On the first day of the CIO Year Ahead 2017, Vishak Raman, senior regional director for FireEye India and SAARC, conducted a session on how cybersecurity is keeping CIOs and CISOs up at night and also threw light on some of the must have cybersecurity solutions.
He started the session by talking about demonetization and the infamous debit card breach.
“As we move to cashless economy, the digital payment companies are witnessing a spike in their transactions, there is a risk element building up silently. Are we prepared for that? Despite having large security measures and budgets, compromises do happen,” said Raman.
How do we prepare ourselves for cyber resilience?
Today network is all over the place and data resides in these networks. He said that there is an urgent requirement to understand that the nature of attacks have changed. “The three four cyber threats which enterprises face are vastly expanded attack surface areas, targeted attacks and CISO’s are finding it difficult to define security ROI to executives,” said Raman.
Apart from the above mentioned threats, another challenge faced by the enterprises is how to manage the alerts and when to prioritize what. Raman said that according to one of the recent surveys done by FireEye, it takes an average of 146 days to notice a hidden cyber intruder in the network, worldwide. However, the figures are worst in the APAC region with 520 days on an average.
“This could certainly have huge implications on your business. The company faces legal implications along with financial and reputational losses. Therefore when you are breached, you need to understand the motive behind and respond quickly,” said Raman.
So, once the breach has happened, how should an enterprise prepare itself?
There is a strategic approach to it which is long term. Enterprises need to examine the risk associated with their company. The other way is to look at it from an operational perspective, where the organizations need to pay attention to the alerts which require priority.
“It is very crucial to rely on partners during the time of an attack and then regain position to investigate further on the breach,” said Raman.
The must do’s after a breach are identifying the attack, checking the scope of compromise from the enterprise level, accessing the data loss, removing the attacker at entry point and re-securing the network to get to the ground level. The response to the threat should be in a proactive hunting mode and not a reactive or defensive mode.
Raman concluded the session by saying that, “FireEye as a service provides proactive hunting mode. We are armed with research, equipped with good amount of cyber threat intelligence and how to investigate the breach and resolve.”