I believe the magnitude of cybercrimes has escalated to unprecedented levels in the last few years. Threat actors have now turned smarter and stealthier than ever. That is why we are observing cyber-attacks dominating the news headlines every day. Cybercriminals are constantly updating their methods to infiltrate organizations irrespective of their vertical and size:be it a small, mid-size or large enterprise, each one is confronting security challenges. According to the 2020 Cost of a Data Breach Report, 80% of breaches contained customers’ Personally Identifiable Information (PII).
From ransomware attacks, phishing campaigns to massive data breaches, cybercrimes are showing no symptoms of slowing down. Gradually, India is becoming a favourite destination for cybercriminals. For instance, CERT-In reported more than 6 lakh cybersecurity incidents in the first six months of 2021, among which nearly 12000 cases were associated with government companies. Despite businesses are implementing new security solutions and following different approaches, threat actors are finding ways to evade security.
At this time, we are watching the maximum level of expertise among cybercriminals, be it nation-state actors, APT groups or individual threat actors. So, more than before, we need a different and advanced approach to cybersecurity i.e. Predictive and Proactive.
Traditional boundaries have disappeared: Humans are the new perimeter
Since organizations have expanded their commitments towards remote working, we are witnessing companies keeping an intense focus on supporting a substantial remote workforce. This shift has created new security challenges for cybersecurity teams, followed by a new set of vulnerabilities that attackers are constantly seeking to exploit.
With this remote model, data is no longer restricted behind the corporate perimeter. It is continuously moving with employees. The risk increases multifold when employees use unprotected devices and networks to access sensitive business assets. As per the 2021 DBIR, around 85% of breaches involved the human element. Thus, I think that enterprises must plan to protect their workforce who is producing, accessing and sharing critical business data outside the office walls.
Continuous testing and monitoring the resilience will be the key
Continuous assessment and monitoring of security controls help in identifying and blocking an intrusion attempt before it incurs any damage to an organization. Practices like Vulnerability Assessment and penetration Testingassist in evaluating an organization’s security readiness. Also, Breach and Attack Simulation(BAS) can be performed to identify all vulnerabilities in the entire IT infrastructure and security environment. Based on the results, different remediation steps can be followed to mitigate potential risks. Companies can also opt for a Security Operations Center(SOC) for continuous monitoring of security alerts to further detect and respond to potential threats as swiftly as possible.
Bring “Automation” into play
A recent study by Trend Micro revealed that mostly SOC and IT security teams are suffering from high levels of stress incurred by the massive security alerts. Security teams are paying around 27% of their time dealing with false positives. Hence, the adoption of automation in this domain can greatly reduce the load of tasks. Since it allows for faster data collection, several tasks like monitoring and incident response can be made more dynamic and efficient. Automation can cut down the repeatable and time-taking tasks, permitting the experts to focus on high-fidelity alerts. With automation in the picture, we can minimize the error percentage and enhance an organization’s analytic capabilities. We can also discover irregularities and suspicious patterns in the data faster than before, recognizing malicious events with more consistency.
Talent pool needs to update skills and knowledge
Battle against cybercrimes is like a never-ending game, wherein security professionals are required to constantly update their knowledge pool and skills to remain a step ahead of the adversaries. Our defenders must be on the top to find and thwart any complex cyber threat.
Improve cyber security awareness among workforce
Cybercriminals leverage Social Engineering to target and exploit the most vulnerable element i.e.Humans. Threat actors utilize methods like phishing to manipulate victims and gain access to well-guarded applications and systems. Hence, the understanding of cybersecurity and information technology is vital for thwarting any security incident.
Businesses must think of making cybersecurity training a continuous practice as well as a priority to mitigate risks arising from employees’ behaviour. Also, the workforce can be told about how to identify and react in case of prominent threats like phishing, ransomware, malware, etc.
Towards The End
To create a fail-safe cybersecurity strategy, business leaders must set up a plan and capitalize not only on the best technical resources but also in making their employees more conscious of cybersecurity. Being smart in the cyber security domain means being aware of whom we are interacting with, cautious of what link we click on and what content is being shared, and informed about evolving cybercrimes and threats.
The article has been written by Argha Bose, Head – Cybersecurity and Risk Business, TATA Advanced Systems Limited- Cybersecurity Practice