As the Chairman and Managing Director, Rajarshi is one of the Co-founders at ProcessIT Global, an IT Services and Product Development start-up empowering organisations to simplify and accelerate their digital transformation journeys. Prior to becoming an entrepreneur, Raj served as Country Manager for – Indian at SUSE for over 5 years.
The fast-growing digital transformation adoption across organisations further got accelerated with the pandemic-induced WFH and remote working culture. The IT teams scrambled with the immediate goal of ensuring business continuity during the phase that was immediately followed by the first lockdown. The focus was on building new IT infrastructure, cloud technologies, VPN connectors and remote access servers for uninterrupted workflow with cyber-security taking a backseat. As the cyber-security posture relaxed, organisations experienced security breaches and data losses with business revenues taking a hit. In some cases, even the reputation of the brand was at stake.
Security aspect then had to become the focus area, with IT, teams starting to develop cyber security strategies, both long term and short, to mitigate threats in the new vulnerable IT landscape. Adherence to regulatory compliance and other audit requirements were taken into serious consideration too. Chief Information Security Officer (CISO) and the team were aware that by developing a robust cyber-security strategy without its effective implementation, is only half the job done. It became apparent only a strong cyber-security framework would help the organisation to stay ahead of the curve in this highly competitive environment.
Key focus areas and security implementation processes that ensure the success of the cyber-security strategy are captured here.
Complete visibility and understanding of the threat landscape
Cyber-attacks today are more sophisticated, frequent, intense and high in volume as several new technologies are deployed by threat actors. Threats may occur as Distributed Denial of Service (DDoS) attacks, Ransomware, Social Engineering, sometimes vulnerabilities may reside in the cloud or attacks may occur due to third-party software. Malware trends and phishing trends are other kinds of attacks. Furthermore, the cyber-threat landscape is continuously evolving too, further adding to the complexity. A thorough understanding of all these attacks is a priority for the IT Security team.
Risk or Threat Management capabilities have to be enhanced
Organisations should also look into the level of risk, identify security gaps and current capabilities of managing the threats. The assessment has to be applied to all used technologies, across traditional IT to new age tools and techniques, which will help in evaluating the effectiveness of the security measures currently used by the organisation.
Based on this, security controls have to be in place, by improving risk capabilities in a couple of key areas initially, followed by evaluation of the threat management infrastructure. Thereafter advanced threat management capabilities for the remaining risks have to be established. This risk-based security approach is highly recommended.
The importance of Identity Access Management (IAM) solutions
IAM measures are another important aspect of cybersecurity management. The initial focus will be on enhancing the existing IAM Solutions by increasing control, followed by the implementation of agile solutions in the category. Implementation of solutions for the effectiveness of identity governance and access management besides predictive analytics for User Behaviour and new risks will support the completion of the process.
The remote working environment has to be secured
Work-from-anywhere environment has to first ensure, cyber-security awareness is provided to both employees and all associated business partners who access the organisation’s data and applications from remote locations. Implementing endpoint security solutions to protect users’ devices from threats will ensure data is secured. Zero-trust architecture has to be established with the data protected from unauthorised access, in this evolving threat landscape.
Enhancing the cyber security measures on cloud
With many benefits, such as, easy and quick deployment, scalability, flexibility that come with low-cost cloud computing besides its growing usage, it is all the more critical to ensure the security of the cloud. All cloud services, data, applications, infrastructure, technologies and controls should be continuously protected from threat actors. While cloud providers, such as AWS, Azure and Google Cloud Platform offer security features that are cloud-native, it is equally important to use third party solutions for cloud-based workload protection, ensure no unauthorised access to data assets is made, in addition to managing compliance and security posture.
User Entity Behaviour Analytics (UEBA) tools address compromised accounts
UEBA acts as a detective to address threats that occur within the corporate network and ensures no user’s credentials are stolen and no data is exfiltrated. It leverages AI, ML and behavioural analytics to detect threats on contextual information and remediate them. The tool sounds alerts if it detects a slight deviation in the user behaviour. Sometimes, employees can unknowingly be responsible for compromised accounts and this has to be addressed quickly before further damage is caused.
It is important to consider various options for achieving the security objectives, such as partnering with a cyber-security service provider, who has a specialised talent for various aspects of cyber-security.
Once the implementation has been completed, the plan, policies, guidelines, procedures and responsibilities have to be well documented. The exercise will also encourage adherence to compliance and audit requirements. Training has been provided to employees and a digital security culture should be established across the organisation. One must be aware of the fact, developing and implementing a cyber-security strategy should be continuously monitored and reassessed to measure its progress and success. It is vital for the organisation to stay current with cyber-security changes, address new areas of vulnerability, assess employee and program readiness on an ongoing basis and take timely, appropriate actions.