"IT is becoming increasingly complex"

This year, cybersecurity took center stage with nation-state attacks, numerous high-profile data breaches and prominent cybercriminal arrests. Given the vast amount of potential network traffic, it is extremely difficult for security professionals to observe anomalies and consequences of a cyberattack. Recently, cybersecurity researchers from Websense Security Labs outlined their 2014 predictions to help organizations defend against attacks throughout the entire threat kill chain. In an interview with DQChannels, Surendra Singh, regional director, India and saarc, Websense spoke about a few insights drawn from this predictions.

Cyber security has been a much talked about topic over the years but cyber crimes have been forever on the rise. What do you think are the reasons behind the inability to control the attackers?

There are two fundamental points that I would like to discuss here. One, IT is becoming increasingly complex. From the organization's perspective, one has to keep on making changes to suit the changing customer requirements, marketplace and other business processes. When such changes occur in the business, IT also has to change simultaneously. As a result of this change, there are often gaps in the system. Now earlier the cyber criminals would go for mass attacks but now it is more targeted. These attackers are most often in observation mode and as soon as they find a loophole, they launch their attack. Secondly, no war can be won by being simply defensive. One has to have offensive capabilities as well , in other words, attack back.

As per your report, the cyber criminals will shift from large volume malware to small volumes ones. Can you explain as to how the effect will be greater?

Yes, the volumes of attacks have decreased but the effect has increased as the attacks are becoming more targeted. Just to cite an example, there was mail sent from the attackers pretending to belong to the payroll department of the finance wing saying that there have been changes in the payroll structure and employees should click a link to know more. So, this was a much targeted attack. So, while the volume has decreased, it is not exactly good news. The attacks have become more dangerous, lethal and specific.

Since it is the age of cloud computing making technology easier to be accessed and executed, one can say that cyber attackers can hack the same cloud to penetrate into confidential information. What do you think are the measures that organizations should undertake to ensure protection from such possible attacks?

From the cloud, one can get data of not only one organization but of multiple organizations. There are however some initiative taken by the industry. One of them is by non profit organization called Cloud Security Assurance which has come up with payroll programs which certifies a cloud provider as to what degree of security they have.

 

Now social media is playing an active role in marketing, advertising and even hiring these days. How do you think a professional can secure his/ her information to prevent from falling prey to such attackers via this social media?

This is very critical situation. In social media, if one is over protective, then there are chances of being less productive. What is important is to strike a balance and create more awareness. To give an example, in a certain firm, the IT department in consultation with the HR sent a mail to all workforce saying that the appraisal policies have changed and that employees should click on the link to know further details. Later on, a second mail was sent saying that the earlier one was a fake mail and that from now on, employees should take caution prior to clicking on any such attractive looking links. Such kind of programs helps in educating the employees to be aware of such attractive looking mails and think before clicking on them. Now, the problem is no matter how much one is aware of the negative implications, the entire process looks so real that there will always be chances of falling prey. This is where the attackers take advantage of. In such a case, what is important is to invest in Real Time Security so that if an attack is made, the firm can research on the same and then come to a decision. So, it is mix of awareness and technology.

Your report also spoke about exploit kits which have competition among themselves to gain supremacy. This means there are huge chances of cyber crimes just to prove their own merit. In such a scenario, what measures should firms take to prevent from being targeted?

Most of these exploit kits work in an intrusive and stealthy way. It is very difficult to detect them initially. Once they enter a system, they remain in an observation mode to understand the operating system being used, the browser etc. The exploited machine sets up a controlled communication system with the attackerâ??s server. Once again, Real Time Security would be able to see this action. The final objective of these attackers is to steal data. Real time security will be able to predict this leakage and stop it . Websense also provides a unified content security which provides the functions I just described.

The cyber criminals tend to target the vendors, partners an consultants i.e. the weakest link in the data exchange chain. What kind of defenses these weakest links should undertake to prevent leakage confidential data?

It is difficult to expect very high standards from the customers, partners and contractors. But you have to ensure that you provide information to them on a need-to-know basis. You should send data where business needs are not met or you should not be sending data that is not properly encrypted.

Anushri Mondal

(anushrim@cybermedia.co.in)