The year 2017 witnessed a huge number of cyber attacks, which includes incidents of phishing, website intrusions and defacements as well as ransomware attacks. Samir Kapuria, Senior Vice President and General Manager of Symantec's Cyber Security Services, in conversation with Business Today's Nidhi Singal talks about what is making these cyber attacks a common occurrence and what businesses can do to keep themselves safe.
Q. How many cyber attacks have happened in 2017 so far and how many of them affected Indian computers? What is the number of PCs attacked by popular cyber attacks in India this year?
A. As an increasing number of consumers, enterprises, and governments alike embraced digital in 2017, it opened equal number of avenues for cyber criminals. Globally, this year has seen an inordinate number of cyber security meltdowns across industries: from ransomware, to leaks of spy tools from US intelligence agencies, exposed voter records, several data breaches such as HBO, Equifax and so on. According to data from the Indian Computer Emergency Response Team, over 27,000 cyber security incidents were reported in the first six months of this year- at least one cybercrime was reported every 10 minutes. These incidents included Around 37 incidents of ransomware attacks were reported and of these, 34 incidents were of Wannacry and Petya. Cyber-incidents of 2017 serve as a reminder of how critical the role of cyber security is in today's world.
Q. Why is India becoming vulnerable to such attacks?
A. India is as vulnerable to cybercriminals and cyberattacks as other parts of the world. As the country is undergoing digital transformation, the adoption of Information Technology, is becoming even more pervasive. Modern technologies such as Internet of Things (IoT), cloud, mobile applications have become an integral part of corporate as well as consumer lifestyle. As people conduct more of their lives online, attackers are increasingly focused on using the intersection of the physical and digital world to their advantage. The new class of professional cybercriminals spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fueling the growth of cyber crime. According to Symantec's ISTR vol. 22, India has been ranked fifth most vulnerable country in terms of cyber security breaches in the world in 2016.
The need of the hour is intelligent, next-gen threat protection solutions that go beyond the traditional and ensure an upper hand on adversaries. By pooling in global threat intelligence tools, making efficient use of data analytics and machine-learning technologies, and by recognizing the evolution of cybercrime in today's hyperconnected age, individuals and corporations can avoid vulnerable situations and data breaches. With greater regulatory controls around individual privacy rights and corporate integrity, we can thus choose to be more secure than ever, in times when there are more security threats than ever before.
Additionally, cyber security is not just about employing the right kind of technology, it also requires good digital hygiene on the part of everyone; both at home, and at work. Education and greater awareness of cyber security issues are fundamental steps towards becoming a more digitally healthy State.
Q. With all the data moving on the cloud, what security measures should business adopt?
A. Cloud adoption is accelerating in the enterprise, but at the same time, the complexity to monitor and protect cloud data is also increasing. In fact, according to Symantec data, CIOs have lost track of how many cloud apps are used inside their organizations.
We believe an integrated approach to cyber defence spanning across information, cloud, network and endpoint is the best approach to protect against most threats, information centric approach which allows businesses to set policies that ensure critical information is protected regardless of where it goes, while easing the responsibilities of document tagging for IT and ensuring compliance with industry and regional regulations.
Limiting employees to using secure, popular file-sharing apps like Office 365 and Box cannot fully mitigate risks to cloud data from employee misuse or account compromise by hackers. Enforcing smart cloud data governance practices, such as identifying, categorizing, and monitoring the use of all cloud data, is critical to prevent data loss.
Q. What kind of loss does a business incur due to a cyber attack?
A. A cyber attack puts everything at risk - an organization's brand, reputation, and intellectual property. A cyber-attack can also lead to regulatory and compliance issue - elevating the agenda to a board-level concern. Compromise is expensive and it is essential that organisations conduct comprehensive risk assessments to identify and manage jurisdictional, governance, privacy, technical and security risks.
Q. Can you predict a future attack? If so, how do you determine the upcoming attack?
A. One of the inherent risks of adopting emerging technologies is the level of security these innovations have built into them. It can be nearly impossible to detect and respond to the unknown threats of the future because we haven't seen them before. However, technologies like Symantec DeepSight Intelligence helps enterprises to be less reactive and more predictive in making better, faster decisions about evolving threats. It provides a deeper understanding of the threat landscape, so organizations can make more informed decisions to proactively mitigate cyber security risk. Technical and strategic intelligence keeps security and intelligence teams informed of industry-specific vulnerabilities, providing advanced analysis of attacks, and sharing the motivations and techniques of threat actors.
Q. What is Symantec Cyber Security Services focusing on and how is it empowering Indian businesses?
A. Symantec Cyber Security Services prepares organizations for every stage of the attack lifecycle through global threat intelligence, advanced analytics, and a network of cyber warriors with the experience and expertise required to protect organizations from internal and external attacks. Symantec Cyber Security Services extends the capabilities of customer security teams and enables them to strengthen their cyber security posture and to detect and respond to attacks more quickly and fully - before, during, and after an attack. Bringing consistency and knowledge to each customer environment, our Cyber Security Services analysts understand global threats, device onboarding, industry and security maturity, intelligence gathering, programming, malware analysis, data mining, and threat hunting.
Symantec's Cyber Security Services has security operation centers (SOCs) across the globe that analyze 100 billion logs worldwide each day. This provides enterprise-wide protection, helping organizations bolster defenses and respond to new threats as they emerge 24x7x365. Symantec Cyber Security Services is focused on empowering Indian businesses to protect their on-premise as well as fast growing cloud environment through every stage of an attack lifecycle. Our Security Operations Centre is in Chennai with 100 dedicated security professionals servicing customers globally.
Q. Cyber attacks have been happening in the past but what has made them big in the recent years?
A. As the world is undergoing digital transformation, it is becoming more interconnected where systems are growing more complex, handling more information, and their exposure to vulnerabilities is increasing due to an increased attack surface. Add to that the proliferation of cloud which is changing the way enterprises, employees and customers use technology. In this scenario, lack of robust cyber secure infrastructures is posing immense opportunity for cyber criminals to explore newer territories and exploit systems.
While cyber crime is not a new concept, in the past few years, its scale and magnitude have increased multi-fold for various reasons - it is no longer about hacking a password or bugging a computer. Today's cyber criminals are skilled enough and sufficiently resourced to have the persistence and patience to carry out highly successful attacks on consumers, businesses and governments around the world. Furthermore, attackers are using simple techniques, but with sometimes devastating results. Their efforts have turned cybercrime into big business with private information being stolen on an epic scale - we identified seismic shifts in motivation and focus in 2016. We have seen an increase in multi-stage malware, malware disguised within encrypted traffic, and credential harvesting as a mechanism for advanced persistent threats. Zero-day vulnerabilities and sophisticated malware are now used sparingly, as nation states shift their attention from espionage to straight sabotage.
As Indian enterprises embrace new technologies, cloud applications and infrastructure, they require a deeper security understanding and strong proactive security measures to gain the upper hand on adversaries. The Cloud Generation in specific requires stronger protection, greater visibility and better control of critical assets, users and data. It is clear that Cyber Defence requires new thinking and that Traditional SIEM (Security Information and Event Management) is not sufficient. Enterprises need an intelligent next generation threat protection solution that doesn't just address one or two capabilities but provides end-to-end protection through a holistic approach.
Q. What are the security measures that businesses should adopt to keep themselves safe from cyber attacks?
A. As attackers evolve, there are many steps businesses can take to protect themselves. As a starting point, we recommend the following best practices:
- Don't get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents
- Prepare for the worst: Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises
- Implement a multi-layered defense: Implement a multi-layered defense strategy that addresses attack vectors at the gateway, mail server and endpoint. This also should include two-factor authentication, intrusion detection or protection systems (IPS), website vulnerability malware protection, and web security gateway solutions throughout the network
- Provide ongoing training about malicious email: Educate employees on the dangers posed by spear-phishing emails and other malicious email attacks, including where to internally report such attempts
- Monitor your resources - Make sure to monitor your resources and networks for abnormal and suspicious behavior, and correlate it with threat intelligence from experts
A. Given the alarming rise in cyber attacks and crimes over the recent years, businesses and enterprises should invest in cyber insurance as a means to reduce and mitigate the overall risks and financial losses. However, there are no insurance policies that can "prevent" a cyber attack per se. The key is to understand and address cyber risks however, unlike natural catastrophes, where insurers have a geographically contained footprint, companies impacted by cyber attack cross geographic boundaries and are difficult to track. Big data analytics from major technology companies with a large install base can provide modeling for how a risk is likely to spread. Data-driven methods can help model historical events and learnings about the impact of cyber aggregation scenarios.
Understanding emerging cyber risk may seem challenging but as interconnected technologies permeate all aspects of the global economy, the problem is too important for insurers not to understand. Addressing cyber risk will require collaborations between the cyber security industry, insurers and organisations. Together, the cyber security and insurance industries can make the economy more resilient to the most important risks of the 21st century.