• madhukeshwar bhat

Cybersec Newsletter-Q3’22

I am bringing out this quarterly newsletter, summarizing my key article publications done during Q3’22. Thanks for the great responses to my articles on Identity and Access Management (IAM) and wider cybersecurity topics. It has been an exciting journey so far.

Q3’22 has been the quarter of my video articles summarized below:

Zero Trust

There is too much talk about Zero Trust especially post COVID-19 pandemic. There are several questions such as - What is Zero Trust? - “Zero Trust” isn’t new; it is more than 10 years old. Why so much discussion on this topic? - Is this a tool or concept? Zero Trust is a concept; it is neither a product nor a tool nor a solution. The Concept of Zero Trust is that don’t trust anyone irrespective of whether the user is behind the office firewall or somewhere else. Although I would love to have a one-stop solution to this problem, there isn’t any. Like any other security implementation, we need to take step by step approach starting from strategy to implementation in adopting zero trust.

How to deliver a successful Cybersecurity Transformation?

“By 2025 Cyber attackers will have weaponized Operational Technology Environments to successfully harm or kill humans” – Gartner Cat and mouse games between the hackers and the enterprises are getting scarier day by day. COVID-19 has pushed more and more organizations into digitization. Of course, digitization brings in huge benefits in terms of operational efficiency and better user experience, but it also opens up new challenges needing protection from Cyber attackers. Hence, the key question is how to protect organizations from Cyber attackers in the era of rapid digitization? The answer to this question is the Cybersecurity transformation journey. Strategic alignment: A security initiative has to align well with the organization’s strategic priorities. This makes the Cybersecurity initiative a business enabler rather than merely a set of “controls”. The “control” kind of view portrays Cybersecurity as a hindrance to achieving success. Moving beyond Technology: Cybersecurity is often perceived as a “bunch” of techies trying to save an organization from being a victim of a hacker hiding behind a black hoodie! In reality, Cybersecurity is much more than this. Technology is just one side of the multidimensional coin. There are other sides, which are equally important. For example, an organization might have the best technology set up for securing passwords. If the organization lacks a strong policy framework that prevents administrative password sharing amongst the admin users, then even the best technology setup can’t save that organization from being vulnerable to internal threats. Prioritizing investment: Securing everything to the same extent gives a false sense of security. The most critical assets need the highest level of security, hence the investment focus needs to be these assets. For example, an IT system that is used to store customer transactions is of higher priority than an IT system needed for conference room booking.

Multicloud Security Part-1

“Computing may someday be organized as a public utility just as the telephone system is a public utility”- Prof. John McCarthy at MIT’s centennial celebration in 1961. The idea of cloud computing isn’t new. Perhaps, it took several decades for cloud computing to become a commercial phenomenon. Today, cloud has become an integral part of enterprise business strategy. Research firm Gartner predicts that 85% of organizations will embrace a cloud-first principle by 2025 and estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021. Organizations might start with either a private cloud or a single public cloud platform when they begin their cloud journey. As cloud adoption increases, organizations realize the need for multiple cloud vendors and start their journey towards a multi-cloud model. In the Cloud Security Alliance’s (CSA) recent research study, Cloud Security and Technology Maturity Survey, 61% of the organizations surveyed indicated that either they utilize hybrid cloud model (36%) or a combination of hybrid and multi-cloud (25%). In addition, organizations are adopting multi-cloud for several key reasons, such as to: · Leverage best in class features from various Cloud Service Providers (CSP) (29%) · Avoiding vendor lock-in (21%) · Reducing cloud concentration risk (16%) Multi-cloud approaches come with several benefits; though there are challenges as well. In order to realize the intended benefits, several challenges need to be addressed. Note: Taken from my article along with Rob Aragao, on Multi Cloud Security:

Multicloud Security Part-2

In my prior post, I covered the challenges of multi-cloud set-up from the security point of view. In this post, I am covering the ways to overcome the challenges. · Create cloud policies, standards and security baseline · Establish Visibility Across Your cloud Estate · Implement Automated Tooling · Drive Secure CI/CD Pipeline · implement Cloud Access Security Brokers (CASB) for enforcing policies around data security Note: taken from my article along with Rob Aragao, on Multi Cloud Security:

How to prevent Ransomware attacks?

What is a Ransomware? In layman’s terms- Ransomware is malicious software capable of holding computer devices and data for ransom. Similar to aeroplanes getting hijacked by hijackers, here computer systems get hijacked by the criminal hijackers with the intention of illicit financial gain. What happens when infected by Ransomware? When infected by Ransomware, either computer systems or data or both become inaccessible to legitimate users. When organizations are impacted by ransomware, they incur huge monetary losses. For example, if an e-commerce website is attacked by hackers via ransomware, the customers might not be able to access the website, hence the business comes to standstill; until the organization regains access to the website, the company loses its revenue. That’s not the end of it. The hackers have a free hand on the sensitive data they would have acquired via ransomware; the company loses its face and might also lose its customer base. The hackers would demand money if they were to release the hijacked digital resources back to the organization. The worry is that even if the organization chooses to make payment, there is no guarantee that the organization will get access back to its IT systems and data. This is because we are dealing with criminal hackers. Even if the hackers return the access, it could be incomplete data, that might not be of any use. How does Ransomware work? It is most common for Hackers to target the weakest link or a weak entry point to start with. It could be via phishing attack making one of the insiders click a malicious link inadvertently; a watering hole attack via infecting the most visited websites to target a specific user group; or any other most common ways to push malware into the organization’s IT system. After the malware gets its first entry, it isn’t hard for it to spread across the organization’s network. Once it gains the access to the most sensitive IT systems, it either locks the system or encrypts the data making it impossible for legitimate users to use the IT system. This is how the organization’s IT system’s control passes into the hackers’ hands. Now, hackers start threatening the company that they would either destroy the data or would not allow access by the legitimate users until they get the ransom they ask for. How to prevent Ransomware attacks? The good news is that - although the results of ransomware attacks look scary, prevention is not very complex. By following simple security guidelines, we can prevent a ransomware attack. - Spread Awareness - Ensure the IT systems are patched - Need to have well-defined data and IT system backup strategy even before you make a new IT system live. - Have the right security software

0 views0 comments