Mapping User Behavior - The Next Step towards Securing Your Digital Infrastructure

COVID-19 may have emerged as a global pandemic; but for cybercriminals, it is a lucrative opportunity to earn and grow their dark shadow. According to Cyble, the personal data of 2.9 crore Indian job-seekers was posted for free on dark web, while another report by Verizon states that financial gain remains the key drivers for cybercrime. While cloud-based application tops the chart, web application attacks have doubled to 43 percent, whereas 67 percent of breaches are caused by credential theft, errors & social attacks, and around 37 percent of credential theft breaches used stolen or weak credentials. Another report by Sophos says paying for the ransom doubles the cost of recovering from a ransomware attack, and around 82 percent of Indian organizations were hit by ransomware.

As the corporate world has entered a new phase of work culture during the pandemic, the crimes have increased multi-fold. Hence siliconindia interacts with Argha Bose, Head – Cyber Security and Risk Business, Tata Advanced Systems, to discuss this changing work culture and the way forward for companies to secure their corporate network and even their employees.

The pandemic has turned the work culture upside down, and work from home is here to stay for long. What measures would you suggest organizations & employees to take to keep a check on cyber-attacks?

It is important to understand that organizations need to evolve around or switch over to an environment which traditionally they were not used to. Though countries like US and UK already have the work from home culture and would have put best practices in place, it was quite a rush for India to adopt the practice and hence we see such a large number of phishing attacks on our corporates.

Just as every crisis brings an opportunity to rethink, this pandemic has transformed the question of how to operate securely and vigilantly into action. Traditional organizations who never through of work from home as an option have started to think on two counts: bringing in more flexibility & efficiency, and how to manage distributed workforce.

"As cyber security experts, we are also learning everyday as the old, classical methods that we knew or learnt have literally gone down the drain "

Hence it becomes critical to protect the IT environment on both ends – at employee’s home and at office premises. However, the most common resolve is to provide VPN access to employees. But as organizations never prepared to give VPN access on such a large scale, they are struggling to provide seamless solutions and finding a patch work to provide access to every individual.

The old perimeters and multi-layer protection models have all collapsed. Now the cybersecurity measures have to be redefined. Organizations have rethink the whole model by keeping employees at the center of distributed workforce, which means that the focus has now shifted back from the perimeter walls to the users. In the world of cyber security, the weakest link is your people. Hence despite having the best infrastructure and security measures in place, if your employees are not in secure environment or not been communicated/educated about the security measures, then we are in a bowl of hot soup.

The workforce has switched over from a controlled network to an unsecured network. The families too log in to the same network as your employees. As there devices are not protected/secured as an organization’s device needs to be, it poses huge security challenges for the companies. On the other hand, many organizations who were not prepared for work from home in such large scale have allowed their employees to use their own device, which brings in additional challenges. Hence it is important that companies shift their focus to map user behavior.

As security experts, our work is to protect the digital assets, and who have access to those assets. It becomes important to do a quick validation to define what are critical assets, how are they being currently used and by whom, what kinds of rights do they have to access those information and most important, do they actually need those accesses. Calculating these have become an important aspect of making sure that we have controlled access. And so several organizations have started to talk about zero-trust architecture, which means by default nobody has access to anything and you need to earn the right to gain that access either because of your role or your business. That is why controlled mechanisms like multi-factor authentication and secure access has to be in place to ensure that when people access those environment, they are properly authenticated & validated. To curb most of these challenges, organizations need to educate employees at all levels and strategically inform about the process of phishing attacks.

How about the companies whose digital assets are managed by third parties?

They too are going through the same chaos as we are! Many displaced and several not having access to the infrastructure or network use their own personal network, thus posing huge security risks for their clients. In such process, compromises happen and credentials get shared while working in unsecured network.

The fast changing mode of cyber-attacks pose a challenge even for cyber-security experts. How should they prepare themselves to deal with these challenges?

This is a very important aspect! The world has suddenly opened for all. As cyber security experts, we are also learning everyday as the old, classical methods that we knew or learnt have literally gone down the drain. Hence cyber security experts need to quickly adapt to the changing environment and the needs, which can be achieved by following few processes. Firstly, we need to start thinking out-of-the-box and without being conservative, we need to talk to cyber security professionals to understand how they have done the magic. I always say that every individual does not need to reinvent the wheel, we can learn the best practices from other experts.

As most of the employees are out of the corporate network, there is no way for cyber security experts to trust anyone. Hence they need to start with giving bare minimum access to people, with proper justification for that need. Many-a-times experts focus on just device monitoring and not the users. But it is time we shift our focus to user behavior pattern, start learning those patterns and understand & analyze them using technologies like AI and ML to do risk-based analysis. This could be on the authentication level as to why an employee is logging in from different places so frequently, which is not a normal trend.

As experts we need to pick such hints (patterns) to detect the attack or threat. On the other hand, the attacks have also become too complex. A phishing link is becoming an old story. Observing behavior will be your master stroke as it will always ride on the user access. So be prepared for the war footing in such times!

How are startups doing compared to big organizations in terms of securing their network?

Contrary to the usual thought, startups are much well-prepared for such times as most of the startups follow work from home culture. As they are familiar with this environment, they have already put such security measures in place to counter any cyber-attack. But yes, startups are more financially hit during this pandemic, which means their investment in securing or creating secure environment might not be as much as a large organization.

With Un-Lock 1, many employees will be returning back to their office. What precautionary measures should the IT department take as employees will bring devices used in their personal network?

True! We have spoken a lot about work from home. It’s time we discuss return to work. When coming back to secured environment from an unsecured one, no one knows what you are carrying in your devices. Hence cyber security experts need to device strategies to counter the threats and kill them sooner.

How you can do this? Look at every device as a suspect, set up a clear cut procedure of how people come in, the necessary scanning of devices to track malware or anything that could impact the organization at large. Most important, make sure that the returning employees start their journey with least privilege access and gradually move forward. 

There is an increase in COVID-19 related cyber-attacks. What would you recommend to put a check on it?

The attacks have become very complex. Around 4000 COVID-19 related domains have been instilled this year, so there is an increasing number of people falling prey to such attacks. The VIPs are on top of this target list as they carry very sensitive data/information in their devices. Imagine if that gets compromised! This may lead to not just targeted phishing but also exposing those valuable data in the dark web world.

My recommendation is using multi-factor authentication where you have several steps of authentication process for your applications so that even if your accounts get compromised, it doesn’t lead to complete handover to the cyber criminals.

Read More News :