Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience

Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience

Show Video

[Music] I'm Andrew Flynn I'm the regional executive  editor for CSO online uh I'm really happy   today to be speaking to Tanga P upen who is  the chief digital officer for eyink digital   hello welcome hello Andrew nice to see you  and thanks for having me today uh today uh   we want to talk about this concept of resilience  resiliency however you want to say it these are   words that are thrown around much in the  cyber security Community uh especially in   the context of being prepared for threats uh more  specifically how to uh bounce back from threats   and I was wondering if you could help explain it  a little more than that because that's a pretty   big catch all um you know threats are escalating  AI is AI use is is right Rising fast what are we   talking about when we talk about resilience yeah  your spot on Andrew so um overall when we talk   about resilience in the context of cyber security  especially concerning the AI risks right that's   all evolving and it is on a much more faster  phase now than before a couple of years back   so um we definitely need to Define this properly  um as an example so taking a quick and effective   action uh to do to deal with with an ID security  incident right it is a concept that integrates   business continuity information system security  and Al organizational race Alliance so the the   basic aim is to help all the organization to  prevent cyber risks by reducing the impact of   attacks and also ensuring the business continuity  um is PED if there is an attack right so there   are certain Frameworks that we follow how do we  create the Cyber resell L itself right for example   um conducting a thorough risk analysis building  a cyber security management framework right   so we need to have um developed some plans for  responding to events and incidents right like for   example tabletop exercise what is your Incident  Management plans looks like have we evaluated   have we improved our security measures if you're  are doing an audit year on year or at least twice   an year right do we have uh enforced have we  enforced any robust Authentication policies do   we have a proper backup data backup and Recovery  procedures business continuity plan like for   example data backup like 3 to1 backup policies and  Disaster Recovery Solution so nist also defined   the resc for um cyber security specifically with  the goal of uh anticipating withstanding the cber   security and then recovering in terms of business  continuity and adaptability so those are some of   the points someone definitely needs to think  through when we are defining the resilience   for the context of cyber security so we're talking  about planning a lot essentially being resilient   is having a plan in place uh and I've heard a  lot of people say it's not if you're going to be   attacked it's when you're going to be attacked you  know and we've seen that in the rising statistics   I'm wondering do you have an example off the top  of your head of a real life incident where someone   has proved their resilience by recovering quickly  from an attack or or recovering better than they   otherwise would 100% yeah so we deal with these  kind of attacks and um recovery at least once in   a month right so after the fact few new clients  contacts us this is what happened specifically   the realtime example I want to call out here  on the ransomware and also on the email fishing   right so we have help clients um recovering from  ransomware especially the client having an backup   in isolated Network right so one of my client  based out of West Coast so the hacker was into his   environment for almost like six to eight months  waiting for the right time he was already having   access and then he was encrypting some of the  datas so after eight months is what this client   realized some of the important files got encrypted  and then it was all ransomware this is one example   so wherein we went in and then stopped the spread  we we did a thorough analysis and then um reset   the password of a specific account that got  compromised and even when we reset this account   so um the still the user was able to impact it  the hacker was still able to um do an encryption   because the active directory golden ticket was  stolen right so as long as we are not able to   um reset the active directory golden ticket the  hacker was still able to continuously encrypt   the files even though we resent the password so  we did a thorough analysis and then we followed   protocols to reset golden ticket and we stopped  the hacking on on ransomware and we also helped   this client to recover the data from backup few of  the systems we had to rebuild so it took some time   during the weekend and then we are successfully  able to bring the business back to board um on   the technology front this is one example another  example this happened recently last month one of   my other client got a fishing email it was it was  looking like a very legitimate email coming from   his vendor for a payment with an invoice and then  he started um doing the payment processing then   during that stage so one of our tool captured um  this guy is coming from an malicious IP and then   we stopped the thread and then even like there  was some kind of potential impact happened but   we were able to do it uh recover the business the  email set some security policies controls put some   controls in place and finally is good so those  are the two realtime examples I can think about   immediately overall the hackers are now targeting  to um impact the backup data because because we   will only backup the important critical data right  so if he gets access to that backup data and then   he um do those attacks for those backup data  then the company is screwed up so implementing   a Sim solution and then doing an automatic thread  deduction automatic remediation um with playbooks   right somebody has not only to be like a coder or  a software developer writing scripts techniques   those things like that but recently using AI a lot  of new techniques have come up uh we can just drag   and drop easy to configure um we can easily create  those playbooks and mainly we want to see uh to   um realize if it is a false positive and true  positive and to do threat hunting so those are   some of the real-time examples that I can think  about when it comes to significant cyber threat   and how we prevented it you are what is known  as an ethical hacker does that help you prepare   companies for uh you know to create a response  for things like the attacks that you described   does it help in other words does it help being  having a little bit of inside knowledge about   how the attackers are operating 100% 100% right  so for us to stop these attacks or for us to deal   with after the fact if something got impacted  I need to be an ethical hacker right I need   to think from the Hacker's perspective how this  attack might have happened happen or what are the   things hacker is thinking to implement in the near  future right so and whenever we do testing like   penetration testing external penetration testing  we do ethical hacking like a hacker to see what   are the different potential viabilities and open  threats this particular organization has so the   hacker is also starting those protocols similarly  so for us being an ethical hacker definitely helps   to think from the hacker perspective and do  all things like hacker but ethically to stop   and then remediate and also give recommendations  to organizations for example information security   threats and viabilities um password cracking  techniques right social engineering techniques   Network level attacks um web application  attacks Wireless attacks mobile attacks   iot cloud computing threats so on and so forth  which are part of the ethical hacking is what the   is also trying to um get compromised into the  environment so in other words if I want to test   the limits of how prepared I am I would want  to engage someone who can literally test those   limits by trying to hack my systems absolutely  absolutely so it doesn't take much time to create   Pages like Facebook or Google or Yahoo right so  it takes like at least minimum 10 minutes on an   average and then they can create a link which is  a malicious link when the user clicks on this link   it will look like your Facebook or Google page  but behind the scene the hacker is watching what   your what you're doing because he copied all the  data from those websites and then he created on   his own so it is so as easy as this to create  these sites within like matter of 10 minutes I   don't think anybody's under any illusions that the  threat landscape isn't treacherous and growing and   growing fast um for companies out there that are  watching how do you know that you're not you're   not resilient uh what are what are the signs  that you're not prepared that um you know as   much as you've done mitigating the chance of  an attack uh how do you know that you're not   prepared if one is going to happen how do you know  you're not resilient yeah so those are come some   of the common warning signs that the technical or  this the Security leaders should be aware of what   are the different po IAL viabilities within their  Organization for example if I want to call a few   examples user Behavior patterns right let's say  user X opens 20 files per day 20 excels per day   and suddenly he sees user X opening like 200,000  files right that's a user Behavior pattern that we   are talking about right then there is definitely  something wrong that's a warning to the security   leader to see exactly what's going on same wise  like unusual network activity like in terms of   if he seeing a high utilization on bandwidth a  network utilization those kind of things is also   early warning signal um unauthorized access  and then unexplained data modification right   same like same example if I pick um the user X so  e is modifying and changing like 20 files per day   but we are seeing a lot of files getting modified  within like let's say like 10 minutes or even like   a minute's time right so why this data is getting  modif ified unexplained and also within a faster   phase so maybe it's around somewhere maybe it's  an encryption happening right so then we create   a lot of um playbooks like I said which will  detect if there's a lot of data modification   happening on a specific Target then we are going  to block um the access and then we are going to   notify the admin security admins that's one of  the data modification that I'm talking about   and also increased fishing attempts um if we see  performance issues in applications databases any   data sources for that matter performance issues  then definitely that is a warning sign and then   Sab security incidents like frequently happening  um if we have an insufficient network security   inadequate endpoint security and the main thing  I definitely want to call here is the lack of   employee training and awareness right so we always  talk about and we all implement we spend a lot   of time on deducting and fixing availabilities  patching and all the stuff but lack of employee   training a and awareness is is the most critical  thing I would say for the Cyber Security leaders   to um ensure we do that so that like most of the  cyber attacks can be stopped there itself and then   one more scenario like excessive downloads and  then anomalies of employees Behavior those are   the clear warning signs of Insider threat that  somebody has to definitely take a look on and   also having a key risk indicator metrics will  help organization level um to reduce the risk   level and also to do uh track on the evaluation  of the risk profiles I hope that was helpful   absolutely and no I think we're all worried about  social engineering uh fishing it it's such a huge   component of what we need to be prepared for um  I'm also wondering okay so we know this is GNA   happen we know employees aren't perfect and you  know aside from lots of training uh you can be   as prepared as you want but these things are going  to still happen um so how should I be investing if   I'm a technology leader if I'm a security leader  um you know I know there's lots of generative AI   properties coming on the market from many many  vendors should I be putting money into should I   be investing in this Cutting Edge AI um technology  or should I be investing in staff uh you know we   know there are staffing issues out there just so  that I'm ready that once one of these tax does   happen that I can bounce back better in other  words do I need more technology more people   what is it I need to be to have that resilience  yeah that's a really a critical and complicated   question so overall um two parts right investing  in Cutting Edge technologies that is really   important and also Staffing um we have adequate  Staffing that is the second thing which we always   have a challenge because right now according to  the industry we are running on negative minus   when it compare when it comes to the talent and  and ummes subject matter experts on the security   side when opposed to the number of threats and  number of events happening across the globe so to   answer the first one um the investment of course  as business continues to innovate and EMASS new   technologies um balancing between the security uh  critical leader information and balancing between   the Innovation that is equally important right  because cyber attacks are happening every 40   seconds unfortunately and then um if we want to  keep up to the speed in stopping those deducting   those remediating those investment is definitely  must um for us to do that so let's say even talk   about doing a security audit evaluating the  current security score implementing a risk   framework audit or risk values um defining  the risk criterias risk mitigations and then   risk acceptance right so all of these things  definitely need some kind of investment doing   a tabletop EXC exerise allocating the budget and  then keeping some investment wisely for the tools   and Technologies for the cyber security is really  important and when it comes to the skill set right   so so we also need to do um some kind of stuff  augmentation um in in order to get the smmes quick   right so sta augmenting with skilled professionals  um offers this organization a strategic approach   to bridge the skill Gap and this will also  help to unlock the potential of uh sub   initiatives so understanding the cyber security  needs defining the cyber security role for each of   the team members identify good candidates within  the team offer them training and then um give them   a certification goal certification opportunity  so creating um security Labs doing research   documenting the solution what they're finding  and then participating in competitions like   hackathon ideon so those things will definitely  help in improving the cyber security skill   on top of it offering competitive compensation  right good compensation um to help retain the   top talents on the Cy security team so those are  some of the points I can think about when it comes   to um the talents and also the investment for  the cyber security so what we're talking about   a lot here is the more it sounds like what you're  saying is the more prepared you are or any kind of   attack the more resilient you are because you're  going to stop more of the attack you're going to   mitigate more of the vulnerabilities you're going  to get ahead of the curve by being prepared so   that when it does happen when you do get hacked  when your data is accessed um the consequences are   less when you've got that preparation in place  yeah so the so the consequences are less so it   has to be like 100% yeah you're right so some  preparation and also uh accepting the risk what   they have what they don't have at least they have  to know what what is there in the system and what   are different types of risk so overall we talk  about like anticipating right organization need   to anticipate many types um including let's  say adversity um including withstanding and   then recovery of the data and adaptability of the  Technologies is what we normally talk about so the   key considerations also definitely matters when  it comes to the cisos and Security leaders what   are the different topics and and agenda and goals  for a specific year on the cyber security side so   what you're saying essentially is that an ounce of  prevention is worth a pound of cure that old um I   I also wanted to ask you talk about cesos and and  other cyber security leaders um cyber secur is a   very secretive game and for good reason you know  we don't want to share information that gets out   there at the Bad actors can use against us uh but  how important do you think it is for for Security   leaders to collaborate to share their experience  to share Lessons Learned when they when they do   get attacked you know to to share those best  practices um how important is that it's it's   very very important for the collaboration among  the organizational leaders and among different   organizations specifically organizations like  cisa so they are also releasing a lot of news and   keeping an eye watch in the industry um overall  organization often they focus on technical aspects   in advanced tools and then sometimes they  forget about the vital role of relationship   right like you said um the vital role of doing  a collaboration between organizations between   different teams within the organization um so  this collaboration and communication is really   important for achieving effective cyber security  and the resilience um and and we are also seen   successful operation involving like honest and  clear communication during an incident that's   really important inclusive um of choices and  Readiness to welcome new ideas and diverse news   right for automation using AI using let's say  co-pilot so those are some of the latest tools   that's coming up in the market and it's all always  evolving AI was always there but now it is like   on boom right so by eliminating some barriers and  for forecasting doing some kind of Corporation um   organizations can leverage the wisdom of different  teams to learn from each other and then there are   a lot of forums and and and articles white papers  there are few demos also available in few websites   so things like that they should definitely  collaborate give more inputs right reply to   the website white papers and and blogs through  those kind of collaboration we can definitely   learn and uh reduce overall cyber attacks we can  also do like a thorough risk assessment we can   do like a stronger incident response capabilities  and we can we should be able to take like better   decisions when it comes to the overall cyber  security landscape part of the collaboration   so then you are having conversations with your  peers about how to how to better protect every   100% 100% so I'm also contributing to a lot of  blocks replying and then why the same like I ask   questions to them and then get responses learning  from each other is the point key point so if you   have one piece of advice for a security or it  leader who's realizing they're not prepared to   bounce back as well as they could be um if you  could tell them where to start you know where   do you begin this process of becoming a resilient  organization that is prepared for and prepared to   bounce back from attacks yeah sounds good so um  I would definitely advise based on the AI Trend   going on today because cyber attacks are powered  by Ai and they are transforming the landscape uh   a lot right so having a very good culture that  prioritize security awareness and flexibility   motivating the employees to keep up to the cyber  security based practices and recommendations   um let's say malware attack and cyber threats  like fishing attacks ransomware so on and so   forth so keeping the culture itself and keeping  the security awareness that is the most important   advice I would definitely say basically train  all the employees and make sure we have a   standard process right we have a guide and also  lower that will all lower the frequency of the   incidents across the board right so creating that  culture of improved security framework is really   important I would say and the leaders will  help their organization will fulfill um its   purpose by keeping the Cyber threats under  the control so even if they're not aiming   like 100% so they have to follow this culture  keep those things in recommended way follow   those framework um so promoting a culture  for cyber security is really important and   that will make a stronger uh decision  whenever it comes to the cyber security   world so it's not a matter of going out and  spending a ton of money on new equipment   on new software it it's more about fostering a  cultural change within your organization yes you   called that exactly right so foster a culture  that prioritize the security awareness and   flexibility yeah other advice do you have for um  for more experienced cesos and csos and Security   leaders what should they be thinking about what  are the unexpected threats that we're going to   be facing in the future when it comes to building  a really solid foundation that is resilient yeah   so absolutely so when when it comes to um little  bit extensive ideas definitely zero trust policy   is on the top of my list right so doing a zero  trust policies and making sure we have zero trust   controls which means this data we are not going  to trust anyone to give access right unless it is   absolutely necessary we are going to give access  and we are not going to trust anyone zero trust so   that is the key um that's going to come um  in future it's already there but it's going   to expand in future a bit more and then stop and  watch and then react to cyber threats right and   definitely I would suggest a strong Disaster  Recovery um to be on safer side it's just not   for the cyber attacks but even if a primary site  is down or due to some natural calamities This   Disaster Recovery plan will help and then overall  establish and maintain a good cyber hygiene right   so that will help to Ure all the assets throughout  the organization so those are some of my other um   advice to the Cyber resilience leaders excellent  thank you Tanga this has been a great conversation   I really appreciate talking you to you today  thank you so much for joining us thank you   very much for having me Andrew nice talking  to you today as well thanks a lot take care

2024-07-17 12:43

Show Video

Other news