Cyber Security World 2022: Strengthen Cyber Security by Shifting to Cloud with Lighthouse Canton's Sumeet Srivastava
In the age of advanced cyber threats, Lighthouse Canton's Vice President - Technology Head, Sumeet Srivastava, shares his thoughts on how organisations can protect their cloud platforms. Get your free ticket to hear more from Sumeet at Cyber Security World Asia 2022 on 12-13 October.
Q: What do you feel is the biggest cyber security challenge facing the BFSI industry within the next year? What impacts does this challenge have? And how can we overcome this challenge?
The first challenge that comes to mind is that while we talk of ransomware and phishing, one of the biggest threats is social engineering. People are often the most vulnerable link in the security chain. They can be tricked into giving over sensitive details and credentials.
Social engineering takes many forms and it is important to keep your employees informed about social engineering tactics and how these threats continue to evolve.
Secondly, AI and machine learning are now becoming essential to information security, as these technologies are capable of swiftly analysing millions of data sets and tracking down a wide variety of cyber threats — from malware menaces to shady behavior that might result in a phishing attack. As AI systems use data sets, you must acquire many distinct sets of malware codes, non-malicious codes, and anomalies. Without huge volumes of data and events, AI systems can render incorrect results and/or false positives, and getting inaccurate data from unreliable sources can even backfire.
Q: Do you have your eye on any specific technology or cyber security strategy that can help financial organisations protect themselves from cyber threats, and why?
We need to go beyond technical controls to build a holistic program that protects the enterprise.
Understanding the true costs and impact of cyber security programs shows that more spending doesn’t necessarily lead to better protection. Companies need to understand how to use organisational structures and governance to enhance cyber security protections.
Companies must focus on their strongest protections on their most important systems and assets. To survive in the age of advanced cyber threats, we need to understand how to apply threat intelligence and analytics. Comprehensive dashboards can accurately identify, size, and prioritise cyber threats for treatment. Information technology, cyber security, and risk professionals need to work together to protect their organisations from cyber threats.
Q: Threats to cloud security and data breach risks are expected to increase significantly. What are some common risks to cloud security or low hanging fruit for criminals, and how do you go about tackling them?
As we move to cloud, we need to ensure that we are clear on the scope for cloud service providers (CSP) and organisations. There are a few things we need to ensure:
1. Limited Visibility
When businesses shift operations, workloads, and assets to the cloud, the move transfers the responsibility of managing some of the systems and policies from inside of the organisation to the contracted CSP. This results in a forfeiture of some visibility into network operations, resource and services usage and cost. Organisations must take care to monitor their cloud services usage with additional tools like cloud security configuration monitoring, network-based monitoring, and additional logging.
2. Compliance Issues
Organisations need to be diligent to make sure they remain in regulatory compliance with the requirements specific to their industry and geographical location. When using cloud-based services for your data, you must ensure that data access and storage needs around Personally Identifiable Information (PII) are being met by the service provider in line with regulatory bodies.
3. Data Loss
Backups are critical as a defensive tactic against data loss, and cloud storage is considered highly resilient due to redundant servers and storage functionality across various geographic locations. However, more and more often, SaaS providers are falling victim to ransomware attacks that compromise customer data — and cloud storage is still vulnerable to the same disasters as anything else.
Q: What would be your biggest piece of advice for fellow technology leaders and cybersecurity professionals who are looking to strengthen their cloud security?
We should ask ourselves few questions to ensure we are aware of the potential threats as we move to cloud:
- Do we understand the organisation’s current exposure to cyber threats?
- Do we review the readiness of ourself and cloud providers?
- Do we evaluate overall risk tolerance?
- Do we review the readiness of self and cloud providers in the event of an attack?
I would advise organisations to consult a trusted cloud security advisor in order to benefit from industry best practices and build cloud security into the design. Cloud security misconfigurations expose organisations to risky and expensive cloud security threats, which cause real danger well before the threat can be managed.
Visibility is particularly important in cloud security because you can’t secure what you can’t see. With so many different resources running across multiple public and private clouds, visibility becomes an even greater issue.
Adopt zero trust security in everything that you do for networks, people, devices, data and workloads. Make sure there are security perimeters around each of these areas and that your organisation is only giving access based on minimum permission and privilege levels to both its people and applications.
Q: What do you feel is the value of in-person events like Cyber Security World Asia, and why would you encourage fellow business leaders to attend your sessions?
Such events are great, as first and foremost, it shows how critical cyber security is in today’s world, and we all need to collectively fight against it for our respective ecosystems.
It’s also a platform to hear and meet different minds across the globe who have focus on this and have been working to protect against attacks.
Cyber Security World Asia also gives an exposure to many new emerging technologies and tools in place. The event keeps us up to date on the latest market trends and how we should stay appraised of the new emerging trends in market.
Sumeet will lead a session on Strengthening Cyber Security With a Gradual Shift to Cloud at Cyber Security World Asia.