Cybersecurity chronicles: Evolution, challenges, and insights
The past two decades have witnessed an unparalleled evolution in the landscape of cybersecurity, marked by a relentless surge in both the frequency and sophistication of digital threats. From the ominous rise of zero-day attacks to the pervasive menace of ransomware and the clandestine spectre of state-sponsored intrusions, the arsenal of threat actors has grown exponentially diverse and cunning. Indiatoday.in spoke to Manoj Kuruvanthody, CISO & DPO, Tredence regarding cybersecurity evolution, challenges, and opportunities.
How has the landscape of Cyber Security evolved over your 24-year-years in the industry, and what key changes have you observed in terms of challenges and opportunities?
Cybersecurity threats have significantly increased in frequency and complexity over the years. Threat actors continuously develop new methods to breach defenses, including zero-day attacks, ransomware, and state-sponsored attacks. As a result, organizations have strengthened their cybersecurity measures through defense-in-depth approaches and practices like zero trust.
Furthermore, significant data protection laws such as GDPR, CCPA, and the recent Indian DPDPA have raised the compliance bar very high. The emergence of GenAI and LLMs has increased interest in cyberattacks and defense, depending on how the technology is utilized.
Given your extensive background in the cyber security space, can you share a real-world example where an effective cybersecurity strategy could play a crucial role in mitigating a significant threat or incident?
An example that comes to mind is the 2017 WannaCry ransomware attack, which exploited a specific Microsoft SMB vulnerability. Organizations had thousands of laptops and servers encrypted within a few hours, including their server backups. A well-researched and built cybersecurity strategy aligned to business needs can help thwart, if not reduce, various incidents of such nature. This strategy should include ways to detect and stop new attacks and approaches for mitigation. While it’s hard to stop all attacks, having immutable backups of important data can help reduce the damage from an Insider Risk or Ransomware Recovery standpoint. Although it’s impossible to guarantee complete safety from attacks like these, having a strong cybersecurity strategic plan can help organizations respond better to adverse cyber events.
As the CISO & DPO at Tredence Inc., how do you approach integrating cybersecurity into the overall business strategy, and what advice would you give to organizations striving to achieve a similar alignment?
When designing cybersecurity and privacy strategies, aligning them with the organization’s business goals, industries, and geographical locations is crucial. Different industries and regions may have specific regulatory compliance requirements, such as financial services/ healthcare, which are highly regulated in handling Personally Identifiable Information (PII) and Personal Health Information (PHI). Likewise, handling EU citizens’ data falls under GDPR.
Additionally, organizations can benefit from building and implementing a blended controls framework tailored to their needs. This may involve leveraging well-known standards and frameworks like ISO 27001:2022, NIST Cyber Security Framework (CSF), and MITRE ATT&CK Framework while incorporating specific regulatory requirements based on their exposure. It’s important to govern every control implementation through a robust cybersecurity governance program to ensure continuous monitoring, measurement, analysis, and evaluation of the cybersecurity and privacy program. This helps reduce, if not eliminate, deficiencies from a risk management perspective.
In the realm of AI and cybersecurity, what trends do you foresee shaping the future, and how can organizations leverage AI to enhance their defense mechanisms against evolving Cyber Threats?
Prominent cybersecurity trends include AI for automated threat detection and response, such as spotting anomalies and zero-day exploits. Leveraging Large Language Models (LLMs) in cybersecurity allows CISO teams to utilize Natural Language Processing (NLP) capabilities to handle prompts and responses efficiently. Additionally, these systems effectively analyze large volumes of data from phishing campaigns and insider threats through User Entity Behavior Analytics (UEBA). They can detect compromised credentials or insider risks by identifying anomalous user actions and recognizing Indicators of Compromise (IoCs) in the environment.
With your expertise in Cybersecurity Audits, how do you recommend organizations balance compliance requirements with the need for proactive security measures, especially in industries with rapidly changing regulations?
This issue requires a comprehensive approach. Key elements include:
- Developing a Cyber Security and Privacy Strategy.
- Implementing an ongoing employee awareness program to enhance security culture.
- Investing in advanced technologies like AI.
- Aligning with industry standards such as ISO 27001:2022 and NIST CSF.
Continuous training for CISO and DPO staff is also essential to keep them updated on industry trends and regulations. Additionally, ongoing research will enable teams to stay informed about emerging threats and changes in the regulatory landscape. Staying ahead of these developments will allow organizations to continually improve their cybersecurity and privacy programs.
Mergers and Acquisitions (M&As) often present complex challenges in terms of integrating disparate security postures. Could you elaborate on your experience in M&A Cybersecurity and share insights on ensuring a smooth transition without compromising Security?
Mergers and acquisitions in cybersecurity are both crucial and complex. Integrating organizations with different technology stacks can be challenging, especially considering any existing legacy technology dependencies. Conducting a comprehensive risk assessment to gain insight into the control and technology landscape is essential before starting the integration process. This assessment will determine how efficiently and quickly the M&A can be completed while ensuring cybersecurity and privacy strategy alignment.
7. As companies increasingly focus on ESG (Environmental, Social, Governance), how can Cyber Security initiatives contribute to an organization’s ESG goals, and what role does Privacy play in this context?
Many organizations are actively pursuing their intended ESG roadmap. When viewed from a technology, cybersecurity, and privacy lens, the focus is heavily on the cybersecurity and privacy program, including its governance and cyber resilience. In the social dimension, maintaining and strengthening customer trust is essential. Balancing customer demands with stringent security measures, especially regarding sensitive client data, is central.
Considering your involvement in cybersecurity Metrics Programs and Board Reporting, how do you communicate the effectiveness of cybersecurity measures to non-technical stakeholders, and what metrics do you find most impactful for board-level discussions?
Organizations adopt various approaches to cybersecurity metrics and board reporting. One approach aligns with industry standards like ISO 27004, which is designed for cybersecurity measurement, monitoring, and reporting. This involves establishing key metrics for concise yet comprehensive board reporting, customized through consultations to accommodate board members’ varying preferences and technical understanding.
The CISO and DPO must communicate effectively, articulating key risks, vulnerability posture, recent incidents, investigative processes, and lessons learned. An iterative process ensues until a mutually agreed reporting framework is established. This framework remains adaptable to unexpected incidents or emerging threats, facilitating necessary support requests from the board for managing cybersecurity and privacy risks. Ultimately, cybersecurity metrics reporting is vital for demonstrating ongoing efforts and providing the board with a comprehensive understanding of the organization’s security posture and readiness to mitigate threats.
With the growing interconnectedness of businesses, third-party risk Management (TPRM) is crucial. How can organizations effectively assess and manage risks associated with their third-party relationships, especially in the context of cybersecurity?
Recent cyber-attacks often result from compromises within third-party entities (TPs) targeted due to their weaker cybersecurity postures. This highlights the need for a robust Third-Party Risk Management (TPRM) Framework. Such a framework should include practices like pre-onboarding evaluations of suppliers or products and continuous assessment of industry best practices.
Lastly, in the ever-evolving landscape of cyber resilience, what strategies do you recommend for organizations to build robust resilience against cyber threats and quickly recover from incidents?
Organizations should prioritise implementing network and micro-segmentation to limit the impact of potential attacks and prevent them from spreading further. It’s crucial to back up all critical data using immutable backup technologies to ensure a swift recovery from insider risks or ransomware infections, aligning with business continuity planning objectives.
Adopting a “assume breach” mindset, organizations should tightly control privileged access, enforce multifactor authentication, and implement risk-based authentication and authorisation. Leveraging defence in depth, the Zero Trust approach and cutting-edge technologies can enhance automation for faster response actions.
Lastly, cyber insurance coverage is crucial to providing organizations with a safety net against potential breaches and associated costs.
