Navigating Cybersecurity's New Frontiers: Building Resilient Defence Strategies Against Advanced Threats
MMC Ports’ Gaurav Sharma discusses the increasing sophistication of cyber threats and resilient defence techniques.
In the dynamic realm of cybersecurity, where threats evolve at an unprecedented pace, staying ahead is not just an advantage—it's a necessity.
Corinium’s Eleen Meleng recently sat down with Gaurav Sharma, the Group CIO at MMC Ports to explore the intricate landscape of digital defence in Malaysia. This interview unveils the nuances of advanced persistent threats (APTs), ransomware challenges, social engineering tactics, and the integration of operational technologies.
Shifting Landscape of Advanced Persistent Threats
Sharma shares that it is known among cybersecurity or information security community that most talked about cyber threats are ransomware, sophisticated financially driven threat actors, IoT-based threats, insider threats, fileless malware, zero-day exploits, and many more advanced persistent threats (APTs), however, politically motivated hacktivism has been a visible trend since Q2 2023.
The goals of these threat actors are not financial gain but rather exposing the weaknesses of target states or organisations in order to publicly disgrace them. Taking on these actors is more difficult because of their motivations.
Sharma adds that there is a rising awareness that APTs are using software supply chain attacks to target organisations more frequently. APTs take advantage of flaws in components or software upgrades that reliable vendors supply. With their attacks concentrated on the source provider, these APTs can successfully target a large number of downstream organisations. This approach makes countering such attacks more challenging and impactful.
Building Cyber Resilience Against Ransomware Threats
“There is no single silver bullet to protect from ransomware,” Sharma says. “It's crucial to stress that a comprehensive defence strategy against ransomware involves a multi-layered approach.”
Sharma emphasises the implementation of a layered security framework encompassing the five critical functions – Identify, Detect, Protect, Respond, and Recover – are paramount across an organisation's IT landscape.
Sharma asserts that cyber resilience should take precedence over cyber protection alone.
"Think of it like this: pretend there's a ransomware attack on your company. To handle it well, your IT team needs to practice and have a clear plan to get the business back on track," he says.
"This readiness involves developing muscle memory within the IT team and formulating a robust action plan for business recovery post-attack.
"Through this proactive stance, conducting a SWOT analysis, identifying strengths, weaknesses, opportunities and threats, becomes instrumental. Recognising weaknesses enables organisations to proactively address and fortify these areas, enhancing their overall resilience against potential threats like ransomware.”
A Comprehensive Approach to Mitigate Social Engineering Risks
Sharma divides measures against Social Engineering into four main parts:
- Technical Controls: Organization should use technology whenever possible. For instance, employ email filters, endpoint protection, multi-factor authentication. Automation can also help identify vulnerable targets and provide tailored training. In the same way, securely disposing of confidential documents and managing IT hardware waste with security-grade shredders can be considered.
- Administrative Controls: Organization should design policies and processes to spot and counter social engineering attacks. Verify information through dual methods before action, involving different people in validation process. Clearly communicating cybersecurity protocols for handling sensitive data, remote network access, and spotting suspicious emails comes under this section.
- Awareness Training: Organization should develop a gradual Security Awareness Program to train employees and build their reflexes against attacks. We should regularly assess and refine training content based on feedback and job roles. Use of phishing simulations to improve employee responses to social engineering attempts.
- Encouraging Reporting and Recognition: Foster an environment where employees can report security concerns without fear. Encourage open communication and ensure that employees are recognized and rewarded for exhibiting good security practices.
Building Cybersecurity Strategic Foundations
According to Sharma, developing a plan for an organisation's cyber security should be done in a methodical and disciplined way, starting from within and working externally rather than being solely motivated by the newest trends in the market.
It's a good idea to start by adhering to an agreed worldwide cyber security architecture. It will help to discuss your cyber security plan from a variety of angles. It is very beneficial to do a thorough Cyber Security Maturity Assessment (CSMA), which evaluates the organisation's people, process, and technology readiness. It can assist in establishing the cyber security strategy, moving from potential short-term victories to medium-term cyber objectives (two to three years out).
Balancing OT Integration with Cybersecurity Imperatives
As stated by Sharma, there is a growing trend of integration between operational technology (OT) and information technology (IT), leading to the transfer of data between the two.
“We should treat Operational Technology (OT) as any other digital assets. We should do Cyber Security risk assessment of the OT environment, architecture, and third parties involved—especially if it is an off-the-shelf product from another vendor,” he says.
Sharma adds that we must ensure cybersecurity considerations are integrated into every phase of the product life cycle by implementing the security by design principle, developing in a secure environment, and continuously monitoring and patching in the production environment.
“Principles such as Zero Trust Architecture design, well-managed access control, encryption, and data protection should be considered. Incorporate these new digital assets into the Incident Response plan and ensure compliance with the organization’s regulatory requirements,” he says.
According to Sharma, cybersecurity should not be an afterthought but rather a fundamental component of any system from the beginning. Organisations should assess their cybersecurity needs concurrently with their plans for new operations, goods, or cutting-edge technologies, and record those needs throughout the business requirement phase. Innovative solutions naturally become more balanced when business and cybersecurity needs are integrated from the beginning.
Gaurav Sharma will be speaking at CISO Malaysia 2024. Check out the agenda and register to attend by clicking this link!
