In an exclusive interview with Express Computer, Mihirr P Thaker, Chief Information Security Officer (CISO) of Allcargo Logistics Ltd, shares insights into how the cybersecurity landscape has evolved in the wake of the pandemic and how companies, particularly in the logistics and supply chain sector, are adapting to new threats.
He emphasises how the pandemic fundamentally changed the landscape of security strategies as much as this new perimeter must exist, and “the new perimeter is the endpoint,” could be found at home or while traveling. It’s for this reason that it is more relevant and challenging to secure both user identity and the endpoints from which the users connect. As threats evolve, Thaker stresses that one of the critical components these companies need to take into account is vulnerability management and the realisation that the day of industry standards trying to determine vulnerabilities is no longer here. Instead, the companies need to measure the exploitability probability of the vulnerability itself. According to Thaker, “Every day is a new day where a new threat or a new issue can potentially impact us,” speaking of cybersecurity, where next events are not precisely predicted. So his recommendation is moving more toward proactive threat intelligence and rapid incident response to minimise the damage from breaches. He continues saying that “the weakest link in the entire chain is the human,” thus driving attention at employee education and awareness toward strengthening security. He talks about the emerging role of AI and machine learning in cybersecurity. He elaborates how AI would be able to process alerts easily and quickly give much-needed decision support to analysts, allowing companies to focus on critical threats in real time, among other areas, when it comes to cyber threat intelligence.
Going forward, Thaker enumerates vulnerability management as one of the security priorities at Allcargo Logistics, which stresses the need for a continuous, dynamic approach to cybersecurity. He also highlights how organisations could enhance ROI from security investments through objectivity reporting towards management and demonstrating how security technologies are helping protect the organisation while saving on cost.
How has the current cyber security landscape transformed companies’ cyber strategies, particularly in the logistics sector?
The pandemic has changed the security landscape so fast that it has become a revolution. Before the pandemic, organisations were worried more about protecting their data centres and other core offices. But now, the new perimeter expands much beyond that to cover endpoints, from the employees’ homes to the remote location while traveling. The new challenge is controlling security based on user and device identity. In this respect, logistics and supply chain enterprises are under a different kind of challenge because of their large ecosystem of agents and offices spread across diverse locations around the globe. Thereby, constant focus on identity and vulnerability management is considering critical protection for information.
Any specific challenges security leaders are facing now, and whether you see any unique challenges in the logistics sector with regard to security?
The major challenge has been that of vulnerability management, more so in terms of how fast new exploits are being discovered. Other than criticality ratings for the vulnerabilities, the probability of exploitation was also deemed insufficient; hence, the various opportunities to consider the analysis should be based on it. This dynamic environment makes it challenging to effectively prioritise efforts for security. Further challenges to the logistics sector are its global ecosystem and its dependency on remote operations, therefore mounting an increased attack surface.
What recommendations would you give to organisations for prompt recovery from security breaches with minimal damage?
There should be incident preparedness and an understanding of the fact that every organisation is at risk of breaches. The process towards recovery begins with knowing exactly what the problem is, which will help to decide the response. Incidence response requires that one open oneself to inputs from various sources, such as industry feeds, threat intelligence, and internal monitoring. For example, systematic vulnerability management will have application chances for timely and efficient information from security teams, which are channelled according to the probability of exploits and vulnerabilities.
Why employee training is critical in protecting the network and how organisations should deal with human vulnerability?
Human weakness is still the weakest link in the chain of cybersecurity. It calls for not only the right type of employee training but also for security awareness and encouragement of appropriate behaviour. While technology-based solutions like DLP will block most threats, human behaviour can often be the biggest risk. Cybersecurity practices among the employees need to be recognised and rewarded in a big way for an organisation to enhance its security posture.
How do emerging technologies, such as AI and analytics, help in bolstering the cybersecurity posture of an organisation?
AI and ML have emerged as essential for managing large volumes of alerts generated by security tools. It can quickly triage those alerts and identify critical issues, which security teams can concentrate on the most prominent ones. The main area where AI and ML have been successfully implemented is real-time scanning while reducing slack in vulnerability identification for cyber threat intelligence. This brings about timely decision-making and quicker response, which naturally enhances the security posture of an organisation.
How can organisations get a better ROI on their investments in existing security?
Improving the ROI on security investments requires moving beyond simply checking off the boxes against this point of understanding; how those technologies are applied and reporting cost savings, demonstration of risk mitigation, and clear use cases for deployment; through showing value. In addition, there is ongoing training of the staff with skills to ensure employees are well conversant with the functionalities of these tools, maximising their utilisation. Periodic reviews with the vendor regarding the performance of the tool also help optimise the ROI.
What will be your major security and technology priorities by 2025?
An enhancement of vulnerability management will be a huge priority in the year to come. Vulnerability management should put more emphasis on the real-time scan of vulnerabilities with an affirmation that any issues identified be brought to a swift solution. As the threat landscape is constantly changing, it is very crucial to keep ahead of the potential risks by continuing to develop the detection and response strategy.