Indian enterprises aren’t new to the threat landscapes; but still seem to struggle with cyberattacks. The common knowledge would be to increase security budgets, increase the efficiency of infrastructure, etc. But the one role in the organization that can help navigate threat is that of a CISO/ CSO.
In an exclusive interaction with CSOonline.in, Mushtaq Ahmed, CIO and CSO, CSS Corp, talks about CISO’s biggest challenges in the IT industry, the role of a CISO in determining security budget and how to correct the IT strategy to combat increased threats.
What are a CISO's biggest challenges in the IT industry today?
A recent IT security report shows that, only 38 percent global organizations affirm that they are ready to handle a sophisticated cyberattack. With teams lacking specialized cybersecurity professionals, and the ever-increasing landscape that cyber terrorists are covering under their belt every year - it has become a tough challenge for CISOs to keep their organizations safe.
To top that, the economies of cyber threat are becoming attractive for hackers who are increasingly finding newer ways and means for causing damage. Using sophisticated technologies, they are now shifting from volume-based to more target-specific attacks. Hackers use the weak points of a system (that they identify while performing reconnaissance), and exploit these areas to gain access, plant malware, launch remote attack, and cause disruption to the organizational security.
The boom of IoT devices today poses great security challenges as these devices are poorly managed and offer easy opening for attackers. Additionally, the attackers are using techniques such as sandboxing to be more successful and to evade detection by behavior analysis tools. A big challenge for the CISOs is thus to guide in the development of strong processes and mechanisms that can thwart such attacks.
Phishing, DDoS, and botnet are the most common attacks that do not spare even big brands like Netflix. The latest addition to the list of threats last year were Ransomware and WannaCry that targeted systems that were using outdated software and equipment. These threats make patches and regular updates a critical activity that CISOs need to track, apart from implementing practices such as regular training about procedures that employees need to follow to safeguard against the threats.
What is your organization's cybersecurity challenge?
In today’s rapidly evolving landscape, at times one wonders if security is only a problem of IT alone, as it spans across the entire organization. However, at CSS Corp, we have aligned ourselves to lead and implement safeguards and tool-based protection against targeted phishing attacks (CXO fraud scams), SPAM, ransomware, and data leaks.
Another challenge (and focus) for us is to safeguard our data. There are multiple copies of data backups at off-site (datacenter, cloud) that if not checked, may prove vulnerable. For the same, we have to ensure protection against every access and entry point. To overcome the challenge of keeping our staff updated about the latest threats, we need to keep working on spreading periodic awareness by means of posters, wallpapers and through internal mailers.
What role should a CISO play while determining the security budget of an organization?
The earlier an attack is controlled (the kill phase), the easier it is to prevent an attack. Traditional signature-based defense mechanisms are not enough to defend against AI-powered attacks.
To ensure that the organization has the right technology and tools, as well as agility to thwart attack chains at every stage, CISOs need to regularly audit and update the investments being made in the security-related tools and processes. Organizations having a clearly defined role for CISOs make it easy for them to get approvals for the budget increases. For an organization to be secure from any cyber threats, investments are required to be made in technology, people, and policy and finally must have a process of enforcement.
In today’s scenario, investments need to be made in security analytics platforms and technologies with AI and ML capability that can detect evolving threats and prevent zero-day attacks. Some organizations may even plan for a contingency fund to handle potential financial loss due to cyber-attack.
Despite increased security budgets, the threats are on the rise. Where is the correction necessary?
For having the necessary curbs and controls on the rising threats, a continual risk assessment must be in place instead of a point-in-time assessment. There must be regular awareness campaigns regarding cybersecurity across the organizations, and identification of insider threats. The board members and senior management must be actively engaged in all activities pertaining to cybersecurity, and there must be a 360-degree visibility to infrastructure and supporting security framework. Having a robust and comprehensive access management and use of AI and ML tools strengthens an organization’s ability to detect a threat early in the attack chain.