Published on June 5th, 2020 📆 | 1785 Views ⚑0
Indian CISOs Should Use Machine Learning For Security Assessment: Adam Palmer, Tenable
As the world gets swallowed by the COVID-19 pandemic, cyberattacks have risen to become a critical area for all tech-enabled companies around the globe. In the WFH context, malicious hackers have been utilising various tactics to steal valuable and sensitive corporate data.
As far as India is concerned, it has become one of the most targeted nations worldwide, and attackers have been targeting critical infrastructure and data assets in sectors like government, banking, defence, manufacturing, software and others in the country.
According to Microsoft, there were in excess of 9,000 COVID-19 themed attacks in India between February 2 and May 2. The persistent attacks show the level of interest that cyber hacking groups have in India.
To deep dive into the critical issue, Analytics India Magazine connected Adam Palmer, Chief Cybersecurity Strategist at Tenable. During the interview, Adam talks about why there is an urgent need among Indian security managers to invest in building cyber resilience, gathering and utilising threat intelligence to mitigate attacks.
Here are the excerpts from the interaction with Adam Palmer from Tenable:
AIM: In your view, how has cybersecurity evolved in India?
Adam Palmer: In recent years, digital transformation has become a driving force propelling Indian organisations to be more agile and competitive. Technology advances have brought many new benefits such as speed and increased capability for corporate networks. However, the newly expanded attack surface now includes cloud, Internet of Things (IoT), personal devices, and even operational technology like industrial controls. This has given rise to a massive barrage of thousands of vulnerabilities that are overwhelming security teams. Yet, in the face of this challenge, many organisations are still relying on legacy tools and processes that are inadequate to navigate the complex threats in today’s dynamic and modern computing environment.
As cybersecurity increasingly becomes central to each organisation’s business strategy, there is a stronger need for security leaders to understand vulnerabilities in the context of the business and highlight the areas that impact the organisation. That means ad-hoc vulnerability scanning and a ‘check-the-box’ approach will no longer cut it. Cybersecurity programs in India should evolve to take a risk-based approach that means organisations should focus on the vulnerabilities that matter the most. Address true business risks instead of focusing on every one of the thousands of flaws that have a low likelihood of being exploited.
AIM: What new security challenges have COVID-19 created for Indian companies?
Adam Palmer: The sudden shift to a remote-work model means that employees are now combining personal technology with work networks, and this is contributing to an expanded attack surface. Many of these devices may also be older or unsecured, and this introduces serious new risks. All of this can be challenging for security teams who now have to manage this expanded and complex attack surface.
We’ve already seen many phishing scams, misinformation, and fraudulent work-from-home opportunities for hackers making their way around the internet. These risks potentially put the wider corporate network at risk. Therefore, organisations need to ensure that a robust security plan is in place to address these threats. Good basic cyber hygiene practices such as maintaining systems, blocking malicious sites and IP addresses, enforcing multi-factor authentication, and using encryption are good places to start.
AIM: As the topic of cybersecurity dominates in the context of a large majority of people working from home, how can organisations truly understand where they’re exposed?
Adam Palmer: The wide range of vulnerabilities and the diverse ways attackers can target them make vulnerability management a critical component of any cybersecurity program. Organisations should continually assess their networks for security vulnerabilities. This can prevent a range of problems such as unauthorized access to applications and identifying underlying software flaws that expose sensitive data. Vulnerability scanners can help identify these concerns, making it easier to understand if systems have critical risks that need to be addressed.
AIM: There are thousands of security vulnerabilities in software and systems these days. How can security teams keep up?
Adam Palmer: Security teams need to prioritise remediation efforts based on actual critical cyber risk. This means identifying critical assets and combining this with a clear understanding of the vulnerability severity and likelihood of exploitation. These three key elements are essential to securing the threat landscape.
This approach filters out lower-risk vulnerabilities. It allows security teams some breathing room to remediate the most business-critical security issues and focus on vulnerabilities which are being actively exploited by threat actors rather than the thousands that might only theoretically be used. If everything matters, then nothing matters. Security leaders need to follow an approach that prioritises risks that matter. That is the key to success.
AIM: How is Tenable working with security professionals to tackle the challenges?
Adam Palmer: We know that managing risk during these challenging times can be problematic. Apart from being readily available for our customers, our Tenable Research team is working continuously to publish the latest research on cybersecurity, phishing attempts, and other opportunistic attack behaviours. We combine this with our machine learning capabilities and thousands of data sources so that our customers can stay aware and have clarity about the critical risks that matter.
AIM: Going forward, what is your outlook for cybersecurity readiness of Indian companies in the world of constantly evolving threats?
Adam Palmer: India’s cybersecurity needs are not different from the rest of the world. When you analyse the vast majority of breaches that occur, whether they’re in India or globally, most of them are caused by known but unpatched vulnerabilities.
Practising basic cyber hygiene like patching systems and utilising strong authentication can significantly reduce the risk of compromise on critical networks. Doing this makes sure that companies can identify vulnerabilities and exposures before any asset or data is compromised. This enables organisations to make the necessary corrections to mitigate these weaknesses.
At the same time, as the threat landscape expands, there’s a stronger need for CISOs to recognise vulnerabilities in the context of business risk and utilise data to prioritise cybersecurity efforts. We at Tenable believe that there will be a turn in India’s cybersecurity industry towards a risk-based strategy to vulnerability management which applies machine learning analytics to correlate vulnerability severity, threat actor activity and asset criticality to classify and manage issues posturing the biggest business risk. This innovative approach will support Indian organisations’ focus on the vulnerabilities that weigh the most and mitigate true business risk, instead of focusing on flaws that have the lowest possibility of being exploited.
AIM: How can artificial intelligence and machine learning help in cybersecurity efforts?
Adam Palmer: Today’s expanding attack surface makes it difficult to distinguish noise from signal and identifying which vulnerabilities pose the greatest risk. Machine learning and artificial intelligence algorithms can instantaneously digest data from thousands of sources, connect all the dots and build potential threat visualisation of the enterprise that focuses on the organisation’s critical assets, rather than the theoretical risks that may be present.