Venkat Krishnapur is the vice-president of Engineering and managing director at McAfee India. He has been with the organization for over 16 years now and has served various roles such as Head ISecG India R&D Operations, Vice-President of Engineering (Consumer and Mobile), Senior Director of Engineering, Director of Engineering and Senior Manager.
In an interaction with CSO India, he elaborates on how businesses can create a robust security posture in an era of zero-day attacks and unknown vulnerabilities.
What are the three biggest security challenges in the enterprise?
According to McAfee Labs 2019 Threats Predictions Report, we expect to see a rise in collaboration among cybercriminals to exploit the underground market that will result in increased sophistication in the threat tactics used by them. More partnerships will be forged via hidden hacker forums and chat groups online. These closed groups will serve as a marketplace for cybercrooks to buy malware, exploits, botnets and other off-the-shelf products to launch a cyberattack.
Mobile malware infections will rise exponentially with focus on Android platforms. Cybercriminals will increasingly use remote desktop protocol (RDP) to perpetrate ransomware attacks, as a proxy to steal credit card details or gain access to personal information that the victim has inputted in the online accounts. With the underground economy emerging this year, we expect to see cybercrooks leveraging artificial intelligence (AI) to become more agile with their evasion techniques. Attackers will use AI to automate target selection or inspect infected environments prior to deploying any malware.
Enterprises are widely adopting Software-as-a-Service (SaaS) models as collaboration tools and are moving their corporate data to the cloud. We expect a surge in attacks on these cloud-native services putting the confidential data in jeopardy.
Our Cloud Adoption and Risk Report revealed that 21 percent data in the cloud comprises of sensitive data such as intellectual property and customer data. Cybercriminals will utilise the cloud as a foundation to carry out man-in-the-middle attacks to launch crypto-jacking or ransomware attacks. Enterprises will be vulnerable to data exfiltration in their cloud databases.
Which technologies are disrupting the cybersecurity landscape?
The next big wave of innovation in cybersecurity solution is Machine Learning (ML) and Artificial Intelligence (AI) solutions. Advanced analytical tools, such as user and entity behavioural analytics (UEBA) leverage ML, deep learning, and other AI algorithms to enable broader analysis and more concise results due to sophisticated mathematical modelling.
However, identifying a threat is only the first step in a security response and analysts must still understand all the potential risk factors posed by a threat. Human-machine teaming that leverages both automation and intelligence at a machine level, removes this limitation of identifying these risks in a timely manner.
“Enterprises should deploy security solutions which will analyse the behaviour of non-familiar system applications in a sandbox to pinpoint vulnerabilities and automatically secure endpoints from new malware.”
On the other hand, AI can also pave the way for improved evasion. The accessibility of technologies such as artificial intelligence-as-a-service will enable cybercriminals to develop cyberattacks with increasingly sophisticated evasion techniques. With AI, cybercriminals will have the ability to automate target selection, scan for target network vulnerabilities, and assess the posture and responsiveness of infected environments to avoid detection before deploying later stages of attacks.
How can enterprises prepare better to deal with zero-day attacks and advanced persistent threats?
Zero-day threat is an umbrella term used to describe an attack that leverages a previously unknown bug or vulnerability which has not been fixed yet, ‘patched’ in a program. If launched in isolation, zero- day attacks do not inflict considerable harm on its victim, but if commissioned in conjunction with other exploits such as malware variants, can become potent cyber-attack tools. Advanced Persistent Threats (APT) are targeted attacks executed to steal confidential data, with the end goal ranging from espionage to disrupting a nation’s core networks.
Updating your software, computer and devices as soon as updates are made available eliminates zero-day vulnerabilities and enhances your security posture. Reducing the number of applications being used offers fewer opportunities there are for zero-day vulnerabilities to exist on your device.
Almost all organizations are prone to APTs and zero-day attacks. Organizations can better thwart these attacks by setting up a dynamic trust model and innovative security features such as real-time behavioural analytics, auto-immunization of endpoints and local, global reputation intelligence.
Businesses can further enhance their security posture by enforcing controls on linked or disconnected servers, virtual machines, endpoints and legacy systems. Enterprises should deploy security solutions which will analyse the behaviour of non-familiar system applications in a sandbox to pinpoint vulnerabilities and automatically secure endpoints from new malware.
What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the coming times?
To stay ahead of cybercriminals, organizations should embrace the self-learning capabilities of AI-enabled security tools to analyse datasets and find anomalies in the patterns over time. Automated Threat Intelligence will help companies develop a more proactive approach than taking reactive, corrective measures post a cyberattack.
The current scenario sees many man hours being spent on analysing the complexities in the attack and refocussing agency priorities to bring things back to a normal working state. Business leaders are thus weighing the benefits of automating the routine tasks to optimize cybersecurity staff and enhancing security systems. AI solutions will automatically detect publicly known threat vectors, sift through available data and determine next possible steps of a cyber attacker to develop a resilient defence mechanism. With intelligent recommendations and detailed forensics, there will be a reduction in false positives and playbooks thus created will guide experts on next best steps.
The threat landscape is evolving, and organizations will be required to up their cybersecurity infrastructure by involving their employees in security policies and building a culture of security. We will see a shift from detection based on threat signatures to automated program analysis for cybersecurity. Companies will adopt security automation to become innovative and proactive in their security approach.
What is your advice to CSOs and other top-level security management professionals?
If we were to summarize data breaches and infiltrations, the key causes usually are the 4 P’s: People, Phishing, Passwords and Patching.
People: Over 15 percent of breaches have happened because of internal violations – either willfully or inadvertently from insiders within the enterprises. We need comprehensive internal safeguards with policies of least privileges that are carefully monitored and changed at regular intervals to minimize the threat vectors. Additionally, enterprise wide security training is critical to ensure that employees are constantly made aware of the risks and trained to stay safe when they are online. Administrator controls need to be rigorous in particular.
Phishing: This is the easiest and most common form of attack where victims are tricked into clicking on malicious links or revealing security information. Post that, the cybercriminals gain access to critical resources on the network and move horizontally, garnering data and breaching systems. Spear phishing, where e-mails purportedly from known contacts are most common in industrial espionage attacks.
Passwords: Another commonly occurring mode via which the hackers gain access to systems and breach networks and systems. Strong passwords followed by regular changes to the passwords at an appropriate frequency is a must and needs to be part of an automated security compliance process.
Patching: Between ignorance and reluctance to ensure systems are constantly updated with the latest patches, result in system vulnerabilities that could be potentially exploited at will by hackers. An automated patch management system that includes vulnerability assessment on a regular basis is critical to ensure that systems stay up to date and minimize the chances of attacks or being exploited.
A Protect, Detect and Correct approach requires CISOs to ensure they have the right processes in place that also includes emergency response management and disaster recovery protocols in the event of a breach.
Unless a comprehensive approach to security is taken, enterprises will remain vulnerable to attacks leading to significant loss of branding and trust with their customers – which ultimately leads to significant loss of credibility with direct negative impact to their business that could be catastrophic.