Human error and implementation gaps can open backdoors to cyberattackers. What can CISOs and CIOs do to plug cyber gaps?

Despite increased investments in cybersecurity around the world since the pandemic-driven surge in data theft, financial fraud and industrial espionage activities, hackers still manage to compromise corporate data and systems with ease.

Human error and corporate mindsets around cybersecurity hygiene have surfaced as a major loophole and backdoor by which hackers can circumvent or outwit even the most sophisticated cybersecurity software and hardware in targeted organizations and their supply chain.

In a brief discussion with the CEO of Prophaze, an enterprise cybersecurity firm in India, CybersecAsia explored some aspects of the global cybersecurity situation, and what can be done to plug the persistent cyber vulnerabilities.

CybersecAsia: How are security teams keeping up with the latest attacks and protection measures?

Vaisakh TR, CEO, Prophaze

Vaisakh T R (Vaisakh): When it comes to security, we have to stick to the basic principle: always keep the OS updated, use the right software/firmware patches/hotfixes, etc.

Security must be managed, from the endpoint to the server side (from the antivirus software to the router firmware). Everything has to adhere to standards in accordance with security guidelines.

Firms should be highly diligent in choosing software, and need to make sure that they are in line with whatever set of services/application that have to be exposed to the outside. For the network firewall, it is something which blocks attacks at the network level, i.e., Layer 3. These days more web applications (Layer 7) are exposed to the outside compared to applications listening on different layers.

As the attack perimeter is now changed, organizations need an intelligence that can detect and block the good actors and bad actors within the gateway. This also applies to malicious bots that can access the apps and perform automated attacks on different levels.

Intelligent web application firewalls (WAF) can be a powerful tool in guarding the enhanced attack perimeter.

CybersecAsia: What should be the considerations when it comes to choosing WAF?

WAF selection criteria:

  1. Deployment type
  2. Positive, Negative or Hybrid Security model
  3. Application profile (Java, .Net, etc.)
  4. Scalability (microservice compatibility)
  5. Flexibility (for adding custom rules)
  6. Support from OEM
  7. Induced latency
  8. Total Requests per second for an average size of request and the hardware specification
  9. Licensing type
  10. Compliance standards

The term WAF has been widely used for a decade, but the world needs to shift more towards the Runtime Application Self Protection (RASP) paradigm.

RASP technology differs from perimeter-based protections such as firewalls, and can improve the security of software by monitoring its inputs, and blocking those that could allow attacks, while protecting the runtime environment from unwanted changes and tampering.

RASP can close the gap left by application security testing and network perimeter controls, neither of which have enough insight into real-time data and event flows to either prevent vulnerabilities slipping through the review process or block new threats that were unforeseen during development.

CybersecAsia: What are the new-age demands of CIOs/CISOs from technology vendors? Is 2022 going to see even more demands from them for failsafe protection?

Vaisakh: From a technologic vendor standpoint, I feel that CIOs/CISOs demands are more of looking at a solution than buying a product. Of course, if a set of products can solve their problem, they are still open to buy the same.

Well, this is the most challenging time for CISOs not only in India but across the globe. These senior executives are more like Superman in the industry with more responsibility.

As a part of our internal threat research, we see a lot of attack vectors on an hourly basis. The recent Log4J vulnerability is having a huge impact on InfoSec industry. What we can say is that the margin for error is very minimal. CISOs need to conduct periodical Vulnerability Assessment and Penetration Testing activities in the application and infrastructure, impose good threat notification systems, choose the right set of products at various levels, and ensure the readiness of a good support and proactive threat response team.