Most boards now regard cybersecurity as a business risk rather than solely a technical IT problem, according to a recent Gartner survey.
The COVID-19 pandemic has exposed the inability of traditional business continuity management planning to support the organisation’s response to a large-scale disruption.
With continued disruption likely, Gartner recommends that risk leaders recognise organisational resilience as a strategic imperative and build an organisation-wide resilience strategy that also engages staff, stakeholders, customers, and suppliers.
Sharat Sinha, president for APJ at Check Point Software Technologies, acknowledges that organisations continue to be handicapped by cyberattacks as the attacks evolve and grow in volume. He points to the transformation that is occurring and says the resulting connectivity, which essentially means many new vectors can be utilised to attack companies.
Sharat noted that of the 1,599 average number of weekly attacks against companies, half come from the web and target the very tools that organisations use for legitimate business practices like collaboration tools.
Asked what organisations are doing right and wrong when it comes to tackling these cyber threats, Sharat says the starting point is the education of employees, customers, and their ecosystem partners – make sure they are aware of it (the threats) and have safeguards against these threats.
“Right now, we see generation five attacks, which are multi-vector attacks where email, the networking infrastructure, the cloud infrastructure, endpoint, mobile – any could be utilised to launch an attack,” he noted.
He concedes that many enterprises are not ready for it. He opined that the preference to use best-of-breed for every single component and not having centralised visibility to these threats has also become a problem.
“Many forward-looking enterprises are taking an approach, for example, of consolidating the architecture and having a centralised visibility control over these attacks. Taking a prevention-based approach also helps,” he continued.
He laments that while many enterprises are taking this approach, those that don’t run the risk of getting breached and mitigating from there. Once breached, however, he warns that it becomes very difficult to get rid of the malware once it’s in the system.
The need for a cyber awareness playbook
Because cybersecurity today extends beyond just having a backup and recovery strategy, it may be a best practice to put together a cybersecurity playbook – one that assumes a data loss has occurred and provides reassurance that the business will survive regardless of how the data is lost.
To this end, Sharat says it starts with awareness of common threats that can breach an enterprise.
“People need to be educated about things as simple as phishing, including some of the latest trends like smashing which is SMS phishing. A common threat that has come into the picture is where they would send web links on an SMS and when you click on that you get breached. So, making sure that employees are aware of this kind of threat is important,” he explained.
He also suggests doing penetration testing within the enterprise to understand where things may go wrong. In addition, teaching employees what to do if something does go wrong. He also suggests doing simulations to see how threats can be controlled and can be mitigated.
“On the infrastructure side, I also feel that some level of consolidation between the data centre, cloud infrastructure, endpoint, mobile with common management where you have full visibility and control over the infrastructure is critical,” warned Sharat.
Skills for modern cybersecurity readiness
Asked what skills, experiences, and expertise the enterprise should pull together as part of its security strategy, Sharat says at a very high level, the enterprise needs somebody to understand the entire IT infrastructure, both existing and evolving and understand what kind of threats might come in different areas – to enable the organisation to devise the right security policy.
“Also, defining the right identity and access management. People who should be authorised to use a certain infrastructure should be allowed to do so. Also whitelisting makes sure that both in terms of people and traffic which should access certain infrastructure is allowed to do."Sharat Sinha
“In terms of technical skill set, you need someone who can architect it, someone who can be hands-on enough to dynamically evolve the infrastructure to protect it against evolving threats, and finally someone who constantly monitors evolving threat landscape to make sure that the infrastructure is kept ready, fully protected and agile,” concluded Sharat.
Click on the video player to listen to the full details on the VODCHAT covering:
- There is no shortage of reports almost singing the achievements of hackers. Why do we continue to be handicapped by these?
- What are enterprises in Asia doing right and wrong when it comes to cyber security awareness and mitigation?
- When it comes to cybersecurity awareness, what should enterprises put together as a cyber awareness playbook with which all employees must become familiar?
- What skills, experience and expertise should enterprises look as part of their security strategy?
- Should security be outsourced, or should it stay in-house?
- How do you see cybersecurity evolving in the years ahead?