Cybersecurity and data protection have become increasingly vital in today’s digital landscape. As our reliance on technology continues to grow, the need to safeguard sensitive information and critical systems has never been more pressing. Rahul Monie, Fractional CTO/CISO at CTO Bridge, reinforces the critical role of certifications, automation, and informed decision-making in bolstering effective data protection and cybersecurity strategies. Certifications such as CISA or CISSP provide a framework, but practical application and understanding are paramount. Automation, particularly in threat detection and response through AI and machine learning, enhances operational efficiency and responsiveness.
However, Monie emphasizes that the linchpin remains informed decision-making by CIOs, CISOs, and CTOs. These leaders must collaboratively steer their organizations towards adopting the right certifications, leveraging automation intelligently, and continually evolving their strategies to meet emerging cybersecurity challenges. This holistic approach ensures a robust defense against evolving cyber threats while maintaining compliance and operational integrity.
TAM: There has been a rise in cyberattacks in recent times. What can we attribute the cause of this trend to?
Rahul Monie: There are two types of CISOs: those who truly understand cybersecurity and those who focus on compliance. First, there are CISOs who grasp the real essence of cybersecurity from the frontline. They understand the attack surface, the profile of actual threats, and the utility of cybersecurity software like SIEM, which handles endpoint detection and response. They navigate compliance requirements, such as DPDPA, PCI DSS, and GDPR, by tracking relevant metrics and figuring out effective strategies.
Then, there’s the theoretical approach. These CISOs focus on compliance certifications like CISA or CISSP. While these exams are challenging, they might be easier for those with practical experience. However, these certifications are more about compliance than understanding red team/blue team dynamics.
The field has split into these two factions. The hands-on CISOs often get overlooked because they lack certifications, despite their practical expertise. To meet audit requirements (SOC 1, SOC 2, GDPR, HIPAA), organizations hire compliance-focused CISOs. But to secure systems, they need the practical, ‘mechanic’ CISOs who know how to fix things hands-on.
A competent SOC analyst, who understands both the necessity of certain software and the potential of open-source solutions, can guide their team effectively. Many compliance-focused CISOs prefer branded software because they aren’t familiar with handling open-source alternatives. Several notable companies offer community editions of their products not out of goodwill, but because they’re using open-source code and are obligated to provide these versions under open-source licensing agreements.
The key point is that buying the best product doesn’t guarantee safety. It’s essential to know how to use it effectively. It’s like having a high-end phone but not knowing how to use its features. Similarly, in cybersecurity, understanding and analyzing your SOC team’s work is crucial. A CISO should not just follow processes but also have the experience to know when something is wrong, much like a CTO who can still understand code logic despite not writing it for years.
Certified, compliance-focused CISOs might excel in following procedures and raising awareness, but they often lack practical experience. They can specify what tools to buy but may not know how to use them effectively, leading to vulnerabilities.
TAM: What is the Impact that AI has had on Data Protection?
Rahul Monie: There are two distinct aspects to consider. When it comes to frontline cybersecurity, AI is incredibly effective when correctly configured.
Let’s consider a common attack on an exposed IP address. This could be a server, a firewall, or any other asset. The most frequent type of automated attack is a brute force attack. For example, when hackers have an email address, they can start attacking blindly. If they are targeting an organisation, they can use a bot to gather names from LinkedIn and start the attacks. It’s a mindless attack, typically categorized as a level three or four attack on a scale from zero to 15.
In a brute force attack, the system identifies the user: if the user doesn’t exist, there’s no need to proceed; if the user exists but the password is wrong, the system picks up the IP address, checks it against malware information security portals or databases like MISP, and if the IP address is flagged, it blocks it for a certain period, say half an hour. This process is automated.
Now, let’s shift to data protection. Anything coming into or going out of the organization needs to be monitored. For data protection, it’s crucial to classify data correctly—whether it’s sensitive, non-sensitive, sales data, production data, etc. Once this classification is in place, tracking data becomes easier. AI can help simplify this by automating processes that used to require manual rule-setting.
Previously, system admins had to write extensive code to manage these tasks, which wasn’t efficient as most system admins aren’t skilled coders. But now, AI can handle keywords and suspicious patterns more effectively. For instance, you can configure AI to stop and flag any suspicious activity, making the process much smoother compared to pre-AI times.
In a practical example, we set up a server on a free cloud with an outdated version of Apache to study attack patterns. Over 25 days, the server faced around 1,100 attacks daily, all automated. Changing the IP address didn’t help much as the same bots quickly resumed their attacks.
Without automation, the SOC team would struggle to cope with such volumes of attacks. Scrolling through thousands of alerts manually is impractical. AI, however, can streamline this process, making cybersecurity management more efficient and effective. AI is crucial for both frontline cybersecurity and data protection, providing automation and efficiency that manual processes can’t match.
TAM: In the context of the growing adoption of cloud services, what are the key considerations and best practices in the market for ensuring data protection and privacy in cloud environments?
Rahul Monie: If you’re on the cloud, one mistake you should not make is assuming that the cloud provider is fully protecting you. They do provide a basic level of protection, but you need to ensure your own configurations are secure. For example, if you have the wrong ports open, the provider can’t block those for you. It’s not their responsibility if you’re not following basic principles.
Understand that while the cloud provider offers basic security, you are ultimately responsible for the configuration, ensuring everything is behind a firewall, and that it’s on a secure network. These are the responsibilities of the CISO or CTO. Following these practices is straightforward and can dramatically reduce the chances of an attack.
TAM: How are industry standards and certifications evolving in response to new data protection challenges?
Rahul Monie: One has to realize that these are guidelines. They define the audit parameters within which one has to operate. You can choose to interpret them in various ways. For example, if the guideline states that a password should be 10 characters long and include a mix of different types of characters, and it needs to be changed every three months, following these guidelines exactly will help you achieve a base level of security.
However, you also need to consider your workforce. It’s a mixed scenario where people use their phones as part of ERP integration, sales integration, etc. Therefore, you should define a mobile policy, go the extra mile, buy phones that can handle your applications, and issue them to employees while locking them down completely. Don’t just say that ISO XYZ provides a basic mobile phone policy and follow that.
If someone loses their phone or it gets targetedly stolen in a large organization, a hacker could use it to infiltrate the whole system, causing significant damage. You might be ISO or SOC certified, but still, face issues. Guidelines and management are key. Guidelines will evolve, and they are evolving, including the newer versions of ISO 27000 and the ESG part. It’s essential to stay updated and adapt accordingly. A pertinent point I’d like to add is that decision makers – CIOs, CISOs, and CTOs – need to collectively decide on which certifications should be adopted in the organization.
