Industrial Automation Magazine India

The war is between AI-enabled products and AI-enabled hackers

Published on : Monday 01-02-2021

Mohit Kohli, Founder, Foresiet and former Vice President – Accenture.

The number of cyber-attacks in India increased drastically in 2020 according to a leading expert. How serious is the threat?
Not every battle starts from air, ground or water. These days some of the fiercest attacks are happening among computer networks in the most silent form. The Digital Age has transformed the weapons into the most sophisticated digital tools, opening a whole new playing field of vulnerabilities with the unlimited threat landscape during pandemic.
 
Covid-19 has turned into a digitisation catalyst and has taken the journey to next level in just a couple of months. This will be considered as a precedent to develop strong cybersecurity strategies.  
 
Cyber-attacks in India have increased multi-fold during the pandemic. India is among the top 5 most attacked countries. Indian companies have seen nearly 7 lakh cyber-attacks in 2020 affecting multiple sectors – Financial, Retail, Manufacturing, Government, etc. Remote work has fundamentally changed the dynamics, especially for teams habituated to working side-by-side every day. Unexpected changes can seed and drive security risks, especially where we fail to recognise this change and adapt to this new way of conducting business. Moreover, employees working from home rarely have the same firewalls, network-based intrusion detection, and other defence integral to the offices we are all accustomed to working from. Which means even a strong security fort can be easily bypassed by alluring the last mile user, causing the enterprise to come to a standstill and have a cascading impact on the value chain. In case of Healthcare and Oil & Gas, the impacts would lead to life threats. 
 
Imagine Covid Vaccine Cold Storage is controlled by state actors or criminals making the distribution process at risk. Even a simple phishing link can change the story and turn it upside down! New challenges on Covid-19 Vaccine Supply Chain from factories in one country to internet-connected fridges in another for cold storage. Creating new pressure on doctors' surgeries, IT systems, and sometimes small providers who play a critical role.
 
An organisation has various business processes as part of a value chain that takes a product to the customer. In a recent breach it was evident that 60% are accounted for due to partners/suppliers and risk is transferred during the value chain and can even have catastrophic national impact.
 
With the advancement in the IoT, billions of new devices are connected to the internet in the most unmanaged way leading to the potential threat to everyone in the least expected time. The challenge gets worse when devices are made available; without security controls or not managed thoughtfully. Many of the IoT devices act as the weakest link for the entire enterprise.
 
What are the most common cyber threats and how best can companies counter them?
The adoption of modern technology is challenged by the increase in cybersecurity threats that target the Operational Technology community. In the current Threat Landscape, threats range from Nation-State, Organised crime for financial motive, Hacktivist, Insider Threat, to many more. China, North Korea and Russia are suspected of aiding state-sponsored cybercriminal activities; have shown interest in breaching India’s security. A few examples:
 
1. We have seen an exponential rise in sophisticated social engineering techniques with the motive of cyber-espionage. Cybercriminal groups attempt to take advantage of vulnerable employees (enterprise users or users from supplier/vendor, etc.), who are unfamiliar with managing their technology environments. It is one of the most effective attack vectors because it exploits human behaviour and our tendency to trust one another. India has noticed a rise in Credential stuffing attacks this year using sophisticated phishing campaigns. 
 
2. Endpoint threat has increased exponentially due to new remote working mode. Ransomware attacks were launched this year as a lethal mass weapon that made large-scale organisations, cities, local governments, and healthcare organisations to easily shut down. India reported twice as many attacks as any other country, followed by the US and the UAE.
 
3. India demonstrates the highest rates for attacks on the videoconferencing platform.
 
4. We have seen targeted attacks on countries to infiltrate the vaccine design data for financial motives by state actors. 
 
Organisations must switch from detecting to predicting cyber breaches with a multidimensional approach covering – Secure Mindset, Secure Last mile remote users, secure network access, secure work environments, and secure collaboration.
 
While cybersecurity is now important, are companies paying adequate attention to the physical safety of its personnel and assets?
Of course the physical safety of its personnel and assets are gaining attention. Executives may want to loosen the purse strings when it comes to cybersecurity investment because the spend is paying off – including in ways beyond regulatory compliance and act as a catalyst to the digitalisation journey.
 
Physical safety is one of the recent contributors to the cybersecurity budget due to changes in the threat landscape. Portability and mobile access are the key enablers of Business allowing information to be lost or stolen easily making it more vulnerable. 
 
Adoption of a virtual desktop is seeing the new trends where the organisation has much more control and can baseline security easily. This new dynamic shift changes the Operating model from centralised to decentralised making more focus on the last miles with a new set of solutions coming up to protect end-users and assets. Organisations are bringing technical and administrative elements as part of the physical safety of the personnel and assets.
 
How can companies effectively counter the various threats ranging from perimeter security to workplace safety, theft and sabotage, etc., with effective use of technology?
Remote working has imposed a great magnitude of threats which means a new standard to be developed to protect the endpoints. Companies spending on cybersecurity do not necessarily correlate with the level of protection. Enterprises need to build a strong borderless security approach due to the decentralised nature of business, with measures like: 
a. Deploy AI enabled endpoint technology solution for new remote way of working
b. Build digital risk quantification with threat advisory across the value chain  
c. Multidimensional real-time phishing protection till the last mile
d. Context-Specific Active Threat Sharing (CATS) between the enterprise nodes to safeguard the decentralised endpoints 
e. Enable movement from Detection -> Prevention to Prediction-based approach 
f. Leverage DOTS (DDOS Open Threat Signalling) mechanism to prevent last-mile attacks.  
g. Reduce total cost of ownership using the contactless self-healing security module.
 
Talking specifically about process industries where the stakes are high, how adequate are the counter measures against such threats?
In the case of Industry 4.0, the Digital Supply network, Smart Factory, connected objects, connected customers impose greater risk posed by cyber threat. According to a recent study the total critical resources or assets offered on the Dark Web, 14% were from the manufacturing sector.
 
Manufacturing companies are an interesting target for cyber-attackers due to the various challenges such as convergence of IT/OT, the interconnectivity of large systems, integration of legacy technologies, delivery pressure, and many more. The stakes are high and the security environment is complex, with a wide attack surface. Adversaries know this.
 
Trends show rise in threats on manufacturing with 679%, 86% of the cyber-attacks are targeted with financial gain (53%) and industrial espionage (47%) are the main motives behind cyber-attacks on the manufacturing industry. 
 
We are seeing a clear shift from Cybersecurity to Cyber Resilience. Both increasing IT/OT integration imposed by raising business requirements and cutting-edge security capabilities sourced in different delivery models result in developing a very wide and complex environment to protect. The industry is not only getting better at identifying cyber threats but is also responding and dealing with them faster. Business needs to ensure security is deep-rooted in the organisation's DNA. There is no silver bullet to confront cyber threats as it is continuously evolving. Hackers leverage AI-enabled engines to guess and predict the next move of the Enterprise protection engine; which means the war is between AI-enabled products and AI-enabled hackers.  
 
What could be the ideal approach for comprehensive safety solutions for a typical industrial plant?
Businesses need to shape themselves to meet the new way of working during a pandemic. Take the attacker’s view. Risk reviews and vulnerability analyses must not focus solely on the value of the information to the company and the ascertainable gaps in its defences. The profiles of potential attackers are also important: Who wants the organisation’s information? What skills do they possess? Thinking about likely attackers can help identify new gaps and direct investment to protect the information that is most valuable to the most capable foes.
i. Understand the Business Value chain with the closed mapping of various threat actors. 
ii. Develop a cyber resilience framework to respond and mitigate attacks proactively. 
iii. Deploy a high-quality detection and response solution which can slash the time of noticing an attack from months to minutes.
iv. Develop a holistic risk Quantification approach.
v. Get contextual visibility into environment and security status.
-Attack Surface reduction
-Implement adaptive Zero Trust model
vi. Develop Strongly focus on the industrial control system cyber kill chain for IT & ICS
vii. Develop a Multi-faceted, defense-in-depth approach. Define architecture pattern to minimise the threat landscape considering ICS and legacy platform.
viii. Including security-by-design during the digital transformation journey. 
ix. Human error-free model leveraging intelligent monitoring and analytics.
 
(The views expressed in interviews are personal, not necessarily of the organisations represented)
 
Mohit Kohli is a passionate Digital Transformation security leader and has provided a unique solution and framework in the areas of Information, Cyber, IoT & Cloud Security. Mohit has led various Global security initiatives for Smart City & Smart Governance, Utility, Smart Transportation, Federal Public Safety, Smart Banking and other Large enterprises. Mohit has helped organisations build strong practice to deliver customers a risk-free, efficient, innovative and cost-effective IT Security solutions by focusing on convergent technology practice areas.