One of the popular topic today in the digital world aside from Blockchain is Security. The EQUIFAX incident is just a good reminder for all of us that everyone is vulnerable when it comes to security breach unless every strategy is not being undermined by any prioritization from different leadership in the organization. In regards with all of this, I asked the expertise of Peeyush Khare of TATA Communications to share his thoughts on some items below.
BERMIL ESPINA: As product expert to TATA’s security portfolio, what makes your product superior compared to your competitor in terms of support, compliance and customer experience?
PEEYUSH KHARE: Being an MSSP, we are vendor Agnostic but same time we are Tier-1 ISP and our network products alignment with security solutions makes us a unique in MSSP segment. Tata Communication MSSP Portfolio start from Internet Link security where we are fighting high volume DDoS attacks to very sophisticated applications attacks and goes down up to data protection level. Our global presence provide key advantages to any enterprise to have centralized customer experience. As businesses are growing globally and each region is coming up with their own data regulations and , it’s important to have a service provider which gives customers a transparent view of their enterprise security posture region-wise with respect to compliance and regulations alongside dealing with an industry leading security teams in one place as a single point of contact.
BERMIL ESPINA: What is the key to successful cyber security implementation?
PEEYUSH KHARE: Any businesses should have a strategic approach to cybersecurity. Adoption of PPRD model by enterprises provide them best comprehensive solution with 360 degree view to management for their security posture. Predictions capabilities can be developed with proper implementation of prevention, detection and alignment of intelligence solutions into the infrastructure. This model resonates so well that Gartner has found it to be an effective model for communicating broadly and not only related merely to technology strategy. This research discusses a few of those areas and offers some resources for CISOs to further adopt the model for their own security communications.
- Prevention: Solutions and support need to be placed strategically to reduce the risk of attacks into network or endpoints
- Detection: Proper detection mechanism should be deployed in case of any breach happens due to protection failure.
- Response: Response procedures, tools & guidelines help reduce the outage and minimize the impact of the incident
BERMIL ESPINA: What are the best practices around security implementation?
PEEYUSH KHARE: It is very important to take a layered approach when you are designing best practices for organization’s cyber security. These practices always stick to basics but we need to tweak with the time and type of attacks evolved in recent times.
My High level best practices with regards to Ransomware attacks:
- Implement Information governance policy
- Stop Data Loss by having proper protection solution
- Detect Insider Threats
- Back Up Data offline
- Beware of Social Engineering: Need continuous engagement and training for employees
- Educate and Train Your Users
- Update Software and Systems
- Create an Incident Response Playbook
- Maintain Compliance
BERMIL ESPINA: Do you think the future of cyber threat will be more aggressive as what is it today?
PEEYUSH KHARE: Cyber security strategy is now a key concern for any CIO/CISO. Ransomware attacks continue to evolve and making new ways to get into corporate networks. Crypto currencies have enabled cyber crime to become a profitable way to make money directly from malware. As these days, cyber-attacks are on their peak, any CISO or CIOs highest goal to have their enterprises safe and secure. Cyber-attacks are growing at highest ever rates and It’s become an organized industry, and is projected to grow to multi-billion dollars, which is larger than any other form of crime.
Criminals are turning to ransomware because it is more profitable and easier than other types of crime like cyber espionage. The next generations of ransomware will, like other forms of software, be tweaked and personalised for the organisation under attack.
Security teams of the future will be spending more time looking forward and trying to predict the next type of attack, not just dealing with current problems. The other key for a secure organisation is an understanding from all staff from the board of directors downwards that security is everyone’s responsibility. Finding innovative ways to train staff and make them aware of the ever-changing roster of malware types will be a crucial job for security teams. This means taking a more collaborative role with other parts of the business like human resources. It also means building security into the very start of new projects and not just adding it on afterwards. Predicting the exact shape of future threats might not be possible, but getting staff to put security first will help keep the enterprise as safe as possible.
So where will the cyber criminals go next? My bet is on the Ransomware & IoT devices. How they will turn it into a criminal activity is already visible in multiple attacks in recent time but whatever happens, we the defenders will do what we do best: defend our networks.
NOTE: Peeyush Khare is TATA Communications Senior Manager for Managed Security Services.