Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience
[Music] I'm Andrew Flynn I'm the regional executive editor for CSO online uh I'm really happy today to be speaking to Tanga P upen who is the chief digital officer for eyink digital hello welcome hello Andrew nice to see you and thanks for having me today uh today uh we want to talk about this concept of resilience resiliency however you want to say it these are words that are thrown around much in the cyber security Community uh especially in the context of being prepared for threats uh more specifically how to uh bounce back from threats and I was wondering if you could help explain it a little more than that because that's a pretty big catch all um you know threats are escalating AI is AI use is is right Rising fast what are we talking about when we talk about resilience yeah your spot on Andrew so um overall when we talk about resilience in the context of cyber security especially concerning the AI risks right that's all evolving and it is on a much more faster phase now than before a couple of years back so um we definitely need to Define this properly um as an example so taking a quick and effective action uh to do to deal with with an ID security incident right it is a concept that integrates business continuity information system security and Al organizational race Alliance so the the basic aim is to help all the organization to prevent cyber risks by reducing the impact of attacks and also ensuring the business continuity um is PED if there is an attack right so there are certain Frameworks that we follow how do we create the Cyber resell L itself right for example um conducting a thorough risk analysis building a cyber security management framework right so we need to have um developed some plans for responding to events and incidents right like for example tabletop exercise what is your Incident Management plans looks like have we evaluated have we improved our security measures if you're are doing an audit year on year or at least twice an year right do we have uh enforced have we enforced any robust Authentication policies do we have a proper backup data backup and Recovery procedures business continuity plan like for example data backup like 3 to1 backup policies and Disaster Recovery Solution so nist also defined the resc for um cyber security specifically with the goal of uh anticipating withstanding the cber security and then recovering in terms of business continuity and adaptability so those are some of the points someone definitely needs to think through when we are defining the resilience for the context of cyber security so we're talking about planning a lot essentially being resilient is having a plan in place uh and I've heard a lot of people say it's not if you're going to be attacked it's when you're going to be attacked you know and we've seen that in the rising statistics I'm wondering do you have an example off the top of your head of a real life incident where someone has proved their resilience by recovering quickly from an attack or or recovering better than they otherwise would 100% yeah so we deal with these kind of attacks and um recovery at least once in a month right so after the fact few new clients contacts us this is what happened specifically the realtime example I want to call out here on the ransomware and also on the email fishing right so we have help clients um recovering from ransomware especially the client having an backup in isolated Network right so one of my client based out of West Coast so the hacker was into his environment for almost like six to eight months waiting for the right time he was already having access and then he was encrypting some of the datas so after eight months is what this client realized some of the important files got encrypted and then it was all ransomware this is one example so wherein we went in and then stopped the spread we we did a thorough analysis and then um reset the password of a specific account that got compromised and even when we reset this account so um the still the user was able to impact it the hacker was still able to um do an encryption because the active directory golden ticket was stolen right so as long as we are not able to um reset the active directory golden ticket the hacker was still able to continuously encrypt the files even though we resent the password so we did a thorough analysis and then we followed protocols to reset golden ticket and we stopped the hacking on on ransomware and we also helped this client to recover the data from backup few of the systems we had to rebuild so it took some time during the weekend and then we are successfully able to bring the business back to board um on the technology front this is one example another example this happened recently last month one of my other client got a fishing email it was it was looking like a very legitimate email coming from his vendor for a payment with an invoice and then he started um doing the payment processing then during that stage so one of our tool captured um this guy is coming from an malicious IP and then we stopped the thread and then even like there was some kind of potential impact happened but we were able to do it uh recover the business the email set some security policies controls put some controls in place and finally is good so those are the two realtime examples I can think about immediately overall the hackers are now targeting to um impact the backup data because because we will only backup the important critical data right so if he gets access to that backup data and then he um do those attacks for those backup data then the company is screwed up so implementing a Sim solution and then doing an automatic thread deduction automatic remediation um with playbooks right somebody has not only to be like a coder or a software developer writing scripts techniques those things like that but recently using AI a lot of new techniques have come up uh we can just drag and drop easy to configure um we can easily create those playbooks and mainly we want to see uh to um realize if it is a false positive and true positive and to do threat hunting so those are some of the real-time examples that I can think about when it comes to significant cyber threat and how we prevented it you are what is known as an ethical hacker does that help you prepare companies for uh you know to create a response for things like the attacks that you described does it help in other words does it help being having a little bit of inside knowledge about how the attackers are operating 100% 100% right so for us to stop these attacks or for us to deal with after the fact if something got impacted I need to be an ethical hacker right I need to think from the Hacker's perspective how this attack might have happened happen or what are the things hacker is thinking to implement in the near future right so and whenever we do testing like penetration testing external penetration testing we do ethical hacking like a hacker to see what are the different potential viabilities and open threats this particular organization has so the hacker is also starting those protocols similarly so for us being an ethical hacker definitely helps to think from the hacker perspective and do all things like hacker but ethically to stop and then remediate and also give recommendations to organizations for example information security threats and viabilities um password cracking techniques right social engineering techniques Network level attacks um web application attacks Wireless attacks mobile attacks iot cloud computing threats so on and so forth which are part of the ethical hacking is what the is also trying to um get compromised into the environment so in other words if I want to test the limits of how prepared I am I would want to engage someone who can literally test those limits by trying to hack my systems absolutely absolutely so it doesn't take much time to create Pages like Facebook or Google or Yahoo right so it takes like at least minimum 10 minutes on an average and then they can create a link which is a malicious link when the user clicks on this link it will look like your Facebook or Google page but behind the scene the hacker is watching what your what you're doing because he copied all the data from those websites and then he created on his own so it is so as easy as this to create these sites within like matter of 10 minutes I don't think anybody's under any illusions that the threat landscape isn't treacherous and growing and growing fast um for companies out there that are watching how do you know that you're not you're not resilient uh what are what are the signs that you're not prepared that um you know as much as you've done mitigating the chance of an attack uh how do you know that you're not prepared if one is going to happen how do you know you're not resilient yeah so those are come some of the common warning signs that the technical or this the Security leaders should be aware of what are the different po IAL viabilities within their Organization for example if I want to call a few examples user Behavior patterns right let's say user X opens 20 files per day 20 excels per day and suddenly he sees user X opening like 200,000 files right that's a user Behavior pattern that we are talking about right then there is definitely something wrong that's a warning to the security leader to see exactly what's going on same wise like unusual network activity like in terms of if he seeing a high utilization on bandwidth a network utilization those kind of things is also early warning signal um unauthorized access and then unexplained data modification right same like same example if I pick um the user X so e is modifying and changing like 20 files per day but we are seeing a lot of files getting modified within like let's say like 10 minutes or even like a minute's time right so why this data is getting modif ified unexplained and also within a faster phase so maybe it's around somewhere maybe it's an encryption happening right so then we create a lot of um playbooks like I said which will detect if there's a lot of data modification happening on a specific Target then we are going to block um the access and then we are going to notify the admin security admins that's one of the data modification that I'm talking about and also increased fishing attempts um if we see performance issues in applications databases any data sources for that matter performance issues then definitely that is a warning sign and then Sab security incidents like frequently happening um if we have an insufficient network security inadequate endpoint security and the main thing I definitely want to call here is the lack of employee training and awareness right so we always talk about and we all implement we spend a lot of time on deducting and fixing availabilities patching and all the stuff but lack of employee training a and awareness is is the most critical thing I would say for the Cyber Security leaders to um ensure we do that so that like most of the cyber attacks can be stopped there itself and then one more scenario like excessive downloads and then anomalies of employees Behavior those are the clear warning signs of Insider threat that somebody has to definitely take a look on and also having a key risk indicator metrics will help organization level um to reduce the risk level and also to do uh track on the evaluation of the risk profiles I hope that was helpful absolutely and no I think we're all worried about social engineering uh fishing it it's such a huge component of what we need to be prepared for um I'm also wondering okay so we know this is GNA happen we know employees aren't perfect and you know aside from lots of training uh you can be as prepared as you want but these things are going to still happen um so how should I be investing if I'm a technology leader if I'm a security leader um you know I know there's lots of generative AI properties coming on the market from many many vendors should I be putting money into should I be investing in this Cutting Edge AI um technology or should I be investing in staff uh you know we know there are staffing issues out there just so that I'm ready that once one of these tax does happen that I can bounce back better in other words do I need more technology more people what is it I need to be to have that resilience yeah that's a really a critical and complicated question so overall um two parts right investing in Cutting Edge technologies that is really important and also Staffing um we have adequate Staffing that is the second thing which we always have a challenge because right now according to the industry we are running on negative minus when it compare when it comes to the talent and and ummes subject matter experts on the security side when opposed to the number of threats and number of events happening across the globe so to answer the first one um the investment of course as business continues to innovate and EMASS new technologies um balancing between the security uh critical leader information and balancing between the Innovation that is equally important right because cyber attacks are happening every 40 seconds unfortunately and then um if we want to keep up to the speed in stopping those deducting those remediating those investment is definitely must um for us to do that so let's say even talk about doing a security audit evaluating the current security score implementing a risk framework audit or risk values um defining the risk criterias risk mitigations and then risk acceptance right so all of these things definitely need some kind of investment doing a tabletop EXC exerise allocating the budget and then keeping some investment wisely for the tools and Technologies for the cyber security is really important and when it comes to the skill set right so so we also need to do um some kind of stuff augmentation um in in order to get the smmes quick right so sta augmenting with skilled professionals um offers this organization a strategic approach to bridge the skill Gap and this will also help to unlock the potential of uh sub initiatives so understanding the cyber security needs defining the cyber security role for each of the team members identify good candidates within the team offer them training and then um give them a certification goal certification opportunity so creating um security Labs doing research documenting the solution what they're finding and then participating in competitions like hackathon ideon so those things will definitely help in improving the cyber security skill on top of it offering competitive compensation right good compensation um to help retain the top talents on the Cy security team so those are some of the points I can think about when it comes to um the talents and also the investment for the cyber security so what we're talking about a lot here is the more it sounds like what you're saying is the more prepared you are or any kind of attack the more resilient you are because you're going to stop more of the attack you're going to mitigate more of the vulnerabilities you're going to get ahead of the curve by being prepared so that when it does happen when you do get hacked when your data is accessed um the consequences are less when you've got that preparation in place yeah so the so the consequences are less so it has to be like 100% yeah you're right so some preparation and also uh accepting the risk what they have what they don't have at least they have to know what what is there in the system and what are different types of risk so overall we talk about like anticipating right organization need to anticipate many types um including let's say adversity um including withstanding and then recovery of the data and adaptability of the Technologies is what we normally talk about so the key considerations also definitely matters when it comes to the cisos and Security leaders what are the different topics and and agenda and goals for a specific year on the cyber security side so what you're saying essentially is that an ounce of prevention is worth a pound of cure that old um I I also wanted to ask you talk about cesos and and other cyber security leaders um cyber secur is a very secretive game and for good reason you know we don't want to share information that gets out there at the Bad actors can use against us uh but how important do you think it is for for Security leaders to collaborate to share their experience to share Lessons Learned when they when they do get attacked you know to to share those best practices um how important is that it's it's very very important for the collaboration among the organizational leaders and among different organizations specifically organizations like cisa so they are also releasing a lot of news and keeping an eye watch in the industry um overall organization often they focus on technical aspects in advanced tools and then sometimes they forget about the vital role of relationship right like you said um the vital role of doing a collaboration between organizations between different teams within the organization um so this collaboration and communication is really important for achieving effective cyber security and the resilience um and and we are also seen successful operation involving like honest and clear communication during an incident that's really important inclusive um of choices and Readiness to welcome new ideas and diverse news right for automation using AI using let's say co-pilot so those are some of the latest tools that's coming up in the market and it's all always evolving AI was always there but now it is like on boom right so by eliminating some barriers and for forecasting doing some kind of Corporation um organizations can leverage the wisdom of different teams to learn from each other and then there are a lot of forums and and and articles white papers there are few demos also available in few websites so things like that they should definitely collaborate give more inputs right reply to the website white papers and and blogs through those kind of collaboration we can definitely learn and uh reduce overall cyber attacks we can also do like a thorough risk assessment we can do like a stronger incident response capabilities and we can we should be able to take like better decisions when it comes to the overall cyber security landscape part of the collaboration so then you are having conversations with your peers about how to how to better protect every 100% 100% so I'm also contributing to a lot of blocks replying and then why the same like I ask questions to them and then get responses learning from each other is the point key point so if you have one piece of advice for a security or it leader who's realizing they're not prepared to bounce back as well as they could be um if you could tell them where to start you know where do you begin this process of becoming a resilient organization that is prepared for and prepared to bounce back from attacks yeah sounds good so um I would definitely advise based on the AI Trend going on today because cyber attacks are powered by Ai and they are transforming the landscape uh a lot right so having a very good culture that prioritize security awareness and flexibility motivating the employees to keep up to the cyber security based practices and recommendations um let's say malware attack and cyber threats like fishing attacks ransomware so on and so forth so keeping the culture itself and keeping the security awareness that is the most important advice I would definitely say basically train all the employees and make sure we have a standard process right we have a guide and also lower that will all lower the frequency of the incidents across the board right so creating that culture of improved security framework is really important I would say and the leaders will help their organization will fulfill um its purpose by keeping the Cyber threats under the control so even if they're not aiming like 100% so they have to follow this culture keep those things in recommended way follow those framework um so promoting a culture for cyber security is really important and that will make a stronger uh decision whenever it comes to the cyber security world so it's not a matter of going out and spending a ton of money on new equipment on new software it it's more about fostering a cultural change within your organization yes you called that exactly right so foster a culture that prioritize the security awareness and flexibility yeah other advice do you have for um for more experienced cesos and csos and Security leaders what should they be thinking about what are the unexpected threats that we're going to be facing in the future when it comes to building a really solid foundation that is resilient yeah so absolutely so when when it comes to um little bit extensive ideas definitely zero trust policy is on the top of my list right so doing a zero trust policies and making sure we have zero trust controls which means this data we are not going to trust anyone to give access right unless it is absolutely necessary we are going to give access and we are not going to trust anyone zero trust so that is the key um that's going to come um in future it's already there but it's going to expand in future a bit more and then stop and watch and then react to cyber threats right and definitely I would suggest a strong Disaster Recovery um to be on safer side it's just not for the cyber attacks but even if a primary site is down or due to some natural calamities This Disaster Recovery plan will help and then overall establish and maintain a good cyber hygiene right so that will help to Ure all the assets throughout the organization so those are some of my other um advice to the Cyber resilience leaders excellent thank you Tanga this has been a great conversation I really appreciate talking you to you today thank you so much for joining us thank you very much for having me Andrew nice talking to you today as well thanks a lot take care
2024-07-17 12:43