Cyber attacks have been growing in both volume and complexity. Data breaches are also increasing rapidly. To understand more about the emerging threat landscape, Express Computer spoke to Vishal Salvi, Chief Information Security Officer & Head of Cyber Security Practice – Infosys, who shares with us his perspectives on the key threats that enterprises need to watch out for, best practices for protecting multi-cloud environments and the risks from third-party vendors with respect to security
Some edited excerpts:
What are some of the emerging threat vectors that organizations need to be careful about?
Cyber-attacks have been steadily growing in terms of their intensity as well as frequency throughout the last 2 decades. Ransomware attacks have been trending because of their indiscriminate nature which essentially means that each and every industry and each and every geographical region is equally vulnerable for an attack and so therefore “you don’t really need to be a target to be a victim”.
There are different types of ransomware attacks and within them various vectors. These include encryption of data, publishing of data or putting up a ransomware threat to seek denial of threat service or getting in touch with a potential customer to give out information that has been exfiltrated are some of the many examples of ransomware attacks that are trending and concerning. Other alarming threats include supply chain attacks that took place recently, application attacks, cloud related misconfigurations or vulnerabilities that can be exploited with application attacks.
In this current state of trends, enterprises must revisit and evaluate their security posture and rethink their approach to security to ensure cyber resilience.
What are some of the security-focused initiatives that your organization has taken?
The cyber security strategy of Infosys is custom-tailored and is also based on global security standards and framework. Our roadmap is built considering our current maturity and target to be achieved. Some of the key initiatives towards strengthening our security approach include:
- Building positive/sustainable security culture with diverse awareness means/tools
- Improving detection, analysis, mitigation & response of sophisticated cyber threats, concerning Infosys and its customers’ critical infrastructure
- Partnering with businesses to promote security and cyber resilience in infrastructure, networks, applications, and services
- Developing a skilled cyber security workforce and offering access to R&D initiatives to develop innovative solutions
- Orchestrating and automating technologies, security operations including cloud security
- Carrying out real-time asset discovery, vulnerability management, and automation remediation.
Infosys also spends considerable time on innovations, designing best practices while also automating and building its own IP on top of its existing products.
Request you to share your views on protecting multi-cloud environments? What are some of the best practices you recommend?
Infosys is a global leader in IT services and has been an early adopter of cloud transformation. However, the work-from-anywhere scenario truly accelerated this journey as it required robust security controls to cope with this new environment. Infosys uses public cloud for building prototypes, hosting internal or client applications, managed services for clients or platforms as a service. It is important to understand that securing the multi-cloud environment requires the security strategy to be aligned with the overall business objective. Following are a few best practices that can be considered to protect a multi-cloud environment:
Implement a proper control mechanism to gain complete visibility of all the cloud accounts and cloud workloads.
Implement a proper change management control process wherein every single cloud instance is governed through the organizational change management process.
Prepare a clear strategy to use a combination of native security solutions that are provided by hyper scalers as well as the security solutions that are available to be integrated across cloud environments.
Establish proper accountability across various teams responsible for ensuring that all the configurations are managed with remediation processes put in place.
Have corrective measure to get visibility into services being consumed, API keys state, data at rest or in transit.
Policies can be imposed when there is visibility and that can happen only when right controls are enforced in line with the defined cloud security governance framework and baselines.
What are the risks from third-party vendors with respect to security?
With the adoption of digital, ecosystems of organizations have expanded and become insecure. The perimeter now extends to the vendor and partner ecosystem and therefore third-party risk management is no longer a check in the box but a prevalent fact. Cyberattacks are now far more advanced and frequent as bad actors have become increasingly sophisticated and lethal. At times, an immediate vendor may not be the cause for an incident but the vendor ecosystem that may be compromised leading to the entire supply chain becoming vulnerable to malicious code or a data breach.
With good practices such as enforcement of stringent security controls, extensive vendor profiling, continuous monitoring, and watertight security contracts, organizations can attempt to safeguard themselves from third party vendors security risks.
How can emerging technologies like AI play a vital role in improving the security posture?
Cybersecurity has become a mainstream and an imperative business enabler as enterprises now acknowledge the fact that they need to monitor and defend their IT assets from the ever-changing cyber threat landscape. Modern businesses require a robust and comprehensive cybersecurity strategy to assess, detect, respond, and prevent security threats and breaches. In many ways, cybersecurity has a very distinctive phenomenon – most of the detection and monitoring revolves around correlation and prediction — that can be attained by artificial intelligence and machine learning solutions also known as cognitive security for assessment, analytics, and automation.
While there are many advantages of using AI for cybersecurity, the advancements in this area have also led to AI-powered cyberattacks and social engineering campaigns by threat actors for data breaches, espionage, deepfakes, etc. Organizations must think of including ethical hackers as part their workforce and cybersecurity strategy to defeat bad actors at their own game.
Future roadmap with respect to security
The hybrid work model and remote working will pose several security challenges and expand the threat surface extensively. As “borderless” enterprises are gaining popularity, there is a risk of exposing remote workers to diverse cyber threats and security risks such as DDoS attacks, vulnerabilities exploitations, credential thefts, data breaches and much more.
We will now be witnessing a growing trend of cybersecurity services and managed security services being provided to maintain and solve the problem of quality and scale while safeguarding operations and maintaining a robust security posture. Organizations, governments, and regulatory bodies will be seen investing heavily in cognitive security, there will be an increased emphasis on regulatory compliance and a greater focus on technology and vendor consolidation.