How to exorcise security evils with low tech investments?

Technology leaders are walking tightrope as they balance between low technology investment and a modern approach to keep security threats at bay.
  • Updated On Mar 21, 2022 at 02:42 PM IST
Read by: 100 Industry Professionals
Reader Image Read by 100 Industry Professionals
By Krishna Mukherjee

The nightmares are turning into reality. The security evils are around and keeping an eye to inflict damages on PLC systems, manufacturing plants, healthcare systems, transportation systems, among others. Since the outbreak of the pandemic, the attacks on organizations have grown many-folds, giving sleepless nights to the technology leaders. The Covid-19 pandemic has accelerated the pace of security threats, compelling organizations to step up and ward off their security walls from breaches. In fact, the World Economic Forum’s Global Risk Report for 2021 has already placed cybersecurity failure among the greatest threats facing humanity within the next decade.
In such a scenario, the technology leaders are walking the tightrope as they balance between low technology investment and a modern approach to keep such threats at bay. As cyber perpetrators have upped the ante, certain perpetual efforts by the leaders are helping in defending them at lower budgets.

Advt
According to Kapil Mehrotra, Group Chief Technical Officer, National Collateral Management Services Limited: “Certain steps such as assets reconciliation, users data backup and constant updation needs to be performed regularly without any hiatus. And if feasible, as most of the attacks originate outside India, blocking international IP or geo-fencing are the best ways to avoid communication from such countries and stay protected.”

Echoing similar views, Rohit Jain, CIO, Tavant Technologies, says: “CISOs traditionally rely on large technology investments to keep the enterprise secure. However, the best tools are not a panacea if basic security hygiene is not in place. Before rushing out to acquire the latest toolset to protect every layer, organizations must inculcate a security-first mindset; implement hardening measures for endpoints, servers, and network devices; institute regular log reviews and account reconciliations; have air-gapped backups.”

While some incremental investments may be vital to upgrade and mitigate the latest cyber threats, organizations can leverage existing IT tools and products supported by comprehensive risk assessments and robust processes to improve the basic cyber hygiene like asset, identity and access management, regular patching and data backups.

“Organizations can invest the available budget optimally in an expert team and few state-of-the-art tools based on the risk profile. They can opt for open-source cyber security tools and software to augment their arsenal. For smaller organizations, it may be prudent to use managed security services to build and operate a comprehensive cyber security defence,” elaborates Parag Deodhar, Director - Information Security, APAC, VF Corporation.

Advt
The CIOs are of the view that several critical constituents of any plan to strengthen cybersecurity don’t require large investments. Since most cyber threats use social engineering and phishing techniques, it is vital to make the organization aware of the techniques to make the business less vulnerable to attack.

“I personally always start with employee education. Simple first steps colleagues should take include treating every single email as malicious unless they have established otherwise and not revealing too much information on social media. Training all employees about these fundamental techniques will not cost an arm and a leg. Remember that your weakest defence are cybersecurity-unaware users,” said Sam Sahana, Chief Digital Information Officer (CDIO), Walgreen Boots. He is also the board director and CTO of ReBOUND Returns.

Misconfiguration Alert
Talking about the grey areas of misconfiguration, TG Dhandapani, Independent Director, ESDS Software Solution Limited, warns that “Misconfiguring a business application can potentially slow performance or disable features, but misconfiguring a security tool can be much worse, as it could create a vulnerability that cyber attackers can exploit to deliver malicious payloads and steal valuable business data. Simple and unambiguous processes and instructions ensure not only security personnel but also IT users to understand, appreciate and adopt security needs.”

This is not just some theoretical problem that seldom crops up in the real world. Research firm Garner projects that 99% of firewall breaches and 75% of mobile breaches will be caused by misconfiguration.

“A router misconfiguration at United Airlines grounded more than 90 aircraft at US airports for over two hours—causing widespread disruption to flights and negative publicity,” he adds.

Clearly, adding complexity to security solutions in pursuit of greater functionality isn’t the answer, it just complicates things by making the products less accessible and more difficult to set up and manage. Ironically, by complicating the process thinking that it would help organizations improve their security stance can actually have the opposite result.

JP Dwivedi, Chief Information Officer, Rajiv Gandhi Cancer Institute & Research Centre, opines the combination of alert humans, well-designed processes and robust technology may keep threats at bay. “A careful study of all major attacks reveals that the primary source of all such attacks has been unpardonable negligence on part of people responsible for keeping and securing information assets. The other common mistake is relying on old paradigms, false sense of security around anti-virus and firewall. This is a time of zero trust networks and preventing zero day attacks. Having these two zeros in mind will keep a lot of bad omens at bay.”

“Our approach needs to be a secure methodology in synchronization with cost effective technology to build the right security walls. The industrial approach, with security solution providers needs to be, We and not I.
In the We approach, both work together to strengthen each other, like Arena vs normally in I approach the Blind and Close positions build the assumptions in each other and investment leakages happen,” says Ashok Asawale, Advisor IT, We School Welingkar Institute of Management and Technology.
  • Published On Mar 21, 2022 at 02:42 PM IST
Be the first one to comment.
Comment Now

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles
Scan to download App