Friday, November 8, 2024
spot_img
More
    HomeBusiness InsightsBuilding a Cyber-Resilient Organization: Vivek Srivastava, Country Manager, India & SAARC, Fortinet

    Building a Cyber-Resilient Organization: Vivek Srivastava, Country Manager, India & SAARC, Fortinet

    In today’s increasingly complex and interconnected digital landscape, building a cyber-resilient organization is more critical than ever. In an interview with Tech Achieve Media, Vivek Srivastava, Country Manager for India & SAARC at Fortinet, emphasized the importance of adopting a proactive, comprehensive approach to cybersecurity. From leveraging cutting-edge solutions like Security Orchestration, Automation, and Response (SOAR) systems to fostering a culture of cybersecurity awareness, Srivastava highlighted the importance of safeguarding organizations against ever-evolving cyber threats. He also asserted on the significance of zero-trust implementation, ransomware preparedness, and staying ahead of emerging trends to fortify defenses and ensure long-term resilience.

    TAM: With cyber threats constantly evolving, how can businesses proactively identify and mitigate emerging vulnerabilities before they become full-blown attacks?

    Vivek Srivastava: Security teams are overloaded with too many tools to manage, too many alerts to investigate, and too many manual or repetitive processes—all of which slow down response times. This is where Security Orchestration, Automation, and Response (SOAR) systems come into play and acts as central control of your security operations.

    Automation via SOAR can detect the threat and send a command message to a switch blocking the port where the infected device is located, or to have the wireless access point block the channel that the device is on, so the infection cannot spread. That’s what a SOAR system can do by having two-way communication: receiving information and passing information to the devices to quickly limit the threats.

    SOAR is designed to be the central hub for threat management routine alerts are automatically handled and closed. Priority alerts are mapped to the MITRE ATT&CK framework and intelligently grouped into incidents for deeper investigation. Escalated incidents can activate a full war room that facilitates collaboration and includes detailed forensic logging. Recommended playbooks augment rich investigation features, suggest actions, and execute complete remediation steps. Centralizing and standardizing complete investigation and response workflows that leverage artificial intelligence (AI), the latest available threat intelligence, and a rich analyst toolset can make all the difference between attack deterrence and breach recovery.

    TAM: As cyberattacks increasingly target human vulnerabilities, what are the most effective strategies for fostering a culture of cybersecurity within organizations, beyond basic training programs?

    Vivek Srivastava: A skilled team of professionals and the right security technologies are vital aspects of protecting any enterprise. When equipped with the proper knowledge, employees can serve as a solid first line of defense against cybercrime. Considering that 81% of organizations faced attacks last year such as malware, phishing, and password attacks that directly targeted users, helping employees become more cyber aware is crucial.

    Also read: Fortinet to Train 1 Million People by 2026 to Address Cybersecurity Skills Shortage

    Every cybersecurity awareness training program should be unique and include content tailored to the business needs. Yet there are essential topics to cover in training to ensure every individual has the required cybersecurity knowledge regardless of their industry or organization.  

    Passwords: Using strong passwords is vital for protecting personal and financial information from cybercriminals. Training should cover tips on how to create passwords that are difficult to crack, as well as how and why to use a password manager.

    Multi-factor authentication (MFA): MFA offers individuals another layer of protection against cybercrime. If your security team has already deployed MFA, employees should understand why it’s effective and how to use it.

    Social engineering attacks, including phishing: Phishing is the top tactic bad actors use to infiltrate corporate networks and launch attacks involving ransomware and malware. All employees should understand how to recognize social engineering attempts and the steps to take if they are targeted by Phishing mails.

    Software updates: One of the easiest ways to reduce the risk of falling victim to cybercrime is to keep software and applications updated. Employees should know why it’s important to patch and update software’s.

    TAM: What are the critical components of a successful zero-trust implementation, and how can businesses balance security with operational efficiency in this framework?

    Vivek Srivastava: At a conceptual level, zero trust shifts the security mindset from an implied trusted model to an assumed breached state, where nothing is trusted without verifying. In more practical terms, zero trust refers to a security model in which users and devices are no longer automatically granted access based on their network location. Instead, zero trust focuses on evaluating trust on a per-transaction basis. The degrees of access can be granted to verified users and devices based on the contextual factors surrounding the request, and re-verification or re-evaluation of permissions occurs frequently.

    Because ZTNA is more of a strategy than a product, it includes several technologies working together. Multifactor authentication (MFA) identifies all users. On the physical side, ZTNA includes secure network access control (NAC), access policy enforcement, and integration with dynamic network segmentation to limit access to network resources. And on the cloud side, ZTNA supports micro-segmentation with traffic inspection for secure east-west communications between users, and always-on security for devices both on- and off-network.

    By combining physical and cloud-based ZTNA services, organizations can ensure secure access and the enforcement of policy, whether devices and users are on- or off-premises. A ZTNA solution must authenticate users everywhere, grant explicit access to specific applications, provide constant monitoring, and take countermeasures when something unexpected occurs in an established communication channel.

    TAM: How can businesses streamline their compliance efforts while still fortifying their defenses against sophisticated cyber threats?

    Vivek Srivastava: The incident reporting requirements mean that organizations need to establish and maintain robust detection, investigation, and response policies and processes. Additionally, organizations must Identify, prioritize, and assign risk ratings to essential business processes. Develop a common risk language for technical and business stakeholders, focused on business and service impact and implement cyber-awareness training for all personnel.

    In today’s digital world with more regulatory compliances to meet, it’s more important than ever to have a cybersecurity partner who can keep up with the latest threats and regulations. Fortinet’s comprehensive platform is the solution you need to navigate the complexities of compliance and ensure your organization stays resilient in the face of change.

    With Fortinet Security Fabric, you will have end-to-end visibility and control over your security posture through a single pane of glass. Fortinet’s Universal Zero Trust Network Access (ZTNA) seamlessly integrates security and networking, ensuring efficient and effective protection across users, devices, networks, and applications. By integrating FortiSIEM, you will benefit from predefined detection rules, reports, and dashboards, significantly enhancing incident detection and response capabilities while reducing the operational costs associated with compliance.

    TAM: How should businesses prepare for and respond to ransomware attacks, and what are some best practices for ensuring swift recovery without succumbing to the attackers’ demands?

    Vivek Srivastava: One of the best ways to protect against ransomware is to focus on endpoint detection and response (EDR). Most ransomware deployment tactics are based on phishing or vulnerable endpoints. That said, endpoint security technology incorporated with artificial intelligence (AI) and machine learning (ML) technologies can help you identify and block ransomware attacks before they can do any damage since most of these attacks are based on polymorphic malware. SOC-as-a-service (Security Operations Centers as a Service) can also be helpful in alerting and responding against ransomware attacks by detecting deeper lateral movement of ransomware that attempt to collect intelligence and attack other high-value targets.  In addition training users to be on the lookout for phishing emails and raising awareness can exponentially increase your defensive posture to mitigate attacks. 

    A good ransomware protection is to have a robust data backup strategy that includes storing the backup data at different physical location. In case of a ransomware attack you can quickly access the backup, restore data and ensure swift recovery. Gather as much information on the source and nature of the ransomware attack to patch the system for future protection. Learning how the ransomware was able to access the network will expose the holes hackers were able to exploit. Reporting details to law enforcement will also aid in tracking down threat actors to prevent repeat attacks.

    TAM: Going forward, what are some of the trends that are expected to transform the field of cybersecurity, and how can businesses stay ahead of the curve?

    Vivek Srivastava: Three main drivers are responsible for the recent change in cybersecurity: the explosion in data volumes, the increased speed of innovation, and the growth of the interconnectivity of digital applications and ecosystems.

    Data management is important because of the volume of data that needs to be handled. There is much more data today because there are so many more connections—not just among people but with machines and devices. Reaction speed is another variable that has driven change because it is usually triggered by external factors. How quickly an organization reacts to a cyberattack will determine its success now and in the future.

    As a result of interconnectivity, a cyberattack can now have a huge impact on an organization’s entire ecosystem, including the final customer. The chain of events could be dictated by changes in regulations, geopolitical situations, and cyber warfare. From an operational view, many organizations are now outsourcing applications, so more departments are using software in the cloud. The question is, “How well protected is that software?” Within the cybersecurity industry, this is known as the supply chain problem. 

    A holistic and proactive approach to cybersecurity is essential to keeping ahead of today’s ever-evolving threat landscape. Create a comprehensive incident response plan and related playbooks that outline the steps to take in the event of a cybersecurity incident. Perform regular security audits and risk assessments to identify vulnerabilities and weaknesses in your organization’s infrastructure. This proactive approach helps in addressing potential issues before they can be exploited by threat actors.

    RELATED ARTICLES

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    Most Popular

    spot_img
    spot_img