Prioritising cybersecurity is the only way to stop threat actors from barging in, says Arete APAC President
As India goes digital, the possibilities of cyber risks will be naturally high. But with a robust incident response team, businesses can proactively respond to threat actors and minimise the chances of cyber risks at every point possible
In the data-driven world, cybersecurity is a rapidly growing industry with numerous career opportunities for students. The demand for cybersecurity professionals is increasing due to the alarming rise in cyber threats and reliance on technology.
Various career paths are available in cybersecurity, including network security, information security, and cybersecurity engineering. However, this field has a shortage of skilled personnel, and the global cybersecurity workforce gap is expected to reach 1.8 million by 2022. To meet the growing requirement for trained personnel, universities and training programs offer cybersecurity courses and certification programs. In addition, various government and private organizations are investing in cybersecurity education and training to develop a workforce with the necessary skills and knowledge, says Raj Sivaraju, President of APAC, Arete.
Being president of Asia Pacific Region for Arete Incident Response System, Sivaraju with three decades of experience in technology sector including leadership roles in Deloitte, Broadridge Financial Solutions and Elmer Software Ltd, he spearheaded Arete's expansion in India, Japan, Korea and other big business destinations. He told Bizz Buzz in an exclusive interview that digitisation is the key to address the growing incidence of cyber attacks.
What are cyber risks and the current state of cyber statistics in 2023?
It is the possibility of exposure to data breaches caused due to a cyber-incident which would eventually cause tremendous loss and damage to reputation. Cyber incidents in India have ramped up over the years, with threat actors adopting new and innovative techniques. As we see more 5G adoption, CISOs must be careful while transiting to their digital journeys and invest mindfully in security tools and technologies to stay safe against the evolving threat landscape. Likewise, as Metaverse gains relevance, it will serve as a new venue for threat actors to target companies. These emerging trends indicate an urgent need for organizations to strengthen their security infrastructure by building a team of adept cybersecurity experts or joining forces with a leading IR firm.
Though one of the largest growing economies among developing countries, India is witnessing cyber-attacks. What will be the scenario in the future with the country becoming the world's largest data-driven nation with a high density of internet penetration?
Digitisation is the need of the hour not only for survival but also for sustained growth. And that's why businesses and organisations across India are increasingly investing in digital tools and technologies to strengthen their product portfolios and offer world-class solutions to customers.
However, threat actors constantly target them due to a lack of cybersecurity awareness. As a result, it is more critical than ever to prioritise cybersecurity now. This is the only way to stop threat actors from barging in and compromising enterprise data.
At Arete, we believe that cyber incidents are inevitable. However, with a robust incident response strategy, businesses can ensure quick recovery, restore their operations in the least time possible and thus keep the ball rolling. As India goes digital, the possibilities of cyber risks will be naturally high. But with a robust incident response team, businesses can proactively respond to threat actors and minimise the chances of cyber risks at every point possible.
What offerings does Arete provide to help organisations respond to cyber threats?
At Arete, we have an elite team of cybersecurity experts working on the front lines of multiple ransomware attacks on businesses and governments. The idea is to help victim companies recover from cyber incidents as quickly as possible with minimal disruption, learn from them, and stay prepared to respond to future events. Our solutions include incident response to restore normal operations, managed services to strengthen their approach to cybersecurity, and advisory services to navigate and mitigate overall cyber risk.
Our process starts with assessing the breach by engaging remotely. Next, we gather more details on both the environment and affected systems to devise a customized recovery plan. This is when our team of expert negotiators steps in for assistance throughout the negotiation process. Once everything is sorted, we help clients understand the attack details through thorough forensic analysis. This measure comes under post-response analysis, where we also assist in system restoration, data recovery, endpoint detection, and response, thus protecting the victim organisation from similar events in the future.
Being a domain expert, how do you think one has to deal with emerging threats with incident management?
As a domain expert in cybersecurity, dealing with emerging threats requires a robust incident management process that can effectively detect, respond to, and recover from cyber incidents.
The incident management process should include the following steps: Preparation: The organisation should have a well-defined incident response plan that includes procedures for identifying and classifying incidents and roles and responsibilities for the incident response team.
I think the organisation should have a system for detecting and analysing potential incidents. These may include security monitoring tools, intrusion detection systems, security information, and event management (SIEM) systems, as well as manual processes for identifying suspicious activity.
Containment and eradication is also important. Once an incident has been identified, the organisation should take immediate steps to contain the incident and prevent it from spreading. Disabling network access, shutting down affected applications, or isolating affected systems may be some of the ways to address this issue.
Once the incident has been contained and eradicated, the organisation should restore affected systems and data to their previous state. This may involve restoring from backups, reinstalling software, or repairing damaged systems.
As part of post-incident analysis, after the incident gets resolved, the organisation should conduct a post-incident analysis to identify the root cause of the incident and determine preventive measures for similar incidents from occurring in the future.
In addition to having a well-defined incident management process, it is also important for organisations to have a culture of cybersecurity awareness and to provide regular training and awareness programs to employees. This helps ensure that everyone in the organisation is aware of the potential threats and knows what to do in the event of an incident.
In conclusion, dealing with emerging threats requires a proactive approach to incident management, including preparation, detection and analysis, containment and eradication, recovery, and post-incident analysis. By following these steps and promoting a culture of cybersecurity awareness, organisations can effectively manage and mitigate the risks associated with emerging threats.
Is incident response an integral component of any enterprise cybersecurity strategy? What would you like to say about this?
Yes, incident response is vital for companies to regain control of their systems, restore normal business operations, and learn from it to thwart future events. In addition, organisations must gain awareness of cybersecurity vulnerabilities and educate themselves to stay vigilant and take corrective measures when an attack happens. At Arete, we are adept at containing threats, strengthening endpoints to minimise damage, and leveraging proprietary data analytics to help clients make critical decisions regarding ransom payments.
Why is incident response required in healthcare organisations?
Although the healthcare sector has started adopting digitisation, there are still many players following legacy systems that need robust security mechanisms. This sector deals with a significant volume of patient data. Traditional techniques, however, compromise their safety.
Threat actors can use this data to perpetrate insurance fraud or directly sell it on the dark web. Such cyber events can also lead to delayed treatments, extortion attempts against patients, and deaths, in the worst-case scenario. An incident response team is thus essential to identify and contain threats and ensure a quick recovery. At this juncture, when the world is rapidly going digital, healthcare organisations must invest in IR to keep patient data safe and deliver high-quality patient care and overall better health outcomes.
How secure is India from a ransomware attack like 2020 and a data breach on a payment company impacting 35 million customers?
India, like many other countries, is facing an increasing number of cyber threats, including ransomware threats and data breaches. The ransomware threat on the Indian electricity authority and the data breach on a payment company impacting 35 million customers are just two recent examples of the growing threat landscape in India.
While it is impossible to eliminate the risk of cyber threats completely, India has taken steps to improve its cybersecurity posture. The government has launched various initiatives and programs to enhance cybersecurity, such as the National Cyber Security Policy and the Cyber Swachhta Kendra program.
In addition, the government has also established the Indian Computer Emergency Response Team (CERT-In), which serves as the national nodal agency for responding to cybersecurity incidents. CERT-In provides early warning and incident response services, technical assistance, and advice on cybersecurity issues.
Despite these efforts, there is still much work to be done to improve India's cybersecurity posture.
Many organisations in India, notably smaller businesses, may need more resources and expertise to implement robust cybersecurity measures against cyber threats. Moreover, as India continues to digitize its economy and society, the attack surface for threat actors will likely expand, making securing it more challenging.
India must continue investing in cybersecurity measures and raising awareness of the risks and best practices for protecting against cyber threats. This includes developing a robust regulatory framework, promoting cybersecurity awareness and education, and encouraging collaboration between government, industry, and academia. In addition, India needs to continue prioritising cybersecurity and take proactive measures to protect its critical infrastructure and citizens from cyber threats.
Is any solution available to protect from phishing and malware attacks, ransomware, weak passwords, and insider threats?
In the dynamic business environment of nowadays, partnering with a top IR firm is undoubtedly a strategic advantage. But it doesn't mean you should avoid the basics, such as being aware of the current developments in cybersecurity, changing and setting strong passwords, updating the system, and knowing what steps to take after a cyber incident occurs. Organisations should therefore conduct workshops and knowledge sessions to educate their employees and train them to take corrective measures. Such incidents are inevitable, and one can never be 100% safe. However, with these measures in place, CISOs can reduce the chances of cyber risks.
What are the most prevalent ransomware threats in India? Please elaborate.
India has been affected by many ransomware incidents in the last few years. However, a few names that top the charts include WannaCry, NotPetya, SamSam, and DarkSide. These threat actors have caused significant global disruptions, including India, France, Germany, Italy, Poland, the UK, and the USA. In most cases, the ransom was demanded in Bitcoins. In addition, these attacks were targeted at diverse bodies, such as banks, businesses, and even security firms.
Do you suggest a national policy on data security?
The increasing amount of sensitive data being collected and stored by organisations and the ever-evolving cyber-attack methods make it necessary to have a comprehensive and cohesive approach to data security.
A national policy on data security can provide a framework for ensuring the confidentiality, integrity and availability of data, regardless of the organisation holding it. It can establish guidelines and standards for data security practices and require compliance. It can also provide legal and regulatory tools to regulate noncompliance and incentivise positive reinforcement.
How are the opportunities in cybersecurity as a career for the students? Are we able to meet the demand for skilled personnel in this field to meet the growing requirement?
While the cybersecurity industry offers many opportunities for job security, competitive salaries, and professional growth and development, ongoing education and training are essential to maintain a skilled workforce in this field. Cybersecurity is a promising career path for students interested in this field.