Safeguarding Your Digital World with Expert Strategies

In today’s interconnected digital landscape, safeguarding your digital world requires expert strategies that encompass both proactive measures and swift responses to emerging threats. From securing personal data against cyberattacks to fortifying online identities, the arsenal of protective measures extends far beyond mere antivirus software. Expert strategies involve cultivating digital literacy, implementing robust encryption protocols, and staying abreast of evolving cyber threats through continuous education and vigilance. By prioritizing comprehensive security measures and enlisting the expertise of professionals, individuals and organizations alike can navigate the digital realm with confidence and resilience, ensuring the integrity and safety of their digital assets.

Discussing the same, we have erudite notions from Anshuman Sharma, Director – VTRAC, Cybersecurity Consulting Services, Verizon Business; Maj Vineet Kumar, Global president and Co-Founder, CyberPeace; Himanshu Kumar Gupta, Senior Director – Government, Sales and Channels at Trend Micro, India & SAARC; Pinkesh Kotecha, MD and Chairman, Ishan Technologies; Mukund Wangikar, Vice President Engineering, InfoVision; Vivek Srivastava, Country Manager, India & SAARC, Fortinet; Roopali Mehra, Governing Council Member, GCA; Kumar Ritesh, Founder & CEO, CYFIRMA; Sumit Srivastava,Solutions Engineering Director, CyberArk India; Vijay Kanal, National Lead – Security Practice, Crayon Software Experts

AI in Cybersecurity: Battling Digital Threats

Anshuman Sharma says, cyber threat landscape is changing at a rapid pace and is becoming more dangerous, and AI plays a big role in it, specifically, amplification and automation of cyber-attacks, automate malware creation, intrusion detection evasion, etc.

On the defensive side, AI is being used to automate repetitive tasks such as data collection, analysis and mapping of the attack surfaces for better decision making by providing the context for better responses (both automated and manual). By analysing large datasets, AI using machine learning algorithms is able to forecast attack patterns and identify emerging threats, allowing organizations to implement proactive countermeasures. AI is vastly being used for behavioural analysis and taking automated actions leveraging the large language models. One of such usage is the entity behaviour analysis (UEBA), which can detect threats continuously and in real time.

AI is creating greater inroads for threat management. Right from collection of threat intelligence from numerous sources (performing the de-duplication) and managing thousands of daily alerts from various internal and external systems, AI is helping in identification and correlation of the threats and providing actionable information to the analysts, helping them to focus on mitigation and strengthening defences. Logs are the biggest source in detection of suspicious behaviour. AI is helping in managing the big data lakes, including network telemetry logs to provide insights to the analyst to implement better use cases for detection and automated response.

According to Maj Vineet Kumar, AI-powered cybersecurity is being utilised to counter the sophisticated or growing cyber threats in the digital landscape. The key components of the use of AI in cybersecurity include threat monitoring, behavioural analysis, vulnerability management, fraud detection and more. AI is capable of analysing large amounts of data quickly. AI is also capable of identifying suspicious user behaviour, detecting unusual patterns, and even blocking suspicious activity or taking swift action on security management. AI leverages machine learning (ML) methods to adapt itself to different user behaviours, identify anomalies, and flag or manage vulnerabilities. The utilisation of AI technologies helps organisations in meeting their security needs. AI detects system weaknesses in real time and assists organisations in fixing them before hackers can take advantage of any potential vulnerabilities. In this way, advanced AI technologies have been proven to enhance the ability to detect, prevent, and mitigate cyber threats at the pace and scale at which they are growing. The use of AI by law enforcement agencies can effectively assist in detecting and preventing crimes, including cyber crimes related to darknet and cryptocurrency. Recently, the administration of the Indian city of Surat launched an AI-based WhatsApp chatbot called ‘Surat Police Cyber Mitra Chatbot’ to tackle the rise of cybercrime in the region. The potential use of AI-powered cyber security will likely prove to be a game-changer in the evolution of the global cybersecurity ecosystem.

“AI technologies play a pivotal role in the ongoing battle against cyber threats in the digital realm offering unparalleled capabilities in threat detection. The technology, not only enables us to identify and respond to cyberattacks with unprecedented speed and accuracy, but also helps in identifying subtle indicators of compromise that might go unnoticed by traditional methods. At Trend Micro, we’ve been leveraging AI/ML since 2005, developing an integrated cybersecurity platform, Trend Vision One, which empowers organizations to manage security holistically thus, leading to real time, zero-hour detection of new and emerging threats, reduced need for timely updates and protection against the broad range of threats including spam, ransomware, exploits, and targeted attacks”, said Himanshu Kumar Gupta.

Pinkesh Kotecha remarks, AI technologies play a crucial role in combating cyber threats by enhancing threat detection, response, and prevention capabilities in the digital realm. Through machine learning algorithms and predictive analytics, AI can analyze vast amounts of data to identify patterns indicative of malicious activities, enabling early detection of cyber threats. Additionally, AI-powered cybersecurity tools, such as endpoint detection and response (EDR) systems and security information and event management (SIEM) platforms, can autonomously identify and mitigate security breaches in real-time. Moreover, AI-driven threat intelligence platforms enable organizations to proactively anticipate and defend against emerging cyber threats, thereby strengthening their overall cybersecurity posture. By leveraging AI technologies, organizations can effectively adapt to the evolving threat landscape and mitigate the risks associated with cyber-attacks.

In the continuous effort to counter cyber threats, AI technologies play a critical role in revolutionizing cybersecurity. AI excels in advanced threat detection, leveraging machine learning algorithms to swiftly identify anomalies and suspicious activities like malware infections or unauthorized access attempts. Predictive analytics powered by AI enable proactive measures based on historical data and ongoing trends, mitigating risks before they escalate. Behavioural biometrics solutions monitor user interactions to detect deviations indicative of fraudulent activities, while automated incident response processes minimize response times and mitigate the impact of attacks. Adaptive access controls dynamically adjust permissions based on user behaviour, reducing the risk of unauthorized access. Additionally, AI utilizes natural language processing to extract insights from unstructured data sources, enhancing threat intelligence capabilities, and deep learning models enhance malware detection accuracy. AI-powered threat hunting platforms augment human analysts’ capabilities by correlating diverse data sources, facilitating proactive threat detection and response, as observed by Himanshu Kumar Gupta.

“AI and the growing use of cybersecurity mesh architectures provides the opportunity to turn the scale and complexity of protecting a digital environment into a potential advantage. Sensors linked in a common architecture allow network operators and defenders to generate data in real time, and increasingly powerful AI and ML can make use of this data and reduce the response time from hours to seconds.

Malicious cyber actors seldom succeed the first time they attack a target but rely on their failed attacks being missed in the deluge of alerts flooding into an enterprise security operations centre. AI helps spot anomalous activity, determine which anomalies are attacks, generate a real-time response to block the attack and inoculate the rest of the organization’s digital assets against further attacks. Remember, AI and ML are fuelled by data and the more data they have to train on and work with, the more effective they are.

Fortinet has been at the forefront of AI development for over a decade, designing, training, and implementing advanced AI systems using a full range of machine learning and deep learning technologies to meet the challenges of a constantly evolving threat landscape. We have integrated AI from the billion-plus node Artificial Neural Network we use for malware detection to the Tensor Flow engine we use for alert validation to power over 40 of our solutions across our extensive security and networking portfolio. And we’re building on this long legacy with a new GenAI assistant. In its first implementation Fortinet brings Generative AI to help SecOps teams make better-informed decisions, respond to threats faster and more comprehensively, and simplify even the most complex tasks”, reveals Vivek Srivastava.

According to Roopali Mehra, “AI technologies are increasingly deployed to bolster cybersecurity efforts, enabling rapid threat detection and response. Machine learning algorithms analyze vast amounts of data to identify patterns indicative of potential threats, enhancing proactive defense mechanisms.”

Kumar Ritesh stated, AI monitors and identifies threats or anomalies from the vast data available to block potential attacks. Additionally, AI tech can analyse user behaviour and network activity to identify malicious behaviour, unauthorised access attempts or any other potential security threats.

In response to potential security threats, AI-powered systems can be used to automatically shut down the suspicious activity, isolate infected devices and take other actions to limit the damage and contain the threat.

For example, companies like CYFIRMA use AI to help organisations identify and rank vulnerabilities in their systems and networks. By analysing data from various sources, AI can assess the risk posed by different vulnerabilities and address them.

AI technologies can also perform analysis on vast amounts of data from threat intelligence, to detect new threats and trends in advance. By monitoring the digital landscape for new threats and vulnerabilities, AI systems can help organisations stay ahead of cybercriminals and protect their systems and data.

Sumit Srivastava asserted, Artificial Intelligence has revolutionised the fight against cyber threats in the digital world by offering detection, prevention, and response capabilities. This allows organisations to instantly analyse large amounts of data to identify patterns that indicate a threat. Machine learning algorithms can help identify network attacks at an early stage by detecting anomalies in network connections, user behavior, and physical activity. AI-powered systems can analyse historical data and ongoing events to predict potential threats, allowing organisations to implement security measures and mitigate risks before they occur.

In addition, AI analyses the characteristics of information, behavior, and rules regarding threats and zero-day threats, allowing organisations to better identify and remove malware from their networks. Artificial Intelligence also increases the speed and mitigation of cyberattacks by facilitating automated responses to the detected threats. Automated responses may include isolating connections, blocking malicious networks, or patching vulnerabilities to prevent further attacks.

AI-powered natural language processing (NLP) technology allows security analysts to gain insight from data sheets without causing problems. Sources such as security reports and the dark web are used to identify potential threats and incidents. Adversarial machine learning techniques are being developed to improve the ability of AI-based security solutions to prevent terrorist hijacking attempts. Overall, AI technology has become an essential tool in the arsenal of cybersecurity professionals, allowing them to stay ahead of changing cyber threats and effectively protect digital assets.

Vijay Kanal affirms, AI technologies play a pivotal role in combating cyber threats, with 88% of cybersecurity experts recognizing their essentiality for efficient security tasks. These systems analyze data, detect anomalies, and swiftly adapt to new threats, enhancing threat detection and response accuracy. Moreover, AI automates routine security tasks, empowering professionals to tackle complex challenges effectively.

Emerging IoT Cybersecurity Challenges

Vijay Kanal adduced, the proliferation of IoT devices poses myriad challenges for cybersecurity professionals. These devices often lack robust security measures, rendering them susceptible to exploitation by cybercriminals. The sheer volume and diversity of IoT devices complicate security efforts, as each one represents a potential entry point for attackers.

Additionally, the interconnected nature of IoT ecosystems expands the attack surface, necessitating comprehensive security strategies. The 2023 “Nokia Threat Intelligence Report” revealed a sharp rise in IoT bots engaged in botnet-driven DDoS attacks, underlining the urgency to address vulnerabilities and external threats effectively.

In August 2022, the number of connected “things” (mobile devices) exceeded the number of connected “people” for the first time in China. Smart cities, the automobile industry, healthcare, and other sectors have all seen revolutionary changes because of the Internet of Things. With billions of connected devices now managing critical operations (including IIoT), the need for robust cybersecurity measures has never been more critical. New security threats and problems arise as the IoT ecosystem grows, necessitating a thorough understanding and practical solutions. Anshuman Sharma bolded the the following challenges:
● IoT Security: Since the number of IoT devices has outnumbered humans, the threat landscape has become large. Combine the number of IoT devices with the multiple vulnerabilities, including insecure default settings, and lack of security updates, threat actors exploit these vulnerabilities to gain unauthorised access to sensitive data or cause disruption. Today IoT devices communicate not only with each other but also cloud services, using numerous protocols, specifically when it comes to IIoT. This all makes the environment quite complex and difficult to identify all possible entry points to the infrastructure components.
● Privacy and Data Protection: IoT devices collects and process a huge account of data, which may contain personal data such as location, behaviour, PII data, etc. causing privacy concerns. The privacy concerns trigger the requirements of data collection, consent, onward transfer, and security (weak encryption and insecure storage).
● Edge Computing and IoT leveraging AI: Edge computing is all about computing and processing near the source of the data; this has an advantage of reduced latency. Combing the power of AI adds more functionality to the IoT devices for better decision making at the edge (faster response). But this introduces newer security challenges as the IoT processing power is not huge to implement the necessary security controls and measures, and, therefore, further exposes the IoT device to cyber-threats.
● DDoS Attacks: Distributed Denial of Service (DDoS) attacks exploit vulnerabilities in IoT devices, causing extensive disruption. For instance, the Mirai botnet compromised millions of IoT devices (exploiting the default credentials) and used the compromised devices to launch DDoS attacks on other infrastructure components.
● Insecure Communication: Insecure communication channels pose significant risks for IoT devices, specifically due to the low processing power, most IoT devices either don’t use any encryption or have weak encryption. Threat actors may intercept the insecure data and manipulate it before being transmitted between IoT devices and the backend network causing unauthorized changes or disruption.
● Interoperability or Lack of Standardisation: Most of the IoT devices are not compatible with each other as not all use open-source resources. The manufacturers find it difficult to develop applications that support IoT devices in different countries (due to regulation) and cross IoT devices and platforms. IoT devices may not be able to securely communicate with one another in the absence of widely established standards and protocols, making them susceptible to cyberthreats.
● Data Management: A key component of the Internet of Things is data management (IoT). Large amounts of data are produced by IoT systems, which makes collection, processing, and analyzing this data in real time extremely difficult.

According to Pinkesh Kotecha, as the Internet of Things (IoT) continues to proliferate, cybersecurity professionals are confronted with the increased attack surface, which provides cybercriminals with numerous potential entry points for malicious activities. Moreover, many IoT devices have limited processing capabilities, posing challenges in installing essential security measures such as firewalls and antivirus software. Additionally, the lack of standardization in IoT devices complicates the implementation of consistent security measures across different platforms. Privacy concerns arise due to the sensitive data collected and transmitted by IoT devices, making them vulnerable to unauthorized access. Inadequate security features in many IoT devices render them easy targets for cyberattacks, while user awareness of associated security risks remains insufficient. Profiling IoT devices accurately for effective security strategies is difficult, as is managing the increased connectivity and automation of these devices, which can lead to unintended consequences and potential security risks if not properly addressed.

Mukund Wangikar articulated, as IoT devices permeate various aspects of our lives, from smart homes to industrial environments, the complexity and scale of security threats have grown exponentially. This expansion of IoT ecosystems presents cybersecurity professionals with a multitude of challenges as they strive to safeguard interconnected networks and data. The proliferation of attack surfaces stemming from the increasing number of IoT devices amplifies the difficulty of comprehensive security management and monitoring. Moreover, fragmentation and interoperability issues within the diverse IoT ecosystem add complexity, necessitating efforts to navigate compatibility and security standardization. Resource constraints and limited security capabilities of many IoT devices leave them vulnerable to exploitation, raising concerns about data privacy and regulatory compliance. Additionally, the lack of visibility and control over autonomous IoT devices poses challenges for traditional cybersecurity tools, exacerbating blind spots and defense mechanism gaps. Supply chain risks, vulnerabilities in legacy systems, and the emergence of IoT-specific threats further compound the cybersecurity domain, demanding proactive measures to safeguard against specialized attacks targeting IoT devices.

“The proliferation of IoT devices introduces diverse entry points for cyberattacks, amplifying the complexity of cybersecurity landscapes. Security professionals grapple with ensuring the integrity and confidentiality of data transmitted across interconnected IoT ecosystems, alongside managing device vulnerabilities, and ensuring compliance with evolving regulatory standards”, said Roopali Mehra.

Vivek Srivastava says from a security perspective, IoT and IIoT devices present a number of risks. One problem is that most of these devices were not designed with security in mind. Many of them are headless, which means they do not have a traditional operating system or even the memory or processing power required to include security or install a security client. In addition, an alarming number of devices have passwords hard-coded into their firmware.

The result is that many IoT devices cannot be patched or updated. And even when security can be installed on the device, the underlying installed software is often cobbled together from commonly available code or is untested, which means that most installed security tools can be circumvented by exploiting a wide range of known vulnerabilities. Additionally, most IIoT and IoT devices have limited or no configurability. And when devices are compromised, most IT organizations admit they are unlikely to be able to detect the event before it impacts systems and data.

IoT and IIoT devices are a vital part of most businesses and they are here to stay. It is important to view IIoT as part of your broader security environment rather than as isolated units. A Network Access Control will provide accurate information on what is connecting to the network and verification of each device’s security posture before allowing it to connect. Because of the minimal intelligence and security functions included in most IIoT devices, an Intrusion Protection System upstream of these devices should be used to detect attacks on known exploits and to provide “virtual patching” of devices that cannot have software updates applied. Security monitoring and management must be done through a single console. Enterprises must be able to see all devices, assess risk levels, segment traffic, and assign policies across the entire network in real-time. This should include both production and IT networks in order to reduce the risk of attacks on IT resources propagating into the production network, and vice-versa.

Sumit Srivastava noted that the proliferation of the Internet of Things (IoT) presents many issues for cybersecurity experts. A major problem is that the wide variety of IoT devices available — from industrial gear to residential appliances — all have different vulnerabilities. These gadgets are vulnerable to cyberattacks because they frequently lack strong security mechanisms. The quantity and diversity of IoT devices further add to the ecosystem’s complexity, making it challenging to defend every single one. Additionally, because IoT ecosystem devices use various communication protocols and standards, interoperability issues arise, making it challenging to implement consistent security measures throughout the network.

IoT ecosystem heterogeneity presents compatibility and interoperability issues as well. Because different firms produce different types of devices and use different communication protocols, it becomes difficult to provide consistent security throughout the whole Internet of Things. Cybercriminals might use these vulnerabilities caused by the lack of standardisation to get into networks and steal confidential information. Furthermore, the difficulty of handling and safeguarding the enormous volume of data created and sent across networks is made worse by the widespread use of IoT devices. To avoid unwanted access or data breaches, cybersecurity experts must ensure that the data gathered by IoT devices is protected throughout its lifespan.

The adoption of IoT devices in settings with less monitoring carries considerable hazards in addition to data security issues. CyberArk’s Endpoint Privilege Security efficiently manages privileged account credentials and access rights, proactively monitors and controls privileged account activity, intelligently identifies suspicious activity, and quickly responds to threats. The solution protects a wide range of IT assets, including loosely connected devices that are often off-network and beyond the control of corporate IT and security personnel.

“Against the backdrop of rapid technological advancement, the Internet of Things (IoT) quickly emerged as a particularly transformative force. IoT devices improve functionality and quality of life for users on a daily basis and are quickly reshaping the world as we know IoT devices are used in smart homes, the healthcare sector, industrial automation and more. IoT devices create an intricate web of connectivity. Even as we celebrate and embrace the conveniences and comforts offered by IoT devices, one must not lose sight of a core concern: cybersecurity and data protection in this age of interconnectedness. IoT devices and networks are notably vulnerable to malicious software, including malware and ransomware. The challenge of managing identities in an IoT network is multifaceted, necessitating secure access to authorised entities and preventing unauthorised entry.” Roopali Mehra added “lack of testing and development can lead to unstable security mechanisms for such devices. Hence, it is of paramount importance that device risks are properly considered during the development process. Security considerations must be a part of the design approach itself, to ensure that system robustness is built into designs right from inception. Cybersecurity professionals have to frequently grapple with data security challenges in IoT applications and these are typically rooted in insecure communications and data storage systems. Given that IoT devices collect a vast amount of user data and people often accept the terms of service loosely without a proper analysis, manufacturers of IoT devices must comply with the applicable laws and regulations related to data privacy and protection. Users are not always aware of how their data will be used, and so, data management and data security can be fraught with complexities.”Kumar Ritesh says that IoT devices collect and transmit vast amounts of data, including personal and sensitive information. Ensuring security of this data is a significant challenge for cybersecurity professionals, as any data breach or unauthorised access can have severe consequences on organisations.

IoT ecosystems are complex and interconnected, involving a wide range of devices, networks, and applications. With the growing number of connected devices in IoT ecosystems, the attack surface for cyber threats also expands. Each connected device represents a potential entry point for cybercriminals to exploit, making it difficult for cybersecurity professionals to monitor and secure every device effectively. Managing the security of such diverse and dynamic environments requires cybersecurity professionals to have a deep understanding of the entire IoT ecosystem and the ability to identify and mitigate potential security risks effectively.

Apart from that, IoT devices often have inherent security vulnerabilities due to factors such as limited software updates, default passwords, and insecure communication protocols. The IoT industry also lacks standardised security protocols. Many IoT devices are developed with limited computing power and memory, leading to the use of lightweight security protocols that may not be robust enough to protect against sophisticated cyber attacks. The lack of standardised security protocols across different IoT devices makes it challenging for cybersecurity professionals to implement consistent security measures. These vulnerabilities can be exploited by cybercriminals to gain unauthorized access to IoT devices and compromise the entire network.

Ethical Navigation in AI-Powered Cybersecurity

“A security practitioner may find an AI agent or chatbot helpful, helping expedite actions and simplify essential tasks. But while it showed that AI can streamline and automate specific tasks, it is also not yet able to replace an actual practitioner. It also requires someone to know how to ask the right questions to ensure the AI does the required job. As with anything, simply accepting results as-is from an AI can lead to undesired consequences. It’s possible to get code that won’t function as desired, or the answers to queries can result in what’s known as a hallucination, where a confident response is unjustified by the training data. For example, the AI may confidently share information that is incorrect or, worse, seems to have been entirely made up.

Whether we like it or not, the era of AI is upon us. However, it is vital to recognize its limitations and incorporate it as another tool on our belt. For the time being, tools like AutoGPT do not have the capability to find, create and successfully use a zero day attack. Having protections in place such as IPS can help detect a network scanning tool like Nmap. Utilizing Application Control can further lock down access to services to only authorized users,” expressed Vivek Srivastava.

In the field of cybersecurity, the integration of artificial intelligence (AI) brings forth a myriad of opportunities to enhance threat detection, automate incident response, and fortify defences against evolving cyber threats. However, as companies leverage AI technologies to bolster their cybersecurity operations, they are faced with a range of ethical dilemmas that arise from the intersection of AI and cybersecurity. Transparency and accountability are paramount, requiring companies to disclose the sources, algorithms, and decision-making criteria used by AI systems to mitigate the risk of biased outcomes. Privacy and data protection standards must be upheld to safeguard sensitive data, necessitating robust encryption protocols and access controls. Bias mitigation techniques and fairness-aware algorithms are essential to prevent discriminatory outcomes and ensure equity in AI-powered cybersecurity operations. Human oversight remains crucial to verify AI-generated decisions and intervene when necessary to prevent harm. Responsible disclosure protocols and collaboration in vulnerability management are imperative to address cybersecurity risks effectively. Moreover, companies must consider the societal impact and ethical implications of AI deployments, engaging in dialogue with stakeholders to foster responsible AI governance frameworks that prioritize ethical considerations and societal well-being, mentioned Mukund Wangikar.

Pinkesh Kotecha conveys that companies must prioritise transparency and accountability in AI algorithms and decision-making processes, ensuring that AI systems adhere to ethical principles such as fairness, accountability, and transparency. Moreover, companies conduct thorough risk assessments to identify potential ethical risks associated with AI use in cybersecurity and develop strategies to mitigate these risks. Additionally, organizations invest in ongoing education and training for employees to raise awareness of ethical considerations and foster a culture of responsible AI use. Collaborating with ICT experts and regulatory bodies helps ensure compliance with ethical standards and regulations governing AI in cybersecurity operations.

To address the rising cyber threats, Ishan Technologies offers managed SASE solution for enterprises to fortify defenses against such threats in the digital world. Leveraging our cybersecurity expertise, we aim to work together to develop innovative solutions that effectively identify, mitigate, and prevent AI-driven cyber threats.
Roopali Mehra says that this is a new phenomenon. Companies can navigate ethical dilemmas by using responsible AI governance frameworks.

“AI systems often require access to large amounts of data to effectively detect and respond to cyber threats. Companies must ensure that they are collecting and using this data in a transparent and ethical manner, respecting individuals’ privacy rights and complying with data protection regulations.

AI algorithms can inadvertently perpetuate biases present in the data used to train them, leading to discriminatory outcomes. Companies must carefully monitor and address bias in their AI systems to ensure fair and unbiased cybersecurity operations.

AI systems can sometimes operate in complex and opaque ways, making it difficult to understand how decisions are being made. Companies must ensure that their AI systems are transparent and accountable, with clear mechanisms for explaining and justifying their actions.

We would want to emphasise that companies must consider the ethical implications of using AI for offensive cybersecurity operations, such as hacking or counter-attacks. It is essential to establish clear ethical guidelines and boundaries for the use of AI in offensive,” asserted Kumar Ritesh

According to Vijay Kanal, companies navigate ethical dilemmas surrounding AI in cybersecurity by prioritizing transparency, accountability, and privacy. Clear guidelines for ethical AI use, including data protection measures, are crucial. Engaging stakeholders fosters trust in AI-driven security solutions.

Balancing cybersecurity and privacy is paramount, requiring fair and transparent AI algorithms. Regular audits and human oversight maintain accountability. Regulatory frameworks like Digital Personal Data Protection Act 2023 and GDPR set standards, while ethical AI design principles mitigate concerns, fostering a safer digital environment.

Maj Vineet Kumar mentioned that AI is capable of performing complex tasks quickly. However, AI’s potential misuse has led to an increasing incidence of cyber crimes. There is a rapid expansion of AI tools that can be utilised for cybersecurity operations. In the broader socio-technical ecosystem in which AI exists, companies have to balance technological growth and business expansion with the responsibility of meeting legal and ethical standards. Accountability in AI is a complex issue that requires comprehensive legal reforms. The debate around the ethics surrounding the responsible use of AI become increasingly significant in customer interactions, business operations, and cybersecurity while companies navigate the relatively untested waters of implementing AI in cyber security operations. AI is capable of doing real-time analyses and developing swift responses, and can be used for continuous monitoring, detecting anomalies and much more. Organisations that are embracing AI-powered cyber security solutions must be mindful of data privacy and surveillance concerns: compliance with the pertinent regulatory frameworks and protection of personal information must be prioritised.

Companies must prioritise openness, accountability, justice, and data protection to overcome the ethical conundrums regarding AI in cybersecurity. Transparency includes open communication about how AI technologies are used and their potential impact on privacy and security. Establishing clear responsibilities for AI-driven decisions can help reduce the risk of negative consequences or breaches. Rigorous analysis and validation processes are required to identify and address biases in AI models to ensure fairness and justice in the cybersecurity industry. A strong data governance framework, including access and control, can prevent privacy breaches and protect individual rights says Sumit Srivastava.

Proactive Measures Against Ransomware: Leading Company Defenses

Pinkesh Kotecha remarks, one pivotal strategy involves prioritizing robust security awareness programs to educate employees about ransomware risks and empower them to identify and respond to potential threats effectively. By fostering a culture of vigilance, organizations can significantly reduce the likelihood of successful ransomware attacks stemming from social engineering tactics like phishing emails. Additionally, companies are implementing resilient backup strategies, such as the 3-2-1-1 approach, to ensure the availability and integrity of critical data in the event of a ransomware incident. By maintaining multiple backups across diverse locations, organizations can swiftly recover operations without succumbing to ransom demands, thus mitigating the impact of potential breaches and minimizing downtime.

Moreover, leading companies are investing in advanced email security solutions, leveraging robust filtering and scanning technologies to intercept ransomware threats at their entry points. By fortifying email defenses, organizations can effectively block malicious attachments and links, thwarting ransomware attacks before they infiltrate networks and compromise data. Furthermore, proactive measures such as vulnerability assessments, software patching, and deployment of cutting-edge ransomware protection technologies are integral components of companies’ defense strategies.

Himanshu Kumar Gupta articulated that amid rising ransomware threats, leading companies are indeed taking several proactive measures to bolster defenses. This includes adhering to best practices like implementing regular access reviews for remote work vulnerabilities, prioritizing employee education on cyber hygiene, conducting thorough network inventories to increase attack surface visibility, and keeping systems updated at all times. Moreover, adopting zero-trust architectures which fundamentally rethinks traditional notions of access privileges, ensuring that every interaction is scrutinized regardless of the user’s credentials, shifting to a platform-based approach in order to consolidate all security operations, enabling centralized management, establishing incident response plans and regularly upskilling and reskilling the workforce are ways to stay one step ahead of the ever-evolving techniques of hackers.

According to the CyberArk 2023 Identity Security Threat Landscape Report, 89% respondents indicated that their organisations were targeted by at least one ransomware attack within the year. According to our research, several crucial identity security initiatives remain on priority lists, highly valued for addressing both security and operational requirements Sumit Srivastava articulated:
● Multi-layered endpoint protection: Prevent attackers from elevating privileges, compromising credentials, moving laterally, and executing arbitrary code on endpoints. CyberArk Endpoint Privilege Manager (EPM) and Endpoint Detection & Response (EDR) together enable organisations to respond to ransomware attacks.
● Comprehensive PAM controls: Create isolation layers, remove direct access to Tier 0 systems and eliminate credential exposure through privileged access management (PAM) controls.
● Integrated Multi-factor Authentication (MFA): Protect access to endpoints with adaptive MFA and enforce the principle of least privilege without complicating IT operations or hindering user productivity.
● Secure non-human access: Prevent compromise of the application secrets used to access Tier 0 assets and CI/CD pipelines with services like CyberArk Secrets Manager.
● Resilience and recovery engagements: Test existing controls and identify gaps and vulnerabilities. Additionally, accelerate data breach recovery and restore of business-critical services quickly and efficiently through services like Remediation Services by CyberArk.
● Consolidation of Trust: Cybersecurity can’t be done in a vacuum – it’s a team game. Outside perspectives can help validate and strengthen strategies during times of change, while helping organisations create winning roadmaps for the long run.

Humans often form the weakest link in the cybersecurity chain, and ransomware attacks exploit this vulnerability through delayed updates, phishing emails, and other social engineering tactics. According to the 2023 DBIR report by Verizon, an astounding 74% of all breaches involve human involvement. These incidents include errors, privilege misuse, the use of stolen credentials, and social engineering. Notably, a significant portion of these breaches, accounting for 50% of reported incidents, stem from pretexting or Business Email Compromise (BEC) attacks. Strengthening awareness and preventive measures at the human level is crucial in mitigating the risk of ransomware attacks. Here are some insights and recommendations that the organisations can take to strengthen their security and raise awareness as provided by Anshuman Sharma:
● Social Engineering Awareness: Prioritize training on phishing, smishing, and other social engineering tactics used on mobile devices. Conduct simulations and role-playing exercises to make training interactive. Providing personalized feedback and additional training for those who fall victim, turns mistakes into learning opportunities.
● Data Access Control: With implementation of granular access control policies to restrict user privileges based on their job roles and responsibilities, the potential damage caused by accidental or malicious insider threats is minimized.
● Updates and Patch Management: Implement automated systems for software updates and patches. This reduces the reliance on individual employees to manually update their systems and ensures that vulnerabilities are addressed promptly.
● Incident Response Plan: Develop and regularly update an incident response plan that includes procedures for addressing ransomware attacks.
● Technical Controls: Security hardening on the endpoint such as blocking Server Message Block (SMB) wherever not needed, implementing the windows firewall rules, enforcing multi-factor authentication, monitoring the access leveraging administrative credentials and usage of hidden shares.

Human element remains a critical factor in cybersecurity vulnerabilities and by addressing these aspects, organizations can significantly reduce the risk posed by human-related factors and enhance their overall cybersecurity resilience.

According to Mukund Wangikar, ransomware attacks have emerged as a pervasive and increasingly sophisticated threat, targeting organizations of all sizes and industries worldwide. In response to the escalating ransomware attacks, companies are implementing proactive measures to fortify their defenses and mitigate the risk of debilitating cyber incidents. These measures include comprehensive security awareness training programs to educate employees about common ransomware tactics and empower them to recognize and report suspicious activities promptly. Robust backup and data recovery strategies ensure the redundancy and integrity of critical data, coupled with regular testing to verify data recovery capabilities. Advanced endpoint protection platforms equipped with behavior-based detection and real-time threat intelligence integration are deployed to detect and prevent ransomware attacks targeting end-user devices. Network segmentation and access controls limit the lateral movement of ransomware within networks, while advanced threat detection and response capabilities facilitate real-time detection and automated incident response workflows. Proactive vulnerability management and timely patching reduce the attack surface, and comprehensive incident response planning and preparedness initiatives minimize the impact of ransomware incidents on business operations. Additionally, engagement with law enforcement agencies, industry peers, and cybersecurity organizations enables organizations to enhance their threat awareness and collectively combat the evolving ransomware threat landscape.

Leading companies implement multifaceted strategies including threat intelligence sharing, data backup and recovery protocols, employee awareness training, and proactive vulnerability management. Additionally, investments in advanced security technologies and solutions are also helpful in enhancing resilience against ransomware threats, as articulated by Roopali Mehra.

As a cybersecurity company, Kumar Ritesh recommends the following strategies for companies to avoid ransomware attacks.
● Ensure you are regularly updating your Software and Systems. One of the most common ways ransomware attackers gain access to a company’s network is through exploiting vulnerabilities in outdated software and systems. Companies should ensure that all software, operating systems, and applications are regularly updated with the latest security patches to protect against known vulnerabilities.
● Human error is often a major factor in ransomware attacks, with employees inadvertently clicking on malicious links or downloading infected files. Companies should invest in cybersecurity training programs to educate employees about the risks of ransomware and how to identify phishing emails, suspicious websites, and other common tactics used by cybercriminals.
● In the event of a ransomware attack, having secure and up-to-date backups of critical data is essential for restoring operations without paying the ransom. Companies should regularly back up data to offline or cloud storage, ensure backups are encrypted and password-protected, and test their backup and recovery processes to ensure they are effective in the event of an attack.
● And the goal here is to not be attacked in the first place, and this requires the use of cyber-intelligence to give you signals of impending attacks.

Effective ransomware detection requires a combination of education and technology. Here are some of the best ways to detect and prevent the evolution of current ransomware attacks according to Vivek Srivastava:

Educate your employees about ransomware: Security awareness training for userds is a must and will help organizations guard against an ever-evolving array of threats. Teach employees how to spot signs of ransomware, such as emails designed to look like they are from authentic businesses, suspicious external links, and questionable file attachments.

Use deception to lure (and halt) attackers: A honeypot is a decoy consisting of fake repositories of files designed to look like attractive targets for attackers. You can detect and stop the attack when a ransomware hacker goes after your honeypot. Not only does cyber deception technology like this use ransomware’s own techniques and tactics against itself to trigger detection, but it uncovers the attacker’s tactics, tools, and procedures (TTP) that led to its successful foothold in the network so your team can identify and close those security gaps.

Monitor your network and endpoints: By conducting ongoing network monitoring, you can log incoming and outgoing traffic, scan files for evidence of attack (such as failed modifications), establish a baseline for acceptable user activity, and then investigate anything that seems out of the ordinary. Deploying antivirus and anti-ransomware tools is also helpful, as you can use these technologies to whitelist acceptable sites. Lastly, adding behavioural-based detections to your security is essential, particularly as organizations’ attack surfaces expand and attackers continue to up the ante with new, more complex attacks.

Augment your team with SOC-as-a-service if needed: The current intensity we see across the threat landscape, both in velocity and sophistication, means we all need to work harder to stay on top of our game. This is why relying on a Managed Detection and Response (MDR) provider or a SOC-as-a-service offering is helpful. Augmenting your team in this way can help to eliminate alert fatigue and free up your analysts to focus on their most important tasks.

“Amidst escalating ransomware attacks, companies are fortifying defenses with proactive measures. A 2023 global ransomware trend report revealed an alarming rise to 85% of companies facing attacks, emphasizing the urgent need for robust defense strategies.

Timely software patching and updates mitigate known vulnerabilities. Investments in advanced threat detection and response, like Endpoint Detection and Response (EDR) and Network-based intrusion detection systems (NIDS), enable real-time detection and mitigation, minimizing impact on operations and data integrity,” said Vijay Kanal.

Maj Vineet Kumar asserted that there has been a surge in ransomware attacks on organisations, highlighting the need for proactive cyber security measures to fortify the defenses against such threats. Leading companies are adopting strategies such as risk management, business continuity plan, data protection measures, resilient Information technology (IT) infrastructure, effective incident response plan, regular vulnerability assessment, secured data backups and recovery plan, data protection strategies, multi-layered security solutions, AI-powered cyber security strategies, employee training and more. All these strategies by leading companies are strengthening their cyber security measures against growing ransomware attacks. Robust cyber security measures are crucial for companies to ensure that their functions can continue without interruption in light of an increasing number of ransomware attacks. By implementing such a comprehensive plan, businesses can minimise downtime, mitigate financial losses, and protect valuable data and information. Leading companies are strengthening their cyber security capabilities by investing in various aspects of cyber security, from designing solutions and adopting new technologies to prioritising compliance and adapting processes. It has become essential to establish cyber resilience to defend against growing threats in the digital landscape and ensure the continuity of critical operations of the companies.

Evolution of Cybersecurity in Safeguarding Critical Infrastructure

“The role of cybersecurity in safeguarding critical infrastructure has evolved beyond safeguarding individual components. It now emphasizes integrating security throughout the development lifecycle, ensuring early stage detection and mitigating vulnerabilities. Furthermore, as our digital ecosystems continue to expand, embracing a unified approach to security becomes imperative, enabling continuous monitoring and fostering rapid response capabilities. This also brings our focus to the fact that the cyber security department must not exist in silos anymore and should be made a boardroom conversation,” said Himanshu Kumar Gupta.

Maj Vineet Kumar articulated that cyber threats targeting critical infrastructure systems are a growing concern. Cyber security solutions are vital in securing critical infrastructure systems against the escalating number of cyber attacks. Cyber security solutions employ a wide range of technologies, including risk assessment, network security measures, employee training on cyber resilience, incident response plan, and the use of advanced technology such as AI and Machine Learning to safeguard the cybersecurity posture of critical infrastructure systems. Investment in cyber security solutions can strengthen the security of critical infrastructure. Doing so requires collaborative efforts between government agencies and technological companies. Proactive investment into safeguarding critical operations is essential, especially in sectors like healthcare, finance and transport, where even minor operational fluctuations have a direct impact on citizens’ lives. There is an accelerated adoption of AI technology in these sectors to automate processes and the benefits of doing so must be balanced with caution since these industries process and track sensitive personal data.

Pinkesh Kotecha expressed that essential services such as electricity distribution, water supply, transportation, and telecommunications relying heavily on IT systems and cloud technologies for management and control, the stakes for cybersecurity have never been higher. However, this interconnectedness also presents a significant challenge, as it expands the attack surface for cybercriminals, leaving critical infrastructure vulnerable to various threats including advanced persistent threats (APTs), ransomware attacks, and insider threats.

As cyberattacks continue to proliferate across sectors like BFSI, Healthcare, and government organizations, it becomes increasingly evident that investments in cybersecurity are essential for safeguarding both large enterprises and MSMEs. By investing in robust cybersecurity measures and fostering a culture of vigilance and preparedness, businesses can mitigate the impact of cyber threats and ensure the continued safety and functionality of critical infrastructure in our interconnected world.

Roopali Mehra, Governing Council Member, GCA

The evolving threat landscape necessitates an expanded focus on safeguarding critical infrastructure from cyber threats. Cybersecurity professionals now need to collaborate across departments to implement resilient architectures, threat monitoring mechanisms, and incident response protocols to mitigate risks posed by interconnected digital systems.

Mukund Wangikar asserted that in the era of increasingly interconnected digital systems, the significance of cybersecurity in protecting critical infrastructure has experienced notable transformation. Governments, industries, and organizations have heightened awareness of the importance of cybersecurity, recognizing the vulnerability of digital systems to cyber threats. Regulatory measures mandating cybersecurity practices for critical infrastructure sectors have led to improved cybersecurity practices and compliance. Integrated risk management approaches now view cybersecurity as integral to overall risk management strategies, assessing and mitigating cybersecurity risks alongside operational risks. Technological advancements have yielded sophisticated intrusion detection and prevention systems, encryption techniques, behavioral analytics, and AI-driven security solutions to combat evolving threats. Increased collaboration and information sharing between government agencies, private sector companies, and international partners have enhanced cyber threat detection and response capabilities. Building resilience and continuity into critical infrastructure systems through redundant systems, backup protocols, and disaster recovery plans is prioritized, alongside training programs and awareness campaigns to educate personnel about cybersecurity best practices. Additionally, the use of threat intelligence feeds and predictive analytics enables organizations to anticipate and proactively defend against cyber threats by analyzing attack patterns and trends.

According to Anshuman Sharma, the role of cybersecurity professionals has evolved in the past few years specifically when developing strategies and providing adequate protection to critical infrastructure components. Critical Infrastructure such as water, power, nuclear plants, etc., which is the Operational Technology is focused on managing the physical processes of the ICS/SCADA systems. The protocols used in OT/ICS/SCADA are different from what is used in IT and therefore many cybersecurity professionals are now learning how the ICS/SCADA protocols work and how to better secure them (as my default most of them are not secure).

Cybersecurity professionals are working to find a common ground to bring both IT and OT professionals together, where each understands the importance and core responsibilities of the other (IT is more focused on confidentiality, whereas OT is more on availability & safety). With a sound understanding of the various critical infrastructure components (including working and protocols used), cybersecurity professionals have developed frameworks for preventing unauthorized access, detecting anomalies in the network and timely identification of known vulnerabilities. A typical framework is around defining the cybersecurity policies and governance; implementing architecture, e-discovery, threat detection, implementing tools, secure configuration, endpoint protection; and responding to incidents (leveraging SOC/MSS/SOAR), including assessments and testing.

Rising attacks on critical infrastructure have made IT security more important than ever before, according to Vivek Srivastava. The number of industrial devices connected beyond their network boundaries is rapidly increasing, and CISOs now face skyrocketing risks across their OT environments. In fact, Fortinet found that three-fourths of OT organizations reported at least one intrusion in the last year, and nearly one-third reported being victims of a ransomware attack. To solve this challenge, organizations need an integrated security approach designed specifically for industrial solutions that enables policy enforcement across the entire attack surface, consolidates point products, and reduces operational overhead. The Fortinet OT Security Platform is an integrated portfolio of cybersecurity products, solutions, and security services designed specifically for industrial networks and powered by real-time OT threat intelligence. Because the OT Security Platform is a part of the Fortinet Security Fabric, it empowers customers with deep visibility across their entire environment and securely facilitates IT/OT convergence. The platform also gives organizations the ability to implement a zero-trust model within OT environments, including secure remote access to OT assets and systems for remote employees and contractors.

Amidst growing digital interconnectedness, cybersecurity’s role in safeguarding critical infrastructure has evolved significantly. With vital services relying on digital technologies, robust security measures are essential for uninterrupted operations. This includes regular risk assessments and collaboration with government agencies and industry partners to address emerging threats effectively.

Cyber threats to critical infrastructure pose strategic risks, affecting national security, economic prosperity, and public safety. Nation-states target infrastructure for espionage and gaining access to control systems. Collaborative efforts are crucial to mitigate risks and ensure resilience in the face of evolving threats, said Vijay Kanal.

Sumit Srivastava articulated that critical infrastructure is becoming increasingly dependent on digital technology and network connectivity, which increases the risk of cyberattacks affecting vital services like electricity, transportation, and healthcare. As such, cybersecurity has become more important to these sectors, government, and organisations in charge of maintaining vital infrastructure. This change indicates a rising understanding of cybersecurity as an integral part of infrastructure resilience instead of a stand-alone issue. Customised cybersecurity methods have become increasingly expensive to defend vital infrastructure assets against ever-changing cyberattacks.

Critical infrastructure cybersecurity has shifted from a reactive approach to isolated attacks, to a proactive, all-encompassing approach. Preventive actions, including risk assessment, vulnerability management, and sharing of threat intelligence are increasingly prioritised.

Securing identities is becoming the new security paradigm and it universally recognised as a modern and effective security strategy. This is particularly true as critical infrastructure undergoes modernisation initiatives that take advantage of migrating services to the cloud.

The CyberArk Identity Security Platform can be mapped to organisations’ risk management process to help identify and manage their cybersecurity risks about identity and its capabilities cover each stage of the incident response framework to both defend against attacks as well as provide good practice hygiene tools for keeping the machine and human identities secure.

As the response, to any cyberattack threat, is time-sensitive, key capabilities must be in place to immediately detect and respond to suspicious actions by a given identity, take automated actions to reduce the risk of eventuating and ensure an identity is restored to a known safe state.

Advanced Cyber Threat Detection and Mitigation Strategies

Innovative strategies like Managed SASE and AI, are revolutionizing the detection and mitigation of sophisticated cyber threats targeting sensitive data. One such approach involves harnessing AI and machine learning technologies to bolster threat detection and response capabilities. These AI-powered security systems enable organizations to receive real-time alerts, continuously monitor networks, and swiftly respond to potential threats, minimizing human delay in intervention.

AI can make logical inferences based on data subsets and offer multiple solutions to known problems, empowering security teams to choose the most effective course of action. By embracing these innovative strategies and technologies, organizations can proactively stay ahead of evolving cyber threats, enhancing their threat detection capabilities, and fortifying their defense posture against malicious actors targeting sensitive data, conveyed Pinkesh Kotecha.

According to Himanshu Kumar Gupta, organizations are employing a variety of cutting-edge strategies to effectively combat the ever-evolving hacking techniques deployed by hackers to access sensitive data. One such approach involves harnessing the power of artificial intelligence for anomaly detection and behaviour analysis, allowing for swift identification of suspicious activities amidst the vast sea of digital transactions. Another frontier is the integration of blockchain technology, providing an immutable ledger for secure data transactions, fortifying defenses against unauthorized access or tampering. To further their efforts, organizations can also emphasize better visibility into their attack surface, sharing threat intelligence across sectors to foster a collective defense posture against common adversaries, adopting initiatives like the Zero Day Initiative to incentivize security researchers to report undiscovered software flaws, and enacting a holistic approach to the cybersecurity attack surface lifecycle, offering threat prevention, detection, and response capabilities.

In the face of evolving cyber threats targeting sensitive data, businesses must remain vigilant in identifying and promptly addressing potential risks. A layered approach to protection and detection is essential, covering user, application, device, and network levels. Some of the measures being implemented to mitigate the associated risks according to Anshuman Sharma are:
● Network Segmentation: Implement network segmentation to isolate infrastructure components hosting sensitive data to minimize the risk of lateral movement within the network.
● VPNs and Zero-Trust Access: Deploy Virtual Private Networks (VPNs) and Zero-Trust Access for remote workers, ensuring secure access to corporate resources regardless of network connection. Multi-factor authentication should be mandatory for additional access control. Also to control user access and privileges while safeguarding and securing all interactions, organizations must be able to continually verify (via access management capabilities such as continuous multifactor authentication (CMFA)), authorize, and monitor activity patterns. Implementation of role-based access control (RBAC) and attribute-based access control (ABAC) is an important access to protect the application, data, assets and services.
● Endpoint Security: Implement robust endpoint security solutions on all devices, such as Endpoint Detection and Response. This also includes firewalls, antivirus software, and intrusion detection systems to protect against malware and other threats. With the rise of remote work and cloud reliance, enterprises are increasingly embracing zero-trust and secure access service edge (SASE) approaches. Leveraging Network Detection and Response (NDR) helps greatly to get a network wide view and an understanding of any suspicious network behaviour.
● Data Encryption: Encrypting sensitive data both when in rest and when in motion (over the network) is a minimum requirement to provide adequate protection.

Kumar Ritesh recommends the 3 strategies here:

• Companies are increasingly utilizing behavioural analysis techniques to detect and mitigate sophisticated cyber threats targeting sensitive data. By monitoring and analysing user behaviour, network traffic, and system activities, organizations can identify anomalies and potential threats in real-time. This proactive approach helps in detecting advanced threats that may evade traditional security measures.
• Collaborative threat intelligence sharing among organizations, industry partners, and government agencies is another innovative strategy to detect and mitigate cyber threats targeting sensitive data. By sharing information on emerging threats, attack patterns, and indicators of compromise, companies can enhance their threat detection capabilities and proactively defend against sophisticated cyber attacks.
• Machine learning and AI-powered solutions are increasingly being deployed to detect and mitigate sophisticated cyber threats targeting sensitive data. These technologies can analyze vast amounts of data, identify patterns, and predict potential threats more effectively than traditional security tools. By leveraging machine learning algorithms and AI-driven analytics, organizations can enhance their threat detection and response capabilities, thereby strengthening their overall cybersecurity posture against advanced threats.

Roopali Mehra’s innovative strategies include the adoption of threat hunting methodologies, leveraging deception technologies to lure and identify adversaries, and implementing behavioral analytics to detect anomalous activities indicative of potential breaches. Additionally, advancements in encryption technologies and data-centric security approaches enhance protection for sensitive data assets.

To counter sophisticated cyber threats targeting sensitive data, various innovative strategies are being deployed, harnessing advanced technologies and methodologies to bolster cybersecurity defenses according to Mukund Wangikar. For instance, behavioral analytics involves scrutinizing user behavior, network traffic, and system activities to pinpoint anomalies signaling potential threats, aided by machine learning algorithms capable of detecting irregular patterns. Deception technologies employ decoy systems, networks, and data assets to mislead attackers and unveil their presence early in the cyber kill chain, mitigating potential damage. Endpoint Detection and Response (EDR) solutions offer real-time monitoring, detection, and response capabilities at the endpoint level, swiftly identifying and neutralizing suspicious activities. Zero Trust Architecture (ZTA) adopts a stringent “never trust, always verify” approach, implementing strict access controls and continuous authentication to limit lateral movement and reduce the attack surface. AI-powered threat hunting combines machine learning algorithms with human expertise to proactively search for and identify threats that may evade traditional security measures. Secure Access Service Edge (SASE) integrates networking and security functions into a cloud-native architecture, ensuring secure access to applications and data from any location. Blockchain technology is explored for decentralized and tamper-evident storage, particularly in finance and healthcare sectors, offering enhanced data integrity and resistance to unauthorized alterations. Likewise, collaborative threat intelligence sharing platforms enable organizations to exchange information about emerging threats, tactics, and procedures, empowering collective defense efforts against evolving cyber threats.

Vivek Srivastava bolded the following points:

• Begin with a comprehensive incident response plan and related playbooks that outline the steps to take in the event of a cybersecurity incident. This includes conducting simulated exercises, such as tabletop drills, to allow your key stakeholders to practice and refine their responses to different types of cyberthreats.
• Regularly patching vulnerabilities is a fundamental measure to prevent exploitation by cybercriminals. It is imperative that you keep all software, operating systems, and applications up to date with the latest security patches. Perform regular security audits and risk assessments to identify vulnerabilities and weaknesses in your organization’s infrastructure. This proactive approach helps in addressing potential issues before they can be exploited by threat actors.
• Stay ahead of cyberthreats by investing in advanced security technologies with integrated artificial intelligence (AI) and machine learning (ML) to accelerate threat detection, analysis, and response anywhere across your distributed network. Next-generation firewalls, intrusion detection and prevention systems, endpoint protection, and security information and event management (SIEM) solutions are essential. Look for systems and platforms designed to function as an integrated system to enhance responsiveness, reduce vendor sprawl, enhance visibility and control, and centralized management. This holistic security approach should also support new technologies, such as the SASE/SSE solutions you are deploying to connect and protect your expanding edge and work-from-anywhere environments. Adding ZTNA enhances secure access to sensitive resources by providing encrypted tunnels, granular access controls, per-application access, and ongoing connection monitoring.

As cyber-attacks are becoming more sophisticated and there is a growing surge in data breaches, it becomes all the more important to maintain stronger cyber security practices to protect sensitive data. Strategies such as effective identity and access management (IAM) help organisations to control and monitor access to sensitive data and networks. It helps safeguard against unauthorised access and thereby reduces incidents of data breaches. Poor data management, weak network security and poor endpoint protection can lead to major data breaches. Sensitive data such as personally identifiable information (PII), legal information, protected health information (PHI), biometric data, etc., require due care and attention to be managed effectively and efficiently. Innovative strategies such as access management, organising and classifying data by risk level, enabling data encryption, data masking, enabling multi-factor authentication, regular backups, building stronger network security, and performing Data Protection Impact Assessments (DPIA) can be instrumental in fortifying systems. All these steps by Maj Vineet Kumar implemented by organisations help to manage and maintain the security of sensitive data.

Innovative strategies are deployed to detect and mitigate sophisticated cyber threats targeting sensitive data. These include restricting administrative privileges, patching operating systems, employing multi-factor authentication, and disabling local administrator accounts. Network segmentation, protecting authentication credentials, and utilizing non-persistent virtualized sandboxed environments are crucial.

Additionally, software-based application firewalls are used to block both incoming and outgoing network traffic, while outbound web and email data loss prevention measures are implemented to safeguard sensitive data effectively, according to Vijay Kanal.

Organisations aiming to safeguard their data and systems against emerging threats must prioritise robust identity security in the rapidly evolving threat landscape. They need to adopt a proactive approach, centered on best practices tailored explicitly for addressing the unique challenges with the evolving scenario that is crucial for effectively navigating this new paradigm.

Some of the best practices according to Sumit Srivastava include:

• Embracing Zero Trust Principles: Adopting the principles of Zero Trust necessitates a mindset where all users, devices and applications need to be authenticated, authorized, and continuously verified for security configuration and posture. Organisations can reduce the risk of unauthorised access and data breaches by persistently verifying identities.
• Implementing Multi-Factor Authentication (MFA): MFA acts as an additional security layer by requiring users to provide multiple forms of authentication–such as passwords, biometric scans, or one-time passcodes. This robust mechanism enhances identity security significantly and complicates the task for malicious actors attempting unauthorised access to sensitive data and systems.

Striking the Balance: Cybersecurity and Privacy in Organizations

Mukund Wangikar said, “balancing robust cybersecurity measures with user privacy and data protection is essential for organizations to maintain trust with their customers while ensuring the security of sensitive information. Several strategies are employed to effectively achieve this balance. Notably, organizations adopt privacy by design principles, embedding privacy features into the architecture of systems, products, and services to minimize the risk of data breaches while upholding user privacy. Transparency and consent are emphasized, with clear communication about data collection, usage, and obtaining explicit consent from users for processing activities, fostering trust and informed decision-making. Data minimization practices limit the collection, retention, and processing of personal data to what is strictly necessary, reducing the potential impact of breaches and mitigating privacy risks. Anonymization and pseudonymization techniques are employed to reduce re-identification risks while still deriving valuable insights from data. Robust encryption mechanisms protect data both at rest and in transit, ensuring unreadability without appropriate decryption keys. Access controls and authentication mechanisms restrict access to sensitive data, minimizing unauthorized access risks. Comprehensive data security governance frameworks oversee data management, protection, and compliance, with regular audits and risk assessments ensuring alignment with privacy requirements. User education initiatives enhance awareness of privacy risks and best practices, empowering users to protect their privacy effectively. Robust incident response plans enable prompt detection, containment, and mitigation of data breaches, with adherence to regulatory requirements and timely notification of affected individuals. Collaboration with regulators, privacy advocates, and industry stakeholders ensures alignment with evolving privacy regulations and fosters a culture of privacy compliance, enabling organizations to adapt cybersecurity measures accordingly.”

Pinkesh Kotecha, MD and Chairman, Ishan Technologies

Organizations can effectively balance the need for robust cybersecurity measures with the imperative of maintaining user privacy and data protection by collaborating with ICT companies specializing in cybersecurity. By partnering with these ICT firms, enterprises can gain access to comprehensive solutions that offer a holistic approach to addressing security and privacy concerns. With guidance on implementing best practices for data protection, privacy compliance, and cybersecurity measures, ensuring that organizations have robust defenses in place while safeguarding user privacy.

At Ishan Technologies, we understand the importance of tailoring cybersecurity solutions to meet the specific needs and objectives of each organization. We take a customized approach to our solutions, working closely with our clients to understand their unique business requirements and challenges.

“Organizations achieve a balance by adopting a privacy-by-design approach, integrating privacy considerations into cybersecurity strategies from inception. Implementing privacy-enhancing technologies, conducting privacy impact assessments, and adhering to regulatory requirements, like DPDP Act, to facilitate effective alignment between cybersecurity measures and data protection requirements,” said Roopali Mehra.

Vijay Kanal bolded that organizations must balance robust cybersecurity with user privacy and data protection amidst escalating data breaches. With the average cost of a breach in India at $2.18 million, bolstering cybersecurity is imperative. Digitization demands a skilled cybersecurity workforce, crucial for safeguarding data amidst India’s significant internet user base. Insider threats, averaging $16.2 million annually, emphasize the need for vigilance. A data privacy specific approach integrates privacy into solutions, emphasizing encryption, implementing multi-factor authentication and access controls, and user consent.

Compliance requirements, including GDPR and national regulations, are paramount. Investments in strengthening national cybersecurity frameworks, such as the National Cyber Coordination Centre, are vital. Thorough risk assessments and collaboration between government and private sectors are essential to enhance India’s cyber resilience.

Fortinet supports customers with a platform approach to cybersecurity via the Fortinet Security Fabric, which converges networking and security through one operating system (FortiOS), one unified agent (FortiClient), one management console (FortiManager), and one data lake (FortiAnalyzer) to integrate and protect the entire digital attack surface. It’s focused on three major enterprise pillars: secure networking, unified SASE, and AI-driven security operations.

The Fortinet Security Fabric is the result of over two decades of relentless focus on the company’s platform vision and organic product development and innovation. It spans more than 50 enterprise-grade products and services, including network firewall, wired and wireless LAN, SD-WAN, SASE, SIEM, and EPP. This extensive integrated product coverage, combined with open APIs and a deep technology alliance partner ecosystem of over 500 third-party vendors, ensures customers can start building a platform based on what they currently have deployed and leverage the Fortinet Security Fabric in the way that drives the most value for their unique needs.

Fortinet has enhanced FortiOS 7.6 features to ensure sensitive information remains secure no matter where it resides within the hybrid network. Centralized data protection combined with enforcement points across the Fortinet Security Fabric will enable more enterprises to adopt and manage a complete data loss prevention (DLP) strategy for comprehensive data protection capabilities across the network.

Maj Vineet Kumar said, “In today’s digital landscape, organisations must strike a delicate balance between fortifying cybersecurity defenses and safeguarding user privacy and data integrity. It requires a nuanced approach that respects individual privacy rights.

Organisations need to prioritise ethical considerations, and privacy and security must be taken into account while deploying advanced cyber security measures. Cross-border collaboration, with an emphasis on developing relevant laws and policies, can enhance efforts to maintain user privacy and data protection at a broader level and provide greater direction to organisations in terms of regulatory requirements to be followed.

Furthermore, organisations need to establish and follow robust cybersecurity measures to combat the growing nature of cyber threats while also respecting individual privacy rights and complying with applicable data protection laws or regulations.

Organisations can establish effective access controls to ensure that only authorised persons can access sensitive data. Data security requires the attention of proactive measures and due diligence to be followed by organisations. Data retention policies in compliance with applicable laws are crucial to ensure accountability and transparency.

Setting the standards of data handling and user rights, encryption, data anonymization, compliance with data privacy regulations, data backup and recovery strategies, access control, regular audits and updates, and fortifying network security are some fundamental steps for ensuring user privacy and data protection while utilising robust cyber security measures.

As organisations face growing risks from cyber threats, which can lead to data breaches, financial loss, or damage to organisational reputation, they rely on connected technologies that can even enlarge the potential surface for cyber threats. Implementing proactive cyber security measures is critical to protecting an organisation’s data, system, and operations. Employee training on cybersecurity best practices is an important component of handling individuals’ sensitive personal data. All these efforts by the organisation can effectively establish a much-needed balance between the need for robust cyber security measures and respecting individual data privacy and protection.

Promoting Global Cybersecurity Collaboration: Government and International Initiatives

Roopali Mehra says governments and international bodies facilitate collaboration through initiatives such as information sharing platforms, cybersecurity frameworks, and public-private partnerships. Cross-border cooperation, threat intelligence sharing, and capacity-building programs enhance collective resilience against cyber threats on a global scale.

Vijay Kanal expressed that governments and international bodies are fostering collaboration and information sharing among cybersecurity stakeholders amidst the evolving threat landscape. This involves establishing platforms and initiatives for sharing threat intelligence and best practices. Cybersecurity regulations and frameworks are being implemented to enhance awareness and critical infrastructure resilience.

Public-private partnerships leverage combined strengths for improved cybersecurity, with academia, industry, and government collaborating on research projects to develop innovative solutions. Initiatives like the Cyber Suraksha Abhiyan and Digital Personal Data Protection Act aim to raise awareness and protect data, while frameworks like the Indian Cyber Crime Coordination Centre provide comprehensive approaches to cybercrime.

Maj Vineet Kumar articulated the following:

• Governments worldwide are proactively working towards the shared goal of establishing a safe cyber world. Various new regulations are underway to protect and promote safe cyber security solutions. In India, the government has focused on empowering law enforcement agencies and netizens on cyber security strategies and creating awareness about the same. With the enactment of new laws or regulations such as the Digital Personal Data Protection Act 2023, The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and various advisories in the domain of cyber security, the nation is moving towards a more regulated and responsible approach towards designing and implementing cyber security solutions, including data protection mechanisms.
• The government has fostered dialogues and consultation processes between stakeholders, including technological companies, civil society organisations and others, to invite their comments and suggestions regarding the cyber security domain. The government is also proactively fostering collaboration and working towards protecting critical information systems. There is also a dedicated effort towards integrating cyber security awareness education at the school level to protect children from growing threats in the digital domain.
• Government ministries such as the Ministry of Electronics and Information Technology (MeitY) have collaborated with stakeholders and had discussions with social media platforms to counter the challenges posed by emerging threats like the misuse of deepfake technologies and widespread misinformation and disinformation on social media platforms. There has been a welcome collaboration between government agencies and social media intermediaries to maintain electoral integrity amidst the upcoming elections in the country.
• AI and machine learning have been utilised in cybersecurity operations in recent years. The government has collaborated to organise stakeholder consultations and dialogues to promote responsible and regulated use of AI in the cybersecurity domain. Governments all over the world are paving the way for greater systemic responsibility in cyber security development initiatives through increased collaboration internationally. The first-ever G20 Conference on Crime and Security in the Age of NFTs, AI, and the Metaverse was held in July 2023 in Gurugram, Haryana. Over 900 participants from G20 countries, 9 special invitee countries, International Bodies, and technology leaders and domain experts from India and across the world attended the conference. The government and international bodies are making efforts to establish principles for accountable, fair and trustworthy use of AI.
• Recently, the Ministry of Electronics and Information Technology (MeitY) issued an advisory urging platforms to prevent bias, discrimination, and threats to electoral integrity by using AI, generative AI, LLMs, or other algorithms. Said advisory sets the stage for a more regulated Al landscape. The Indian government requires explicit permission to deploy under-testing or unreliable artificial intelligence models on the Indian Internet.
• The G7 Summit held in May 2023 focused on advanced international discussions on inclusive AI governance and interoperability to support the common goal of trustworthy AI in line with shared democratic values. AI was the major theme of this G7 summit. The Hiroshima AI Process (HAP) is an effort by G7 to determine a way forward to regulate AI. The Hiroshima AI Process (HAP) aims to establish trustworthy technical standards for AI at the international level. Ministers from the Group of Seven (G7) countries emphasised creating ‘international guiding principles applicable for all AI actors’ and a code of conduct for organisations developing ‘advanced’ AI systems.
• Recently, in March 2024, the ‘AI Consent Bill’ was introduced in the US, which places reliance on online platforms to obtain consumer consent before using their data for AI-model training. Furthermore, in March 2024, the United Nations General Assembly unanimously adopted the first global resolution on artificial intelligence.

Initiatives such as the Global Cooperation and Training Framework (GCTF) workshop and the Joint Indo-U.S. Quantum Coordination Mechanism highlight India’s commitment to international collaboration in cybersecurity. Furthermore, the Indian government’s forthcoming draft policy mandating companies in critical sectors to utilize Indian cybersecurity products and services underscores a proactive approach to enhance the security of critical infrastructure and sensitive data within the country. These collaborations will facilitate joint research on quantum, AI, and advanced wireless technologies, allowing India to harness global expertise and strengthen its cybersecurity posture.

Additionally, an expected increase in public-private partnerships (PPP) in the cybersecurity domain, particularly in skilling initiatives and adopting new technologies, will further the government’s efforts aimed at enhancing cybersecurity resilience on both national and international fronts, said Pinkesh Kotecha.

Kumar Ritesh articulated the following points:

• Governments are partnering with international bodies to set up platforms where cybersecurity stakeholders, including government agencies and private sector organizations or cybersecurity experts, can share emerging threats, best practices to avoid these threats, and insights on threat intelligence. These platforms facilitate real-time information exchange helping best collaboration practices and enables stakeholders to stay updated on the latest cyber threats and trends.
• Governments are increasingly recognizing the importance of public-private partnerships in enhancing cybersecurity resilience. By collaborating with private sector organizations, academia, and industry associations, governments can leverage the expertise and resources of various stakeholders to strengthen cybersecurity, develop innovative solutions, and respond effectively to cyber incidents.
• Cyber threats are often transnational in nature, requiring coordinated efforts at the international level. Governments and international bodies are promoting cooperation among countries to address common cybersecurity challenges, harmonize cybersecurity standards and regulations, and enhance cross-border collaboration in incident response and threat mitigation, as seen in a few frameworks set up in Asia.
• ASEAN CERT Incident Drill (ACID) framework The Association of Southeast Asian Nations (ASEAN) established the ACID framework to enhance regional cybersecurity cooperation. It involves conducting simulated cyberattack scenarios to test the response capabilities of Computer Emergency Response Teams (CERTs) across ASEAN member states. This initiative aims to strengthen incident response mechanisms and foster collaboration in addressing cyber threats.
• APCERT (Asia Pacific Computer Emergency Response Team) APCERT is a collaborative initiative among CERTs in the Asia-Pacific region to enhance cybersecurity readiness and incident response capabilities. It facilitates information sharing, capacity building, and coordination among member teams to mitigate cyber threats effectively. Through regular meetings, training programs, and joint exercises, APCERT promotes regional cooperation in combating cyberattacks.
• APEC TEL CERT Incident Drill (TELID) The Asia-Pacific Economic Cooperation (APEC) Telecommunications and Information Working Group organizes the TELID framework to promote cybersecurity cooperation among APEC economies. This initiative focuses on conducting cybersecurity incident response drills to enhance the preparedness of CERTs and relevant stakeholders in the region. By simulating real-world cyber incidents, TELID aims to improve coordination and collaboration in addressing cyber threats across APEC member economies.

“In its Global Risks Report for 2024, the World Economic Forum has identified AI-generated misinformation/disinformation and cyber insecurity as among the top risks facing the global community. In addition to direct damages, cybercrime creates an enormous barrier to digital trust, undermines the benefits of cyberspace, increases global inequality, and hinders international cyber-stability efforts. To truly strengthen cyber resiliency, the federal government, state and local governments, quasi-governmental entities, and the private sector must work closely together, particularly to understand changing vectors for disruption and the potential cascading effects that a single entity may not be able to anticipate or mitigate.

Fortinet is a founding member of the Cyber Threat Alliance, an organization of cybersecurity providers and practitioners focused on sharing critical threat intelligence to raise the level of security for organizations globally. We are also an active member of the World Economic Forum (WEF) and a founding member of its Centre for Cybersecurity. We are also a research partner in the MITRE Engenuity: Center for Threat Informed Defense, a member of the Forum of Incident Response and Security Teams, and a partner with INTERPOL: Project Gateway and NATO NICP, where we collaborate on intelligence sharing on cyberthreats and respond to breaking requests for intelligence as new cases emerge.

Recently Fortinet collaborated with Microsoft, PayPal, and Santander to launch the Cybercrime Atlas an interactive platform to assist national and international law enforcement agencies, cybercrime investigators, and global businesses in the gathering and sharing of global threat information, generating policy recommendations, and identifying opportunities for coordinated action to fight cyberthreats and disrupt cybercrime,” said Vivek Srivastava.

Mukund Wangikar said, “Governments and international bodies recognize the crucial importance of collaboration and information sharing among cybersecurity stakeholders to effectively address the dynamic challenges posed by cyber threats. To foster such collaboration, several steps are being taken. Foremost, there’s the establishment of information sharing platforms where cybersecurity stakeholders, including government agencies, private sector organizations, academia, and non-profit entities, can exchange threat intelligence, best practices, and mitigation strategies in real-time. Additionally, public-private partnerships (PPPs) are being forged to jointly address cybersecurity challenges, leveraging the strengths of government agencies and private sector organizations to enhance cybersecurity resilience. Efforts are also made towards standardizing and harmonizing cybersecurity practices across borders through initiatives like the NIST Cybersecurity Framework and ISO/IEC 27001, promoting interoperability and collaboration. Furthermore, governments are organizing cyber exercises and drills to simulate cyber attack scenarios, fostering collaboration and coordination among participants. Moreover, International agreements and treaties are facilitating information sharing and mutual assistance, while capacity building programs and technical assistance initiatives are helping strengthen cybersecurity capabilities worldwide. Threat intelligence sharing networks and cross-border collaboration centers further facilitate rapid information sharing and coordination during cyber incidents, serving as focal points for international cooperation.”

Due to rise in cyberattacks on various infrastructures, initiatives like India’s Cyber Surakshit Bharat program, developed in partnership with industry, bodies like Indian Cyber-crime coordination centre ( I4C) , National Cyber security coordination centre ( NCCC) demonstrate a proactive approach to enhancing cybersecurity infrastructure. Additionally, recent events such as the Global Cooperation and Training Framework (GCTF) and the global guidelines published by UK to ensure the secure development of AI technology, was endorsed by agencies of 18 countries, including the US, Singapore, Japan and many more highlight growing international collaboration in cybersecurity. By promoting collaboration and embracing innovation, stakeholders can collectively mitigate cyber risks and ensure a resilient digital ecosystem, according to Himanshu Kumar Gupta.