Building a Resilient Cyber DefenseExperts: New Framework Should Resist and Respond to Emerging Threats
India's cybersecurity challenges are soaring, as the cyber world gets more complex with increasing interconnected devices that expose enterprise data to the external world. Experts say the traditional approach to security will not keep pace with the advancement, and there is a need to move beyond breach prevention and reaction.
Security leaders argue that there is a need to re-think their approach to security and to build a resilient cyber defense that can help resist, respond to and recover from new threats.
"Regardless of having some of the most advanced technologies, the hackers are able to launch attacks on organizations," says Bengaluru-based Prem Kumar Boddu, chief manager-IT & IS of Vijaya Bank. "Every technology has its own loopholes."
Attackers are blending multiple types of attacks and have become more sophisticated, he says. Building a cyber resilience is truly a top business priority.
This topic was discussed at ISMG's Data Breach Summit Asia 2016 in Bengaluru.
Preet Paramjit Singh, Delivery Lead -Special Projects & Cyber Resilience for ESRM practice of Tata Consultancy Services, one of the featured speakers, says that most enterprises have a false belief that they become cyber resilient by certifying to different standards. "But the reality is that certification to standards are basically done based on a point in time audit process," he says.
Singh argues that the lifecycle of an organization from an information security point of view has to be as real-time as possible. Most standards do not specify what the best practices for each controls are and lack in a method for assessing the maturity of a given control.
"The primary aim of cyber resilience is also to assess the maturity of an organization's implemented controls," Singh adds. "I was healthy six months ago is no certificate that I am healthy today."
Steps to Build Resilient Cyber Defense
Security leaders believe that the first step toward cyber resilience is developing the organization's governance, risk and compliance model. Automation is considered to be the best way to achieve this.
Singh says automating the GRC processes and integrating it with more operational controls is critical, and says it's also important to automate the processes at operational level.
He says organizations need to think beyond just having the right set of technologies in place.
The ground rules for establishing cyber resilience, according to Singh are:
- Establish faster identification and protection cycle;
- Automate detection technologies;
- Integrate protective controls;
- Controls for automated response;
- Controls for automated recovery.
Security practitioners say organizations also need to have an ongoing awareness of information security vulnerabilities and threats to facilitate risk-based decision making. Continuous monitoring, coupled with automation, will provide a structure and a dynamic process for near real time risk management, say security experts.
Singh believes the challenge in automation is when people do not abstract the managerial level control from the operational level control. "One does not add much value by reporting that the anti-malware tool has detected 'x' number of infections which have now been cleaned. You add value when you are able to report how much time have you saved in cleaning those infections as compared to the past. If you're able to bring in that kind of abstractions, you start to think from a resilience point of view," adds Singh.
Resilience in the IoT Era
While enterprises are working toward bringing down the dwell time and response time that will put them in a "sweet spot," the advent of new technologies such as Internet of Things calls for a completely new approach to resilience.
"An organization's critical data is not on premise any more. IoT, mobile and cloud have opened up the network to a lot more targeted threats," says Nitin Gaur, associate director, Information Security, Omega Healthcare Management Services. "The biggest challenge for organizations is to develop a response plan to quickly contain such attacks."
Unfortunately, most organizations do not seem to be prepared to handle such "loss of integrity" attacks, says Gaur and adds, "Current technologies and methods struggle to automate this level of response."
When digital and physical worlds become one, the attackers are no more interested in stealing your data. "Just look at the kind of attacks we are subjected to - hackers trying to inject medicines into a patient's body remotely or increasing a car's speed.
What is critical in the IoT era is continuous monitoring tenants, says Singh. They include:
- Integrate security into enterprise architecture & development life cycle;
- Promote near real time risk management;
- Establish responsibility & accountability of security controls.
"The challenge would be, no single enterprise can put in controls because multiple enterprises and individuals are involved in such cases. The ecosystem has no clear picture in this area," says Singh.
Resilience is all about the capability to respond fast enough so that the intent of the attack is not fulfilled. It's also about the capability to act under attack. How do you do that? Experts recommend:
- Use analytics to improve response instead of just cleaning systems and moving on;
- Digitize security controls;
- Automate of processes and recovery;
- Cyber drills & training for the teams;
- Digital forensic readiness;
- Have an Enterprise dashboard
Organizations need to look at the larger picture, says Singh. "Instead of looking at how many of your servers were attacked, try to analyze the impact it has on various systems and other geographies that you operate in. it is very important to define cyberattack response policies, plans and procedures.:
"Analytics is playing an important role in understanding the attackers' pattern," adds Prem Kumar. "SIEM solution, which has analytics built into it, in a SOC for continuous monitoring along with peripheral solutions will form a good resilience system.Â¬"