Advertisement Advertisement

By VARINDIA    2017-04-21

Encryption and tokenization are becoming accepted best practices to support compliance
India’s National Cyber Security Policy was adopted in 2013 and includes both high-level principles and targeted objectives and proposals. However, the plan has not been fully implemented and the legal framework supporting cybersecurity remains weak. India has been no exception to the devastating cybersecurity breaches that hit multiple industries across the world in 2016. These attacks have proved, time and again, that no one is immune to sophisticated cyberattacks.
In this sophisticated threat environment, where traditional security tactics are failing, it is high time we revisit our security posture to build a strong cyber-resilient framework. As businesses lean on technology for business advantage, newer threat vectors are emerging.
Substantial growth in the online and digital data, smart city initiatives by the Indian Government have pushed the Internet of Things (IoT) market and indirectly the cybersecurity space in India by leaps and bounds. Cyber-attacks have increased year over year making Indian business and government sites more vulnerable. It is now important for Indian enterprises to look at methods to prevent attacks and not just detect attacks. For protection against today’s attacks, the emphasis should be on speed and prevention. Organizations need to take a more proactive approach to cybersecurity.
As businesses and government managed citizen services go increasingly digital, cyber threats are only going to become even more difficult to track, predict and manage. Tackling or preparing for cybercrime is perhaps going to become the most important task for any enterprise. Without a proactive, people-centred cybersecurity strategy in place, businesses run the risk of alienating customers even before they engage with the brand.
Components of Cyber Security Framework
• Right Security Architecture
The right architecture creates a framework for a stable security platform. By implementing the correct architecture, you eliminate single points of failure providing the necessary strength and resiliency to maintain operations and security under any circumstances. Improper architecture is the most common cause for catastrophic failure that leads to unavailability and security issues.
• Human Element
You are only as strong as your weakest link. If people are improperly trained or (worse) disgruntled, they can misconfigure technology, which can cause catastrophic and unrecoverable disaster. Companies need to educate employees about security – teaching them about the dangers of phishing, unencrypted data and lax reactions, etc.
• Choosing Right Security Technology
Security products should prevent the enemy from getting inside the network. Detecting and blocking the threat only after it has penetrated the network does not really make any sense, especially when you can prevent it.
A robust security framework that seeks to prevent and not just detect security threats is an absolute must. In addition, the framework should evolve with the growing business needs. Periodic optimization of security infrastructure will also help enterprises detect and prevent more threats and lower the total cost of ownership on previous security investments.
Peak into the future
As we look into 2017, we expect to see mobility, Industrial IoT, critical infrastructure and the cloud being the key areas of focus for hackers, besides the traditional threat vectors that exist today.
As attacks on mobile devices continue
to grow in the world of mobility, we can expect to see enterprise breaches that originate on mobile devices becoming a more significant corporate security concern. The recent nation-state sponsored attacks on journalists’ mobile phones mean that these attack methods are now in the wild and we should expect to see organized crime actors use them.
Critical infrastructure is highly vulnerable to cyber-attack. Nearly all critical infrastructures, including nuclear power plants and telecommunications towers, were designed and built before the threat of cyber-attacks. In early 2016, the first blackout caused intentionally by a cyber-attack was reported. Security planners in critical infrastructure need to plan for the possibility that their networks and systems will see attack methods consistent with multiple potential threat actors, including nationstates, terrorism and organized crime.
There will also be a rise in ransomware attacks impacting cloud-based data centers. As more organizations embrace the cloud, both public and private, these types of attacks will start finding their way into this new infrastructure, through either encrypted files spreading cloud to cloud or by hackers using the cloud as a volume multiplier.
No sector is immune to vulnerabilities today. Threat researchers say the number, sophistication and virulence of cyber threats continue to grow day by day. Our core focus needs to shift to threat prevention space across endpoint, network and mobile, besides detection solutions.
Cybersecurity is no longer an option, it is an absolute necessity.