In the current era, while businesses are expanding their digital footprint at an accelerated pace, keeping up their relevance amid pandemic, data breaches have also seen a massive surge. Considering the ongoing COVID pandemic has encouraged the adoption of remote working, businesses today are battling new security challenges as threat actors are using this situation for a new attack angle.
With that being said, planning and deploying policies remained as foundational elements of any security strategy and are even critical in today’s fast-changing landscape. To facilitate this, experts believe organisations must re-evaluate their employees’ usage of their devices, ways of accessing sensitive customer data, and whether or not they are meeting regulatory requirements under the new remote working models. However, it’s easier said than done.
To understand this dynamic threat landscape, and how enterprises can maintain constant vigilance and organisational agility, we spoke to Sudeep Das, the Technical Leader, IBM Security Systems, IBM India/South Asia. According to him, there are two ways in which organisations today need to look at their security posture — by increasing the efficacy of existing security controls and investing in additional security controls.
Explaining further Sudeep said, organisations can increase the efficacy of existing security controls by ensuring monitoring of all security alerts, leveraging proper risk assessment, and increasing awareness around “social engineering” attacks.
Additionally, organisations should also invest in additional security controls relevant to data and identity security, as those are the most critical assets for any organisation, stated Sudeep.
“We believe, organisations must build the pillars of visibility, detection, investigation, and threat response on top of a strong foundation comprising data, infrastructure security and identity access management,” said Sudeep. “The mantra for companies should be “train like you fight and fight like you train” means developing and testing incident response playbooks to help optimise your business’ ability to respond quickly and effectively to attacks.”
Edited excerpt —
What is the state of cyberattacks that are happening globally and in India specifically, amid COVID pandemic?
With the world battling against the deadly virus, cybercriminals are capitalising the opportunity to launch novel attacks, using tactics from phishing campaigns and malicious domains to targeted malware and ransomware. IBM X-Force sees cybercriminals target individuals using a wide range of tactics.
According to our recent data breach report, Indian companies have witnessed an average of ₹140 million total costs of a data breach in 2020, which is an increase of 9.4% from 2019. The same report stated that the cost per lost or stolen record was ₹5,522 in 2020, which is again an increase of 10% from the late year. The top 3 root causes of data breaches were categorised as 53% malicious attack, 26% system glitch and 21% human error.
Additionally, in the last two years alone, around 56% of organisations in India confirmed that they had experienced a data breach, with only 41% organisations having reviewed and tested their cybersecurity incident response plan.
Further, another report by IBM, that conducts an in-depth analysis of cloud-related cases found that cloud environments are usually preferred by financially motivated cybercriminals. As a matter of fact, the most common entry point for attackers is now via cloud applications, including tactics such as brute-forcing, exploitation of vulnerabilities and misconfigurations. This year has also witnessed the deployment of ransomware, followed by crypto miners and botnet malware. Further, according to the IBM data, data theft turned out to be the most common threat, ranging from personally-identifying information (PII) to client-related emails.
How is IBM helping industries enhance cybersecurity and address potential threats?
IBM Security helps organisations manage the ‘3Ps’ – people, process, and, policy, along with technologies across our key domains of strategy and risk, threat management, and digital trust. Further, IBM’s X-force threat management services have been publishing real-time reports based on research done across the world by various agencies and providing a consolidated view of this threat world. We have also been publishing blogs around best practices as well as offering multiple of our services on a trial basis for organisations to quickly onboard few of the controls that needed to be put in place, such as — remote device management services, authentication services, security monitoring services, among others.
We partner with our clients across the three key areas — securing identity and networks; protecting data and workloads for critical data protection, encryption and key management; and managing threats and compliance for one view to stay resilient in the face of risks. To give you an example, one of the largest telecom players, Vodafone Idea Business Services (VIBS) — the enterprise arm of Vodafone Idea, has recently tied up with IBM to launch a secure device management solution for enterprises.
Can you shed some light on IBM’s recently released advanced Cloud Pak for threat management and data security?
Historically, data security has been siloed from threat management, focused on policy and compliance rather than integrated into threat detection and response. As a result, data breaches take companies more than six months on average to identify and contain the threat. Connecting these previously siloed functions is increasingly crucial as sensitive data is further spread across hybrid cloud and remote work operations.
IBM Cloud Pak for Security is the foundation of IBM’s open security strategy and has been designed as a single platform to connect security across disparate tools and clouds. Cloud Pak for Security leverages IBM’s investment in Red Hat, including OpenShift, to advance security across hybrid cloud environments. With Cloud Pak for Security, customers can gain access to a first-of-its-kind security hub that bridges a critical gap in today’s security operations.
The key features of Cloud Pak for Security are —
Bringing Data Security into Threat Response: Integrated data security hub helps security teams understand where sensitive data resides across their environments. It provides information on who is accessing the data and how to better protect it without leaving their primary response platform. This integration is crucial to create a faster and more efficient response to data breach incidents.
Threat Intelligence Feeds: In addition to IBM’s leading X-Force Threat Intelligence feed, IBM has added pre-built connectors for five third-party threat intelligence feeds that can give clients insight into the top emerging threats impacting organisations around the world.
Integrated Services/Support: There is also a dedicated service offering which helps clients get up and running to take full advantage of the platform’s capabilities; Cloud Pak for Security has been designed to streamline collaboration between companies and their third-party security service teams and also supports multi-tenancy for supporting multiple clients or sub-organisations while keeping data separate.
We are witnessing a lot of positive traction for Cloud Pak for Security that allows organisations to manage threats across tools, teams and clouds. Cloud Pak for Security is a very different concept. The traditional approach is to focus on multiple used cases, but only for a portion/section of the organisation. IBM Cloud Pak for Security starts by focusing on complete coverage of the organisation for a certain use case, then builds another integrated with the previous one and then another and so on – finally ensuring complete coverage across multiple used cases.
So, the concept is gaining very good acceptance in organisations who had adopted the traditional approach and found loopholes in their coverage — the loopholes that allowed the attack to pass through even when the control was in place.
What is IBM currently working on in terms of artificial intelligence in cybersecurity?
AI is changing the game for cybersecurity, analysing massive quantities of risk data to speed response times and augment under-resourced security operations. This is the necessary evolution of the cybersecurity industry to keep up with increasingly sophisticated threats and demands for security analysts.
By augmenting the skills of human security analysts, AI allows them to do their jobs faster, more accurately and more efficiently. This, in turn, alleviates the current skills gap that the existing security teams face, by making junior analysts more effective.
AI-augmented security use cases have been witnessed within IBM products for quite some time now. We have the widest usage of the technology to help with behaviour analysis, data security analysis, security response analytics, identity analytics etc. Further, the cognitive analysis based on Watson has also been in production for threat hunting that has been helping security analysts to make decisions quicker. We also see increased usage of AI to perform privacy-related security reporting, alert management, as well as enhancing behaviour based biometrics for identity security.
Is there something specific that the company is doing for the BFSI industry?
BFSI segment has accelerated their digital transformation programs – and we are keeping pace with that transformation with robust identity management controls or ever-pervasive data security controls. Our push towards open standard and modernised security solutions are already offering our clients the best approach on their hybrid multi-cloud journey. We have also ensured that the solutions are ready to onboard the organisation’s existing security controls and thereby protect the investment while plugging the gaps. Also, our services organisations ensure that the security programs are aligned to the business requirements and provide the best of ‘protect’ and ‘manage’ oriented programs.
For instance, we have a longstanding partnership with Bombay Stock Exchange (BSE) under which we helped them to design, build and now manage the next-gen Cybersecurity Operation Centre to safeguard the company’s assets and protect stakeholder data. Similarly, we are also working with New India Cooperative Bank to monitor all their devices’ security logs, report any suspicious activity, identify lapses before they are breached, and help the bank fix it in time for which we have built and managing a Security Operations Centre (SOC). This has allowed the bank to be completely secure while focusing on increasing reach and delivering innovative services to the customer.
How can a hybrid multi-cloud address security concerns of large enterprises as well as small and medium businesses?
As organisations accelerate their cloud journeys, real value, efficiency, and productivity lie in a hybrid cloud infrastructure as it enables them to build and manage workloads across any cloud with a common platform. Hybrid cloud provides organisations with the flexibility to add capacity without having to worry about the physical logistics and the receipt of technology.
We believe there are essentially two most critical elements in this. The data that was secured within the organisation is now being used across the various secure confines. Further, the identity too, is getting increasingly exposed. IBM’s security controls team focuses on securing these two elements, which are the most critical assets within the organisation. These controls are supported by a platform that monitors the effectiveness of the controls by building a Security Operations Centre to monitor the entire hybrid multi-cloud landscape in its entirety.
All these can be consumed based on what is most appropriate for the architecture of an organisation — on-premise, SaaS or as a managed service. That is how we are helping organisations of all sizes and at all levels of adoption. Further, our Cloud Pak for Security is built on an open platform and leverages AI and automation to streamline threat management across hybrid cloud environments. An Industry-first product with an ability to connect threat management, data security and identity within a single platform. It also offers new turnkey security services to address the cybersecurity skills shortage and remote workforce.