Remote working or Working From Home was quite unprecedented, and cybercriminals have been using this opportunity to the zenith, obviously highlighting some loopholes in cyber protocols. While technological advances like Artificial Intelligence (AI), security analytics and Machine Learning (ML) help massively in combating such cyber threats, guess a lot more is supposed to be done. Vishal Salvi, Chief Information Security Officer & Head Cyber Security Practice, Infosys, tells us how Infosys is coping up.
Data states that cyber threats are very much a common affair, especially during the lockdown. What are your thoughts on this?
The COVID-19 pandemic has taken control of almost everything in our lives and has changed things dramatically. It has grinded the globe to a standstill. Economies have been hit hard with extreme losses sustained. The global workforce has been advised to stay at home and work remotely to promote social distancing, break the chain of the virus and flatten the curve.
In many ways, our enterprise digital infrastructure has enabled us to maintain business continuity, but the fact of the matter remains that this digital infrastructure has never been stress tested in an extremely stretched situation such as the one we are in now. Hence, the threat surface may expand, or new ones may be created for attack in the form of remote access infrastructure, remote access methods, collaboration platforms, etc. Undoubtedly, now is the most conducive time for cyber criminals to strike as without the right controls, defenses, security policies, upgraded and secured infrastructure and virtual private networks, we are inherently exposing our organizations to cyberattacks.
The need to focus on modernising our critical legacy systems to make them accessible remotely is urgent and real. So is the need to build new use cases to identify new attacks and fraud patterns.
Organisations that have invested in Security, and that have nurtured security culture, are better equipped to handle the attacks and are able to stay ahead of the curve.
Do you think that leveraging technology like AI and ML will help curb these sudden cyber-attacks?
It’s imperative to make technologies such as artificial intelligence and machine learning the backbone of cybersecurity in these unprecedented times as new vulnerabilities are emerging due to remote working. AI/ML provides the scale and speed in defense.
Hackers usually refer to older attacks and slightly alter them or build on them to create new ones. Artificial intelligence along with machine learning leverage information related to past attacks and quickly spot potential risks that could emerge in the same style. Also, machine learning is an automated function and spots vulnerabilities post analyzing a large pool of data, the attack surface is significantly reduced while saving security analysts to conduct large manual checks. AI and ML thus are pacing ahead to be the cornerstone of new age security solutions and will ensure organizations are transitioned to a proactive security posture.
AI/ML provide capability to analyze and spot the anomalies in user, entity behavior or in network traffic. Early detection helps organisations in preventing or taking the right measures in thwarting the attacks.
While the enterprises are relying on various forms of technology, is there any possibility that it can act as a double-edged sword when it comes to security?
Definitely. Technologies that are arming remote workers with powerful new capabilities are also exposing them to new threats, that could lead to both technical and behavioral vulnerability. Collaboration tools for remote working, such as Zoom, Citrix, Confluence, Slack, Skype and Google Suite, are now outside enterprise controls and can be easily targeted by threat actors and used to access confidential information, especially if users use their personal machines. Remote connections through VPN without multifactor authentication and encryption can increasingly become targets for malicious activities and well-coordinated malware attacks. Voice assistants at home could be potentially compromised with a large possibility of official conversations and recordings being accessed by cyber attackers.
Misconfiguration of cloud services is common when implementation is on the fly and at large scale thus increasing the organization’s risk. If applications prescribed for use in home offices are not supported by adequate documentation and user-help, they can leave employees confused but with jobs to carry out, often creating situations of risk for the company. For example, users unable to join in a video conference conducted over the VPN, because they have difficulties configuring the VPN, may conduct the meeting on a more vulnerable platform. Unsecured public Wi-Fi networks, at places that remote workers may temporarily choose to work in can be prime spots for malicious parties to spy on internet traffic and collect confidential information.
Technology like, AI is a double-edged sword, it could amplify traditional cyber-attacks by developing self-learning automated malwares and dodge the security controls by using legitimate tools, processes.
What strategies are being adopted by Infosys to curb cyber-attacks?
Hackers are increasingly targeting vulnerable remote workers through phishing attacks after meticulously gathering their personal information from publicly available sources like social media platforms. Poor computer security hygiene at home with regards to work tasks could also significantly expand the attack surface. The cybersecurity industry’s response has been a call to embrace Zero Trust Security – centered on the belief that organizations should not automatically trust anything inside or outside the perimeters of the work landscape, and instead verify anything and everything trying to connect to their systems before granting access.
Recently, within the span of 3 weeks, we successfully moved 93 percent of our 240,000+ global employees to securely work from their homes. We looked at the challenge from a perspective of securing the move to remote working by design, securing it at scale and securing it for the future. To put it simply: Digital Trust. Assured. Some of our immediate measures included the following:
- We focused on building secure connectivity models and standards for remote working and leveraged VPN with multifactor authentication. We also recalibrated security policies and standards to align them with the new connectivity models and possible attack paths.
- We made sure to provide connectivity only from hardened and managed corporate endpoints (desktop/laptop) with updated antivirus, security patches, anti-Advanced Persistent Threat, data loss prevention agents and enforced encryption.
- Our team carved out a segregated network for VPN clients connecting to the corporate network thus allowing them to access corporate resources easily and securely.
- We went on to harden security for VDI infrastructure that included but was not limited to security updates, antivirus, anti-Advanced Persistent Threat, and data loss prevention agents.
- We made sure to have secure configuration and heightened auditing of cloud services to avert data leakage.
- Recalibrate the rules of behavioral analytics and security operation centers to minimize false positives.
- Put together a robust security incident management plan and 24/7 open communication channels for users to report incidents and monitor incidents
We have also invested in a modern security stack (Multifactor Authentication, Conditional Access, VPN, Terminal Access, Endpoint Protection Platform, Endpoint Detection and Response, Data Leakage Prevention, Patching, Hardened Build, etc.) for endpoints which gives us an ongoing assurance of security of these devices as well as relevant insights. Our remote monitoring and management solution stack provide unified control and visibility into our entire IT infrastructure; thus, servers, networks, and endpoints can be actively and remotely managed.
Do you think remote working is more prone to cyber-attacks?
Our approach to work has shifted almost entirely to the digital, because of the distributed remote working we are facilitating today, driven by our adoption of physical distancing. In my opinion, remote working completely changes the dynamics and rules of the game as employees working from home rarely have the desired and required security controls in place. Thus, there is a potential risk of exposing organizations to cyberattack. Unsecured endpoints significantly expand the threat surface. Remote working further enhances the risk on data – remote users access critical data and expose it to attackers. Home offices are more vulnerable to attacks through emails, sometimes with malicious attachments. Phishing scams are one of the most common ways hackers gain access to information. Rarely inspected virtual networks connect with multiple remote workers allowing attackers to go undetected. Cyber criminals can use these tunnels to create man-in-the-middle attacks to eavesdrop on encrypted traffic, tamper or steal data.
In an interconnected world, vulnerabilities in one organization can pose risk to another organization in the supply chain. Organizations must have basic hygiene security controls in place to stay secure.
Lastly, how can organisations be devoid of cyber-attacks?
Although the situation is fluid, tough times bring with them unmatched opportunities to deliver remarkable solutions. In many ways, employees working remotely play an important role in keeping the organization both functioning and secure. Businesses must recognize cybersecurity as part of the core foundation and an integral part of the strategic response plan to thrive in the new normal, build robust governance models, consistently reiterate to employees the safe remote-working protocols and procedures while helping them focus on being productive. Systems should be made more stable, robust, and secure while equipping the workforce to adopt this new way of working. It is important to pre-empt and decipher risks, threats, vulnerabilities that can spring up and then strategically and systematically address them. A good practice is to initiate daily stand-up calls with security operations and design teams to ensure fidelity of security policies, standards, and execution.
In the hyper digital world, cyber-attacks are a given and organizations can never be made 100% secure but, with the right security approach adopted, they can be made more and more resilient to these attacks. Enterprises need to be ahead of the curve by building a security culture in the organization and by investing in the right controls. The rapid pace of changes in technology, provides enhanced security controls every year, and organizations must be agile in adopting the new technologies to add new & enhanced security controls.
With these measures in place, businesses can become resilient and be assured of a digital future.