Fortinet® the driving force in the evolution of cybersecurity and the convergence of networking and security solutions, and CNBC-TV18 present Securing Your Digital Journey, a series of industry-focused panel talks with cybersecurity professionals from across industries who will analyse the threat landscape and its risks to businesses. In a panel discussion moderated by Gautam Srinivasan, Nayan Desai, Chief Information Officer, WNS, Vishak Raman, Vice President of Sales, India, SAARC, and South-East Asia, at Fortinet and Rishi Rajpal, Vice President Global Security, Concentrix talk about protecting the modern workforce and the reliance on zero trust to identify users and devices to provide secure authenticated access to networks.

Share Market Live

NSE

Organizations of all sizes are adopting Zero Trust as a corporate security strategy to enable digital acceleration, support remote and hybrid work, and reduce risk. A Zero Trust security model assumes that anything or anyone trying to connect to your network is a potential threat, so every user must be verified before permission is granted to access critical resources. This verification applies regardless of whether the user is trying to access those resources remotely or is already within the network perimeter, helping to ensure a higher security posture for organizations with a hybrid workforce in particular.

Work-from-anywhere (WFA) endpoints remain targets for cyber adversaries to gain access to corporate networks. As per FortiGuard Labs Threat Landscape Report, 10,666 ransomware variants have been identified compared to just 5400 in the previous six-month period, a nearly 2x growth in variance in half a year.

The real question is how do you do the trade-off between availability and security? Setting the tone and highlighting the threat landscape Vishak Raman said, "That’s what the defenders are actually challenged with. And to commensurate with that looking at the FortiGuard Labs Threat Report which got published in August 2022, we saw some interesting trends; growth in 'wipers' - a malware designed to delete data when it actually explodes into their computers. The way these wipers have actually proliferated is quite interesting, and they have proliferated across operational technologies, and they are getting into air gap environments. We saw the rise of Log4J a threat that was found out in August last year. That exploitation is continuing. It is a perfect storm that is brewing out there and it’s an uneven battle in terms of maintaining a balancing act between protecting services, availability of those services and defending assets against these relentless targeted attacks.”

With the rise in ransomware and targeted attacks, what should be the new posture for cybersecurity, considering India is the sixth-most breached country across the globe? Shedding light on this Rishi Rajpal says, "Security needs to transparently move, irrespective of the user location. It's easier said than done since a large amount of the workforce that worked in brick-and-mortar stores has shifted to remote working. We have to invest in technology significantly to ensure security remains the same and the trust of the devices is continuously verified before it is allowed access to an application or resource on the company network.”

Research shows that threats from inside the company account for about 43% of data breaches and the very people who are closest to the data or corporate assets can often be a weak link to a company's cybersecurity program. Rishi Rajpal adds “However, there's also a human factor involved. When working remotely, social engineering becomes an exponential threat. So, continuously educating the users on the latest threat landscape and how a human element can be exploited has big importance to play in the overall threat landscape."

Shedding light on this Nayan Desai says, "Human element is less about deliberate malicious actions and more about a judgmental error made by simple people who fail to apply basic control such as a strong password or falling prey to seemingly legitimate emails and web clicks, leading to credential theft or remote code execution at their endpoint. Individual organizations can use the security culture maturity model to visualize their current level of cybersecurity culture. They can also identify target groups that require special attention and guidance. By conducting simulated phishing attacks, they can pinpoint the most vulnerable users and single them out for education."

Speaking about implementing a zero-trust model and what it has to offer for CISOs looking to make their networks more resilient to fuel growth and innovation Rishi Rajpal says, “Zero trust is just in time access to the right device, right user and access to the right resource. Traditionally we all worked on VPNs which granted users much more access than what we would like them to have. Zero trust helps organizations define the access they would like to provide a user at a given time. Another important aspect is continuously checking the posture. Access should not be persistent and because your posture is getting checked at periodic intervals continuously the moment you become non-compliant you are not part of the network at all. This is one of the use cases which is really required with a hybrid workforce.”

According to a survey from Fortinet although many organisations have a vision for zero trust that vision isn't necessarily being translated into the solutions, they are able to put in play. Shedding light on how organisations can promote cross departmental collaboration and remove the silos to ensure security Nayan Desai, says, “One of the keys to succeeding with zero trust remains something companies arguably have the most control over, that is collaboration across the organization. Communication typically across of siloed teams remains a challenge. IT teams may feel that security organizations slow them down and ignore their concerns. Oftentimes the reality is that security teams are red lined with keeping the wheels on and zero-trust can be described as changing the tires while the car is still moving.”

As both threats and networking become more complex, the tools to manage network security have become more unwieldy. So, what is the best approach to security is it Best of Breed solutions or an Integrated Platform Approach? Vishak Raman concludes “Gartner, in the year 2022 published a ‘why customers will move from a point product to a Platform-based approach’ it’s because the benefits are immense. Security has evolved with point product approach because we had point problems. There were a huge number of alerts coming from these point products. A Platform-based approach brings it all together across four key pillars which are, users and devices that includes end points and IT/OT devices, cloud, network, and application. It minimises your alert fatigue and the effort required to do console hopping. It’s high time to choose a Platform based approach with an integrated fabric approach to integrate and get all of this threat intelligence flowing back to your setup.”

It is time organizations took a strategic, converged approach to security and networking. Successful CISOs will understand that when done strategically, security can create new opportunities to improve productivity, accelerate time to market, promote innovation and agility, and deliver on all the promises of digital transformation. When security and networking are put together, these benefits can only multiply.

Watch the discussion here

This is a Partnered Post