Security is all about Illusion!

PM Ramdas, Head - Cyber Security, Reliance Group
Headquartered in Navi Mumbai, Reliance Group is an Indian conglomerate which servers millions of customers across telecommunications, power, financial services, infrastructure, media and entertainment, healthcare, and many other sectors.

Gone are the days when wars took place amongst armies, battalions, and legions. Gone are the days when lives were lost in millions due to international conflicts. At present we are in a scenario where wars are not instrumented using guns and troops, but ‘PCs’.

The silent cyber wars of the 21st century are brewed inside homes, initiated by civilians and won by intellect, not instruments of destruction. This newly invented method using hacks through which victory is calculated has given birth to a fresh range of soldiers! And the only element you need is an internet connection and a pinch of patriotism.

As the world goes digital fast, its vulnerabilities also grow at a worrying pace, and this is the time when the device and data security takes the centre stage. With just a few million dollars and a phone number, one can snoop on any call or the text from the phone - no matter where you are or where the device is located. That’s the bold claim of Israel’s Ability Inc., which offers its set of bleeding - edge spy tools to governments across the globe. These cyber frauds, by nature, are complex and difficult to detect.

According to Indian Intelligence agencies recent reports, rivals, adversaries, and militants are targeting large corporates for financial gains as well as to defame them. These hackers use several undetectable tools to gain unlimited access to infected endpoints. Hence, these attacks will be stealth in nature and can’t be traced by any common man. Unless and until our society recognizes cyber bullying for what it is, the suffering of a thousand silent victims will continue. We need to bear in mind that these cyber bullies hide behind a mask of anonymity online and can cause ineffable harm to the victims without even having any direct physical access.

In the wake of many targeted attacks we have been witnessing, a lot needs to be done by us to win the cyber war. Hackers can get away with anything due to geographical shrinking. The internet was first used to convert and radicalise people online. Now it is used to spread cyber terrorism, which hurts the economy, affects businesses, disrupts services and facilitates extortion and blackmail. These attacks can only be recognized and detected with several tedious monitoring and deep root analysis involving complex tools and systems.

Further, we are aware that countries are deploying cyber warriors to attack vital organisations in other(enemy)

countries. Many countries have deployed cyber warriors by providing them with immunity from the consequences. The most vulnerable industries are banking, finance, energy, oil, electric power production, supply sector, nuclear power and of course defence.

Cyber-espionage has been the single greatest threat in recent years and this can be expected to continue frequently. Cyber-criminals will continue working to improve methods to attack organizations and companies, as well as making them more difficult to detect. Online crime, espionage, sabotage and subversion are never going to vanish nor is the temptation for governments to treat the internet as a new combat zone, alongside land, sea, air and space.

" While Managing Network Security Can Be A Complex, Resource-Intensive Task, It’s Crucial For Senior Management To Have An Accurate Picture Of The Organization’s Security Posture At All Times And The Ability To Act Quickly To Close Any Gaps"

Crime-fighting is a better analogy than warfare and a useful idea. Instead of saying, police need to get hold of criminals, why don’t we as common man help prevent crimes in the first place by taking sensible precautions. We have to fine-tune our protection mechanisms and develop robust contrivances to safeguard against such attacks. We need to spend resources to upgrade our technology. Security audit needs to be done regularly by a third/neutral party. An internal team can conduct an investigation to find the people behind such attacks (if any,) which will eventually strengthen our arms to safeguard our vital corporate data.

Security policy enforcement is one thing to have a security policy that defines how the IT platform behaves and another to actually validate that it is being enforced across your network. Doing the former but not the latter might allow you to comply with some regulations, but it won’t make your network safer.

Last but not least, while managing network security can be a complex, resource-intensive task, it’s crucial for senior management to have an accurate picture of the organization’s security posture at all times and the ability to act quickly to close any gaps. Organizations must constantly monitor their network for changes to configurations and ensure that these changes are approved and compliant with policy. It’s a collaborative effort across the enterprise—network operations, security operations, and the CIO.

Security policy enforcement is one thing to have a security policy that defines how the IT platform behaves and another to actually validate that it is being enforced across your network. Doing the former but not the latter might allow you to comply with some regulations, but it won’t make your network safer.

Last but not least, while managing network security can be a complex, resource-intensive task, it’s crucial for senior management to have an accurate picture of the organization’s security posture at all times and the ability to act quickly to close any gaps. Organizations must constantly monitor their network for changes to configurations and ensure that these changes are approved and compliant with policy. It’s a collaborative effort across the enterprise—network operations, security operations, and the CIO.