“Before adopting cloud, organisations should be clear about what data is stored”

Babitha BP

Misconfiguration takes place when a cloud-related system, tool, or asset is not configured properly, thus endangering the system and exposing it to a potential attack or data leak. To know about the various challenges organisations face while operating in a cloud-based security environment, Nidhi Shail Kujur of Elets News Network (ENN) interacted with Babitha BP, Chief Information Security Officer, The CSB Bank Ltd.

What are the significant factors impacting the security industry’s growth?

Digitalisation is the new word for growth because digital transformation is inevitable for the survival of an organisation. A lot of technological evolution is happening and organisations are adopting these technologies such as Cloud, IoT, AI, ML etc

In the last three-year world has witnessed a sharp increase in digitalisation. With
this technological advancement, cyber threats or cyber frauds also increased. If we analyse the cyber-attacks reported, all these attacks happened by exploiting the existing vulnerabilities or due to misconfigurations in the system. Extra care should be taken to review the system configuration at frequent intervals. While moving towards digitalisation if security is not being considered from the initial stages of the project there will be some gaps in the system which will be the back door entry for the attackers. Secure by design should be the key mantra.

Third-party risk: Organisations are depending on vendors for many activities and solutions. Security measures adopted/ followed by the vendor need to be verified. Recent attacks have clearly demonstrated the supply-chain attack and its impact. Now attackers are targeting solution providers because with one target they can attack many organisations. Security rating firm BitSight estimated that the SolarWinds attack cost cyber insurance companies up to $90 million. Any company that produces software or hardware for other Organisations is a potential target of attackers. Nation-state actors have deep resources and the skills to penetrate even the most security-conscious firms. So supply chain attack is of high concern to security professionals.

Zero-day vulnerability: We can patch or prevent only what is known to us. The vulnerability in the system which is getting exploited for the first time is a zero-day attack.
The only way is to heighten the posture of the organisation with multi-tiered security architecture with zero trust policies.

How has hybrid work culture paved the way for an increase in cybercrimes?

The main concern of the hybrid work culture is a perimeter-less environment. When we
are working inside the perimeter firewalls only the allowed traffic reaches the endpoint. When we are working outside the perimeter any traffic can reach the endpoint, so the security measures at the endpoint need to be robust. All organisations are using secured VPNs to connect to the organisation network and VPN is not configured and monitored property fraudsters can easily get into the organisation. Above all end, users or employees need to be sensitized about the cyber threat and different modus operandi used by fraudsters to get into the system like phishing, impersonation, hidden malicious software etc. Employees use the same credentials like email ID and password in the public domain or use the same password for their public and official ID . This password will be stored in the browser sessions and hackers can easily get these credentials and hack into the mailing or VPN. Further, if the fraudster compromises the system the end user will get easy access to the organisation’s network also.

In a hybrid environment shoulder surfing, intrusion into the system by way of social engineering, installation of unwanted software etc need to be taken care of. The best practice to avoid these is to inculcate cybersecurity culture among employees. So cybersecurity awareness plays a key role in to fight against cyber fraud in this perimeter-less environment.

Strong end point detection and response solution with user behaviour analysis and sandboXing capabilities will help to detect and prevent malicious activities at the endpoint to a certain extent.

What are the various challenges organisations face while operating in a cloud-based security environment?

Organisations are adapting to the cloud for scalability, reliability and ease of deployment.
But from a security perspective visibility of the cloud with respect to information security strategy or control, data protection and privacy is lacking. Security professionals have to go with the assurance provided by the cloud providers that sound security practices are followed by them to mitigate the Information Security risk.

What security measures adopted or tools used for achieving the same is not been disclosed by the cloud providers?

Key management for authentication is another area of risk as Access keys are stored at the endpoints of the users to access the cloud(CTL) instances for some it is in clear text and for some cloud providers, it is encrypted, if the end-user system is compromised attackers can obtain these keys quickly and by means of privilege escalation instances can be compromised.

Security measures in the cloud are assessed with the help of a checklist and are Audit reports shared by a third party. Thus before adopting to the cloud we have to analyse what data we are going to store in the cloud and based on the same we can take a call. Many a time we lack to see the procedure for the business continuity plan. Similarly, there arise scenarios wherein there is no procedure in place stating how we are coming out of the cloud, so while engaging with the cloud provider there should be proper documentation enlisting all these things as part of the agreement and all these points will be raised only after a security incident.

End-to-end data confidentiality in the cloud and beyond need to ensure. The availability of logs and data for forensic investigation all need to be clearly defined. Before adopting to cloud organisations should be clear about what data is stored , and how it’s stored and secured from data breaches.

The concentration of resources or more cloud users will attract attackers as by targeting a single cloud many organisations can be compromised.

How does Zero Trust help secure the data infrastructure of organisations?

In the world of sophistic cyber-attacks organisations have to adapt to zero trust architecture. Zero trust architecture is not a single solution but it is a framework that needs to be incorporated by following least- privileged access controls and strict user authentication. Don’t trust any traffic and inspect and allowing only known traffic is the principle behind Zero Trust. How we are achieving it is the success of the framework we are following. In order to mitigate zero-day threats, zero-trust architecture is very much required. To attain it, organisations have to adopt multiple security solutions and follow micro segmentations where only allowed systems should communicate and if any other communication or lateral movement should be denied.

Vulnerabilities of identity theft are posing challenges for the financial sector. What security revamps should CISOs implement?

Identity theft is mainly through social engineering and phishing attacks. So in order to prevent that security awareness needs to be created. Role-based access only should be provided and need to be reviewed frequently. User behaviour analysis enabled EDR/XDR solution should be deployed in the endpoints to detect any malicious or change in behaviour patterns in the system. Privilaged access and access to critical systems should be through a privileged identity access solution with password vaulting and multifactor authentication should be adopted. Now passwordless solutions where apps are used to authenticate users using biometrics and push messages to verify the authenticity of the user. Even at the system level solutions can be deployed to check whether any screen- sharing application is enabled or remote access is enabled the system cannot connect to network. So have to adapt to multiple solutions to avoid identity theft and above all cybersecurity awareness for users is more important.