CISO’s worked hand in hand with CTO’s to secure this rapid transition to a remote workforce. The opportunity to work from anywhere has been embraced by many globally, however, it has brought with itself multiple security challenges. The most immediate being employees suddenly found themselves in a remote working model, CISOs had ensure secure connections for newly remote workforces who were suddenly working from home on devices that may have never been part of the corporate domain before. In our organisation, we fared well as most of the employees already had company issued devices.
COVID-19 was an explosion of cyber risks along with the deadly virus itself, and further complicated the constantly changing threat landscape. The initial challenge with remote working model was that all employees worked isolated in their homes, and on potentially unsecure devices (given current scenario) and networks present a perfect storm opportunity.
Rapid expansion of remote working came with risk of cyberattacks aimed at the remote workforce. Corporates were forced to rely upon home Wi-Fi or other untrusted networks, employees working remotely tend to forget or ignore the Security basics, such as connecting via VPN.
Attack approaches have been reinvented by threat actors during the ongoing pandemic and more sophisticated , strong and focussed attacks are skyrocketing against organisations and often by compromising employees working remotely. COVID-19 oriented phishing and online scams; disinformation and misinformation campaigns; disruptive malware, including ransomware; data-harvesting malware; and social engineering have become challenges.
Q2. Which are the key security areas that you would identify which will change the course of security Industry?
Phishing attacks have increased in frequency by 667% since COVID-19, are so easy to set up, and yet very effective, giving the attackers the best return on their investment. A technique carried out over the phone (vishing), email (phishing), text (smishing) or even social media with the goal being to trick you into providing information or clicking a link to install malware on your device. These attacks are highly effective and target urgency, willingness to help, or fear of the threat emotions. This is one area where security industry might join hands with telecommunication industry to see unprecedented growth (to some extent already has with solutions like true caller).
With corporate devices being used at home, the data comes at risk. Hence, I feel bundle solutions to help avoid such issues along with insider threats (data theft etc.) are going to be the pathbreakers in the security industry.
Q3. How do you see the future of IT Security industry in terms of innovation and sales when there is a slowdown due to global financial crisis?
IT security industry has not seen any slowdown due to global financial crisis in my opinion. Further, I strongly feel that this pandemic has acted as a catalyst to the growth of the IT security industry at an unprecedented rate. There have been a lot of privacy legislations adopted by multiple geographies lately which has made IT security a bare minimum requirement for privacy controls to build upon.
There has been turnaround of entire sales approach where security industry has the advantage and is no longer going to operate in ‘push’ model of sales. They are rather going to work in ‘pull’ model with their hands full of orders. However, it is important to note that any company in this domain cannot rest even for a day as requirements are getting closed quickly due to management supported decision making.
Q4. How effective is the process of leveraging threat intelligence tools via AI/ML and then automating the incident response?
AI/ML is the ‘in-thing’, and most of it being platform independent , adaptable, and self-learning makes it even more desirable base for any tool built for threat intelligence. In today’s scenario, any threat intelligence tool not built upon AI & ML is like hiring a security personnel agency to tackle coronavirus. Without continuous learning, automated threat response, I am not able to imagine a threat intelligence tool.
In my opinion, a threat intelligence tool, that does not miss any threat, however, throws a couple hundred of false positives is a lot better tool than a tool that misses a true positive in effort to eliminate false positives. Same goes with automating incident response, but, here is the catch, in case there are a lot of false positives, it shall require a lot of effort to go through them all to identify if there are some true positives in the list. I strongly believe that AI/ML shall overcome this challenge as well sooner than later.
Q5. How can stringent frameworks such as Zero Trust Security, least privilege access, and strong identity management help CISOs secure the organization?
I do not consider any of these as ‘stringent’ frameworks, these are bare minimum requirements of any security organisation, and it is totally in hands of CISO to define ‘stringent’ and strike a balance between employee desires in the name of so called ‘flexibility’ and security, often labelled as a constraint to ‘innovation’ and ‘creativity’.
Q6. How can CISOs improve the prevention capabilities of the highest growth threat vectors, such as cloud security, access management, cloud workloads, hybrid work?
Adapting to the latest in industry, forward looking budget planning with balanced growth in both IT infrastructure (lead by CIO) and security infrastructure (lead by CISO) are the key to improvement in the prevention capability. Security built right inside out rather than a lock and key approach is the best method to improve prevention capabilities. Best suited CASB solutions coupled with SSO are only to name few in this area.