Published on March 29, 2022
On March 23, 2022, Dr KPS Sandhu, CTO, Cybersecurity Practice at Tata Consultancy Services, addressed an EDGE webinar, where he shared valuable insights on personal and enterprise-level cybersecurity.
In the webinar titled 'Protecting Oneself and the Enterprise from Security Attacks', Mr Sandhu explained the essence of security tooling and the mindfulness you need to bring to the table while following best practices to protect oneself and the enterprise from emerging cyber security attacks. The emphasis was laid on implementing practical steps and tools to improve your cyber security awareness.
This is a time of significant change for the cybersecurity industry. What started as "computer security" 25 years ago has evolved into "information security" as information technology (IT) has permeated all aspects of our lives, from our personal computers to the cloud and mobile devices.
The past few years have seen the introduction of a new term: "cybersecurity." This term reflects that the security industry has now broadened its focus from protecting corporate networks and enterprise IT systems to safeguarding all aspects of cyberspace.
Cyberattacks are on the rise. And as attackers become more sophisticated, they are increasingly able to penetrate even the most secure networks. Today's evolving cyber threat landscape is not just about data breaches and ransomware but also about attackers using malicious attacks to access your critical data.
According to Verizon's Data Breach Investigation Report (DBIR), 2021, Social engineering is the most common pattern in breaches. It includes details about how attackers use tactics like spear-phishing and business email compromise (BEC) scams to trick unsuspecting victims into giving them access to their sensitive data.
Hackers are increasingly using artificial intelligence (AI) and machine learning, for instance, to perform tasks like crafting personalised emails and phone calls to persuade targets into clicking on malicious links or handing over sensitive information.
While there have been numerous developments in protection mechanisms, security is still a significant concern for both individuals and large enterprise organisations.
The malware industry has evolved from a hobbyist effort to an organised, legitimate business, complete with marketing departments and customer support. The result is that would-be criminals have access to easy-to-use packages to carry out attacks without requiring a deep understanding of computers or programming.
It is essential to understand what kind of risks your network faces to make sure that you have the right technology in place to combat those threats when they arise.
There are specific tips for protecting yourself and your enterprise from cyber-attacks which include:
- Know the latest attack methods and techniques like phishing, spear phishing, gamification and ransomware.
- Understand the types of social engineering and the growing use of AI in taking these attacks to the next level.
- Learn best practices like installing antivirus software on all computers, limiting access to sensitive data by only allowing users who need this information, encrypting all files both at rest (in storage) and in transit (while being sent over the wire), keeping all devices up-to-date with patches, using strong passwords and multi-factor authentication, performing regular backups of all data in case something happens where they need to be restored, setting up firewalls and so forth.
The webinar indeed revealed terrifying insights about how simple it has become in hacking networks, whether personal or enterprise-level, with advancements in techniques and processes used to render the system vulnerable to threats. It caught the attention of the attendees, and an interesting Q&A round concluded the session.