Sandeep Nagar, Lead – Global Cyber Security, Royal Enfield, shared his views on Zero Trust security, insider threats and alert fatigue, in an interview with CISO CONNECT
Q1. In the context of continuous uncertainty of Pandemic, what are the cyber security challenges for InfoSec leaders?
During the pandemic the world is becoming far more digitally connected and more vulnerable than ever and it has created a new challenge for business during the adoption of new operating model, in which working from anywhere has become the ‘new normal’. Organizations are accelerating the digital transformation, and cyber security is becoming a major concern.
Control over the roaming users is one the critical area while organization rely on traditional on premise solution those are not capable to provide the visibility of remote systems and not able to protect the remote assets in real-time. Infected remote user or asset working from home with less control may be tempered to carry out a malicious activity or other cyber threats.
Most of the companies still don’t have practices to perform the integrity & security control check before granting access to the network, data & applications on non-corporate devices.
Q2. Which are the key security areas that you would identify which will change the course of security Industry?
We have already started seeing following areas in security making a good impact, and these would have even significant impact in the future.
* Hacking based on Artificial Intelligence
* IOT & 5G Network
* Targeted Ransomware including in Metaverse
* Cloud
Q3. As ransomware attacks is one of the key cybersecurity concerns for InfoSec leaders, how does your organization deal with this security threat?
Ransomware deeply affect organizations nowadays. Every day we hear news of ransomware attack.
To prevent these attacks, it is most important to understand the tactics attacker use to gain access to network & systems. There are few common tricks and risks for ransomware attack such as phishing based emails, lack of cybersecurity awareness, weak Passwords, open ports to public net, insecure internet access to users, unpatched vulnerabilities etc.
There is no one click solution for the protection from ransomware attack. We follow industry best practices to protect from Ransomware such as strengthening the security at Application, Network, Endpoint, Patching, Backup, Email Security, Zero day based technologies like ATP based on AI/ML, risk assessment, cyber insurance etc.
Q4. How can the stringent frameworks such as Zero Trust Security, least privilege access, and strong identity management help InfoSec leaders secure their organization?
Zero Trust is one of the most popular frameworks in cybersecurity for protecting the organization from cyber threats and it’s a holistic approach or security strategy with the combination of multiple tools, technologies, and processes that that says you shouldn’t grant implicit access or trust to a user, device and application and it can’t be simply delivered by implementing a new technology.
Previously organization were more focused around the perimeter security to stop threats at first layer of network access, but this will not work in the current situation because now users are working from anywhere and they are working from home more than they work from office.
These are few of the critical areas for zero trust frameworks that should be addressed to build the zero-trust security strategy.
Zero trust security at network layer offers protection by limiting the network access with segmentation, isolation and granting appropriate access after verification of users and devices. Implementing the least privilege access is one of the core principles of zero trust architecture and it defines the least access to the users to perform their tasks effectively. Privilege access management solution is a right way to control the admin user’s authorization and monitoring of suspicious activities.
With zero trust no one can be trusted until they are verified in terms of trusted authentication and authorization. All these concepts of zero trust network access, least privilege and strong identity management are focused on controlling access, minimizing risk by removing the trust with limiting access. All these focused on a different parts of access control.
Q5. With the widespread increase in security and data breaches, human error, insider threats, and alert fatigue, how can InfoSec leaders stay ahead of these challenges?
Human error is one of the biggest reason for any security breach and in some of the cases it starts with users clicking on a malicious web link or downloading some malicious content which may result in phishing attack and thus sensitive information are compromised.
Human factor of security vulnerability can be minimized by creating security awareness through regularly training the employees with the latest security threats such as phishing and other threats.
Insider threats can cause the most damage to an organization because it comes from the employees within the organization. Insider threats can also originate from an intentional insider, or an authorized contractor or partner who has gained access to the organization. To secure the organization from insider threats there are several measures that can be part of protection such as identifying the critical data and infrastructure and restricting access to employees who are not part of the project team. Insider threats can be minimized by enforcing multifactor authentication for all the sensitive systems, clearly documenting and consistently enforcing policies and controls, establishing an effective physical security controls in an organization. Lastly, implementing data loss prevention with user and entity behaviour analytics tools that are capable of providing visibility and shadow IT monitoring of users activities and suspicious behaviour, can be effective to control insider threats.
Organizations are using several tools & technologies for monitoring and alerting malicious or suspicious events. When this alert configuration is not configured properly, it can generate many alerts that most of the time cannot be responded to.
Alert fatigue is a problem that several organizations has to deal with and has a deep impact on business. Organizations can reduce alert fatigue through improvements in process and technologies such as corrections in the alerts configuration, distribution of monitoring responsibilities, correct severity, classification, thresholds and grouping of the alerts, continuous audit and review of alert reports and AI enabled automated alert response. A managed detection and response (MDR) service can be a cost-effective solution for organizations struggling to overcome alert fatigue.