Since the very outbreak of COVID-19, instances of cyber attacks on information infrastructure have drastically increased. Organizations take special care in securing their information infrastructure. In an interaction with Digital Edge, Kartik Shahani, Country Manager, Tenable India, talks about addressing the emerging security market in the country.
Do you think cybercriminals have intensified their attacks on IT infrastructure including datacentres of enterprises & organizations during the COVID-19 pandemic? What are the reasons behind the surge in cyber-attacks?
There’s no rest for the wicked when it comes to cybersecurity. Cybercriminals will always test the resilience of any organization’s IT and operational technology (OT) systems. The pandemic only brought to light how opportunistic these threats can be, especially as more organizations are digitally dependent than ever. We’ve seen threats rampant across three areas – remote-work model, supply chains and operational technology (OT) networks.
The shift to a remote-work model has accelerated cloud adoption – and at the heart of these initiatives is active directory (AD). Single sign-on solutions are grounded in AD.
As we’ve seen with the flurry of hacks, ranging from the sophisticated SolarWinds compromise down to typical ransomware attacks, attackers go after the active directory infrastructure first and foremost to gain lateral movement. Understanding account access to systems, and how those cascade across compute environments, is strategic and important to vulnerability management and systems hygiene and is increasingly imperative to managing risk holistically, especially in complex cloud and hybrid environments.
There’s a risk of cybercriminals trying to exploit the health crisis by targeting individuals and organizations to infect networks, steal data, and even take critical systems offline. India is reliant on essential services now more than ever – everything from ensuring Indians have access to food and water to reliable telecommunications, and so much more.
As such, any failure or interruption could impact this ability to operate which is why it is imperative to have a cyber-resilient supply chain to keep critical infrastructure secure and operational. IT and OT Convergence: As more organizations interconnect their OT and IT networks to create greater efficiency and efficacy, they also expand the cyberattack surface, enabling bad actors to easily move between the digital and physical worlds.
Lateral attacks that gain a foothold in IT and spread to OT networks have been well-documented. What is less known is that bad actors can target OT environments as a path of least resistance to IT infrastructures. For example, a compromised industrial control system can be leveraged to gain access to customer databases residing on the corporate IT network.
Identifying weaknesses within OT environments is critical to understanding risk. Security teams overseeing IT and OT networks must prioritise vulnerabilities that pose the greatest risk and remediate them by patching or by other mitigation measures — such as changes to firewall rules.
What new threats have emerged during this pandemic?
What we have known to be the traditional definition of a vulnerability has changed – it’s no longer only a flaw in a code that can be an entry point for an attack. The meaning of vulnerability also means misconfigurations in active directory and cloud services, which often provide a primary attack path for ransomware actors. Recent high profile cyberattacks on a water treatment plant, a meat processor and an oil pipeline tell us that bad actors have their sights squarely on critical infrastructure.
Much like every other industry, critical infrastructure has recently undergone rapid digital transformation. That means the technology that powers food and agriculture, manufacturing, refineries and utilities is now connected to the internet. This also means the same bad actors that are going after our computers, phones and tablets now have a way of reaching these mission and safety-critical environments.
How serious are the attacks waged by nation-states on their rival countries’ IT infrastructure including critical infrastructure?
Whether a cyberattack is funded and initiated by an individual, a rogue group or a nation-state, the majority of breaches and attacks today are a result of known but unpatched vulnerabilities. Finding or acquiring zero-day vulnerabilities is a costly endeavour, so leveraging unpatched flaws with publicly available exploit code gets bad actors to their end goal in the fastest and cheapest way possible.
Organizations, therefore, need to practice cyber hygiene to identify and patch vulnerabilities favoured by criminals. They should block malicious sites and IP addresses, enforce multi-factor authentication, implement security awareness training and use encryption.
How assured is the service support to enterprise customers around your network security solutions?
Our customers are central to everything we do at Tenable. We’ve, therefore, thoughtful procedures that enable us to respond to emergencies and maintain high business standards. These steps ensure we are adequately prepared to serve our customers without disruption during these trying times. For example, security teams need to ensure that personal devices of remote employees are not introducing new vulnerabilities when connected to the corporate network. This can be a challenge to navigate without physical access to the actual device.
Nessus Agents enable local scan policies on devices that are not dependent on a connection to the office network. Outside of a work-from-home arrangement, Nessus Agents can gather vulnerability information on hosts that have frequently changing credentials and assets that have been hardened to prevent external login.
Another challenge security teams face is securing the AD. The shift to cloud and work-from-home arrangements are only exacerbating the complexity of identity and permissions management. Tenable.ad takes a risk-based, proactive approach to enable users to find and fix existing weaknesses. It detects ongoing attacks in real-time without the need to deploy agents or leverage privileged accounts. Tenable.ad prevents privilege escalation.
Qaisar
