Emerging Trends in the Current Cybersecurity Landscape

By siliconindia  |  Wednesday, 19 July 2023, 19:45 IST

Sherif is a seasoned industry professional specializing in the areas of relationship building, business growth, global cross-functional team development/management, client management and market strategy. He boasts of a career spanning over 22 years, during which he has worked with multinational corporations such as Siemens, Intel Security, FireEye, and Symantec, before joining CrowdStrike in 2020.

Siliconindia recently got a chance to interact with Sherif El-Nabawi, Vice President - Solutions Engineering, APJ, CrowdStrike, wherein he shared his insights on the current cybersecurity landscape in India and various other related aspects. Below are the excerpts from the exclusive interview

Share your opinion on today’s cybersecurity landscape in India

Changing regulatory landscape, advances in technology, and the growing volume & innovation of cyber threats has resulted in the cybersecurity landscape in India to undergo thorough metamorphosis. Some of the common mistakes we see with individuals and organizations include reusing passwords, using outdated/unsupported software, not using antivirus software & firewalls, opening links/attachments in suspicious emails, using unsecured Wi-Fi networks in public places, failing to back-up data on cloud and granting excessive permissions to users. According to the CrowdStrike’s Global Threat Report, 80 percent of attacks use compromised identities, while interactive intrusions involving hands-on keyboard activities by adversaries increased by 50 percent in 2022.

This dynamic environment requires the adoption of stronger cybersecurity measures by both individuals and organizations. Thus, most companies are utilizing multiple layers of security solutions by gathering data from disparate and disconnected sources. This makes it challenging to analyze the information collectively and diminishes the value of insights produced from this data. To tackle these cybersecurity challenges, the Indian government has launched initiatives to promote cybersecurity awareness, and large investments have been made to enhance the cybersecurity infrastructure.

Overall, the cybersecurity industry in India needs to shift towards a more proactive and consolidated approach. There is an increased focus on leveraging threat intelligence to identify and mitigate potential risks. Organizations are recognizing the importance of incident response planning and investing in technologies such as AI, cloud computing, and blockchain to enhance data storage, processing and security capabilities. By embracing these advancements and implementing comprehensive cybersecurity strategies, India can better protect its digital assets and combat evolving cyber threats effectively. While consolidating the security stack will help to reduce complexity and cost, it will also provide greater visibility across the business and yield more relevant insights from the data gathered.

Briefly explain about the drawbacks of traditional signature-based security against advanced malware-free attacks

Some of the major drawbacks of signature-based security are the necessity to see the file or behavior before, an active manual software update and the need for a device scan to ensure protection. This has resulted in the rise of malware-free attacks, thus rendering signature-based security obsolete. This is partly due to adversaries’ prolific abuse of valid credentials to facilitate access and persistence in victim environments. Another contributing factor was the rate at which new vulnerabilities were disclosed and the speed with which adversaries were able to operationalize exploits. However, with the growing focus on generative AI, adversaries will look to compress the time down from the discovery of some exposure to its exploitation. Currently, the timeframe for this is days or weeks but with generative AI capabilities, it may take minutes moving forward.

What is the role of XDR, IDP and EDR solutions in providing comprehensive visibility across an organization’s architecture security?

XDR, EDR and IDP solutions play a crucial role in providing comprehensive visibility across an organization's architecture.  XDR can help solve some of the toughest challenges security teams face, helping them to fight adversaries. XDR offers three significant advantages for organizations - consolidated threat visibility, hassle-free detections & investigations, and end-to-end orchestration & response. By increasing visibility, simplifying operations, and accelerating identification and remediation across the security stack, XDR helps detect and respond to advanced attacks, ultimately preventing breaches.

EDR focuses on endpoint telemetry, providing essential insights into compromised assets, correlating threat data across domains, and isolating complex attacks. By starting with EDR, XDR solutions can effectively analyze threat data and quickly identify the root cause of incidents. On the other hand, Identity Protection serves as the first level of detection for Active Directory Security by enabling frictionless security with real-time threat prevention and IT policy enforcement using identity, behavioral and risk analytics that combine with nearly any MFA/SSO provider to challenge threats in real-time.

When it comes to identifying and mitigating cyber threats, there are several latest technologies that play a crucial role. A notable one among them is identity threat protection, which offers comprehensive protection for all types of identities within an organization. By authenticating every identity and authorizing each request, identity security helps maintain security and prevent various digital threats like ransomware and supply chain attacks.

Tell us a few factors a business must consider while selecting a cybersecurity solution.

Some of the key factors businesses must consider while selecting a cybersecurity solution are firstly, the solution should provide robust threat detection and prevention capabilities, utilizing advanced signature-less technologies like AI and machine learning. It should also provide comprehensive coverage across endpoints, networks, and cloud environments. Additionally, the solution should have strong incident response capabilities, enabling quick and effective response to security incidents. Further, it should offer scalability and flexibility to adapt to evolving business needs and technological advancements. Lastly, businesses should also do a thorough research on the reputation and expertise of the cybersecurity provider.

How do you expect the cybersecurity landscape to evolve in the days to come?

The cybersecurity landscape is expected to continue evolving rapidly. As technology advances, so do the tactics, techniques and procedures (TTPs) employed by threat actors. With the increased use of digital technologies and systems, cybersecurity remains a top priority for both organizations and individuals. Identity theft will be the top threat vector in 2023 and identity providers will play a critical role in helping to protect user credentials. In 2023, we will also see a growth in the weaponization of data as extortion becomes the most common TTP used by e-criminals.

ON THE DECK

siliconindia