Muneeb Imran |
Cyber Warfare is no longer a distant reality, where various nation states are allegedly posing Advanced Persistent Threats to another state, the private organizations especially carrying Personal Identifiable Information (PII) or Personal Health Information (PHI) are at times more vulnerable to such attacks because this wealth of information held by large well known organizations is extremely valuable. Take the example of Facebook as it contains the data which reflects the users’ behavior and patterns to what they “share”, “like” and “comment” on. Cambridge Analytica was recently questioned for providing this valuable data, which many believe left an impact on US Presidential Elections 2016.
A common example for readers to understand Multi Factor Authentication would a Password which they know and the One Time Password (OTP) that user will receive on his phone number to authenticate his credentials after password entered in previous stage is accepted.
Organizations are compelled to continuously improve their Information Security posture to avoid the situation of Data Breaches. Recent years have seen that Financial Sector in particular has been a constant & attractive target for Cyber Criminals in comparison to other sectors like Retail & Hospitality, Health, Energy & Telecommunications etc. This pattern has been observed across all regions and was also mentioned by Mandiant Consulting in one of their recent M-Trends Report for Year 2018.
Organizations which are attractive targets are constantly battling with Cyber Crimes to protect their Business & Data but the challenge posed to many organizations is the dearth of Cyber Security Personnel. The Immediate Challenge such organizations face is with the availability of skillset who can respond to such scenarios in early phases of attack, carry diligent investigation and provide remedy or counter solutions to such cyber threats.
Early Detection of such attacks is critical to prevent the attackers from deep infestation which would later require further skilled resources to determine the damage caused, the gravity of such incidents further increases if the security analysts lack the capacity to identify the attack as malignant or benign. While the scarcity of specialized cyber security resources is not diminishing but Organizations can still mitigate the Risk posed by this challenge relying on three Pillars which are “People”, “Management Processes” & “Technological Solutions”.
When it comes to people, organizations will have to develop career pathways and invest in enhancing their current capabilities through trainings and evaluations. Having Effective Evaluation Program is of extreme significance as we often tend to downplay the importance of having an energetic & motivated workforce with appropriate skills. Any Organization that lacks in establishing career pathways is likely to have disgruntled and demotivated employees, constantly on the lookout for alternate options and such demotivated workforce lacking vigilance & diligence is highly likely to aggravate the pain that an organization will already be facing while combatting Cyber Security Threats from external forces. If there arises a situation for lack of specialized human resource then such operations can also be outsourced to specialized organizations offering those services.
Management Processes are of extreme Importance and glue the Human Resource capabilities & Technology together. While investing in Human resource and enhancing their capabilities is extremely important, it is also noteworthy that humans are the weakest link in your Security posture therefore you need to have mature management processes, an effective Vulnerability management, Patch management, Incident Management & Change Management are necessary to develop and maintain your Network’s Security Hygiene.
Cambridge Analytica was recently questioned for providing this valuable data, which many believe left an impact on US Presidential Elections 2016.
Think of an Organization that has all the necessary technological tools & solutions in its armory and an equally skillful workforce but does not have an effective Incident Management program or a change management program in place. Such an organization would always roll out changes without testing them out in test labs and in the absence of Incident management program, it won’t be able to respond appropriately in time and will continuously fail to learn from previous failures or errors. An Absence of Effective Vulnerability & Patch Management would allow attackers to leverage unpatched vulnerabilities in the Organization’s Network. Also an effort should made to automate manual process as turn up into overheads.
Similarly Data Classification policies hold immense value. Organizations that hold Personally Identifiable Information (PII) or Personal Health Information (PHI) do not just need to have classification labels but also needs to be aware about its location and current protection mechanisms.
Technological Solutions can be discussed length but I would confine myself to a number of considerations that are essential for organization. To start with all technology decisions should be made with business strategy and direction in purview. Cloud Computing has allowed organization to move from making Capital Expenditures to only Operational Expenditures, where instead making huge investment on infrastructure and data centers they now have the luxury to pay only for the services they purchase from Cloud Service Providers. When transitioning to Cloud Solutions, it is imperative for customer organizations to understand the responsibilities that fall on Cloud Service Providers and the ones that fall on Customer Organization’s part. Similarly ensure the SLA definitions are there to ensure availability of services and business processes in case of Disaster or contingency causing disruption or degradation in operations.
There is a dire need to have hardened and strong Identity & Access Management Solutions in place as their abuse can provide attackers with easy access to your resources and data. Even today many financial organizations either do not have a Multi Factor Authentication (MFA) in place or do not have a genuine Multi Factor authentication mechanism where the user is inquired for his credentials from two different channels. A common example for readers to understand Multi Factor Authentication would a Password which they know and the One Time Password (OTP) that user will receive on his phone number to authenticate his credentials after password entered in previous stage is accepted.
With Cyber Attacks becoming more frequent and sophisticated, it is imperative upon organizations regardless of size and industry to start considering Cyber Risk Management a Priority.
Muneeb Imran is a data solutionist, Information Security Engineer by Profession in Multi-National Telecommunication Organization based in Saudi Arabia. He is an active reader with a deep interest in information security, foreign policy, International Relations and Cricket. He can be contacted at firstname.lastname@example.org. The views expressed in this article are authors own and do not necessarily reflect the editorial policy of Global Village Space.