Human errors continue to play a significant role in physical and cyber disasters
Published by : Industrial Automation
Rajesh Dhuddu, Practice Leader – Blockchain and Cybersecurity, Tech Mahindra.
The number of cyber-attacks in India increased drastically in 2020 according to a leading expert. How serious is the threat?
The pandemic induced remote working has increased the overall risk posture for both, large enterprises and small and midsize businesses (SMBs) in India. In particular, SMBs, some large Indian franchisers, and hyperlocal delivery apps among others, have been seriously impacted through ransomware attacks. Cyber-attackers also are changing their techniques and tactics and are now increasingly taking advantage of Covid-19 related news and charity initiatives by creating fake news, and spoofed websites to lure people and steal their credentials. Even now, as India awaits the rollout of Covid-19 vaccine, fraudsters are using vaccine registration portals for cybercrime. It has been estimated by the National Cyber Coordination Centre that four lakh pieces of malware are found every day in India and 375 cyber-attacks are witnessed daily. These attacks are serious in nature and cause financial damages, irreparable damage to brand and reputation, and loss of productivity.
What are the most common cyber threats and how best can organisations counter them?
Phishing, MITM (Man in the Middle), SQL (Structured Query Language) injection, malware, zero day exploits, supply chain attacks and Domain Name System (DNS) tunnelling are some of the most common cyber threats. Such attacks are impacting organisations world over. As per Reuters report, the recent supply chain attacks on SolarWinds have caused disruption to the state and local governments in the US.
Following are some measures that organisations can take to pre-empt such attacks –
1) Implement software defined perimeters to anonymise ever-expanding corporate networks (conceal the attack surface)
2) Proactively and opportunistically implement applications and code security reviews to identify old applications, and websites that have back door entries for SQL injections
3) Train and educate employees about phishing attacks and help them identify and deflect such attacks. This is important because if employees are vulnerable, even the strongest cybersecurity technologies or products will be suboptimal.
4) Implement a strong cyber risk quantification model/tools to identify and prioritise high risks.
5) Harden cybersecurity infrastructure through zero trust network architecture, strong identity and access management tools and SASE (Secure Access Service Edge) framework for secure remote working, ensure secure internet access for employees working from home and explore latest in application security like Pico segmentation, Runtime Application Self Protection, among others.
6) Strong cloud security services for cloud related workloads because security controls by cloud providers cannot ensure complete and optimal security
7) Invest in Artificial Intelligence (AI) & Machine Learning (ML) based cyber defences through security operations centre (SOC), and User and Entity Behaviour Analytics (UEBA)
While cybersecurity is now important, are organisations paying adequate attention to physical safety of its personnel and assets?
Absolutely, the ongoing pandemic has maximised attention on physical safety of employees and assets. Organisations are now working on integrating events/insights captured from video surveillance systems into their Security Information and Event Management (SIEM) tools. Many start-ups are pioneering enterprise video AI for investigations management, social distancing, facemask detection and vehicle license plate recognition. Applications include loss prevention in retail, safety and security for transportation, forensic investigation for law enforcement and protection for campuses.
How can organisations effectively counter the various threats ranging from perimeter security to workplace safety, theft and sabotage, etc., with effective use of technology?
First, organisations should undertake a complete risk (both cyber & physical) quantification program. This will create a comprehensive risk register along with risk classes with respect to corporate networks perimeters. Organisations must realise that VPN technologies may not be sufficient for comprehensive cyber threat protection. While the implementation and integration of two-factor authentication can help in significant risk reduction, it will not eliminate the possibilities of cyber threats or attacks completely. Organisations should focus on zero trust concepts like Device ID/fingerprinting, software defined networks, dynamic perimeter overlay and implement solutions like SASE that provide security for DNS, web gateways and firewalls integrated with Cloud Access Security Broker (CASB).
Also, to identify cyber-attackers lurking in the network, organisations can also consider ‘Honey pots’, which are basically traps laid out to detect and identify such attackers. For instance, organisations can deploy/integrate various important and critical documents in their networks like, important deal aspects – large Merger & Acquisition (M&A) among others to lure and trap cyber-attackers.
Talking specifically about process industries where the stakes are high, how adequate are the counter measures against such threats?
Today, every process plant has Industrial Control Systems (ICS) governing different levels of digital adoption in the organisation, varying from corporate servers to field devices. Safeguarding these ICS and SCADA (Supervisory Control and Data Acquisition) systems are of paramount importance as the health and safety of workers/employees are also dependent on them. Human errors continue to play a significant role in physical and cyber disasters. Along with this, an increased potential for remote attacks on ICS and SCADA systems have raised the stakes for cyber-attacks even further. While there are adequate measures to focus on process safety and cybersecurity individually, harnessing the overlap between these two is the key to build resilient cyber defences.
Current process safety management tools use hazard identification, control hazard and operability study, failure mode and effects analysis. The accelerated automation and digitalisation have reiterated the importance of cyber security along with increased focus on health and safety of officials and experts with intimate knowledge of processes. This results in the integration of cybersecurity with Hazard and Operability study (Hazop).
What could be the ideal approach for comprehensive safety solutions for a typical industrial plant?
Comprehensive safety solutions for typical industrial plant should have following elements
a. AI based video surveillance.
b. Security Operations Centre (SOC) with all device integration and comprehensive use cases.
c. Discovery, identification and control platform for all connected OT/IoT (Operational Technology/ Internet of Things) devices in the plant.
d. Implement micro-segmentation to clearly segregate IT infrastructure and IoT/OT infrastructure.
e. Recurrent and repeated training of employees on all hazards – physical and cyber.
Rajesh Dhuddu leads Blockchain & Cybersecurity practice for USD 5.2 billion IT giant, Tech Mahindra. He guides a team of 500+ highly accomplished Cybersecurity professionals empowering Global customers in EMEA, APJ & India to strengthen their enterprise wide Cybersecurity posture and build a highly resilient security organisation. He works closely with Global CISOs, advising them to leverage best practices both in technology and operations covering Cloud Security, Network Security, Advance Threat Management, Zero Trust, Offensive Security, Cyber-risk Quantification & SASE.