Exclusive Interaction with Mr. Sumit Srivastava – Solutions Engineering Director, CyberArk India

Cyber-attacks have become more complicated and focused in a world where technology is advancing at an unprecedented rate. Ransomware operators and spammers, in particular, have polished their talents in attracting victims by exploiting hot-button problems and popular themes. Businesses and organisations all around the world are opting for cyber insurance as the cybersecurity landscape gets more difficult and demanding. Nevertheless, the hype around ChatGPT and AI is expected to grow rapidly. Security threats linked with this new disruptive technology are projected to rise in the near future as well. So, to understand these threats in more details, we had an interaction with Mr. Sumit Srivastava – Solutions Engineering Director, CyberArk India.

CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads, and the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

So, here’s how the interaction went:

1. What specific tactics are ransomware operators and spammers using to attract victims?

In the realm of cybersecurity, it is essential for everyone to stay informed about the tactics employed by ransomware operators and spammers to attract victims. CyberArk emphasises the importance of understanding these tactics to effectively protect organisations and individuals.

Some specific tactics used by ransomware operators and spammers to attract or trick victims are-

• Social Engineering Techniques: Ransomware operators and spammers often leverage social engineering tactics to manipulate human psychology. They craft convincing phishing emails, messages, or websites that impersonate legitimate entities like banks, government agencies, and well-known brands.
• Urgent and Fear-Inducing Messages: Ransomware campaigns often employ fear to prompt victims into taking quick actions without thinking. Spammers might send messages with urgent subjects like “Your Account Has Been Compromised” or “Immediate Action Required.”

• Malicious Attachments and Links: Ransomware operators frequently send emails with infected attachments or links to malicious websites. These attachments could contain malware payloads capable of infiltrating systems.
• Ransomware-as-a-Service (RaaS): Some ransomware operators offer their malicious software as a service to other cybercriminals, enabling a wider range of attackers. CyberArk highlights the significance of monitoring the threat landscape for emerging RaaS campaigns and continuously updating security measures.
• Multi-Vector Attacks: Cybercriminals combine various attack techniques, such as phishing, malware distribution, and exploitation of vulnerabilities, to increase their chances of success. CyberArk advocates a multi-layered security approach to defend against these complex attacks.

2. How is the rise of AI and technologies like ChatGPT expected to impact the cybersecurity landscape?

The emergence of artificial intelligence (AI) and technologies such as ChatGPT is making substantial changes to the realm of cybersecurity. AI and machine learning have permeated our daily lives. From accurate medical diagnosis to AI-powered voice assistants, these technologies provide economic benefits and beneficial outcomes.

AI and technologies such as ChatGPT are changing cybersecurity. They provide powerful tools while also introducing new obstacles. While AI programs are largely intended to help humans, they can potentially have undesirable consequences. In short, they are a double-edged sword. The cybersecurity profession is already confronted with issues, and CyberArk’s research indicates that AI tools may compound cyberattack risks. Rookie attackers may raise the severity of cyber-attacks with freely available AI tools.

The interaction between humans and artificial intelligence is complicated. To defend against AI-based risks, businesses should safeguard all identities, both human and machine. Collaboration with the appropriate cybersecurity experts is critical. To combat growing threats, organisations must look for vendors who are investing in R&D. This collaboration is critical for ensuring a secure future.

3. What are some of the best practices organisations can implement to prevent ransomware attacks and protect their sensitive data?

To safeguard against ransomware attacks and ensure the protection of sensitive data, organisations should implement the following best practices, considering the dynamics of modern IT environments and the evolving security landscape:

• Embrace Zero Trust Philosophy: Recognise that identities are pivotal in the defence against threats. Adopt a Zero Trust approach where trust isn’t granted based on location or network position. Identity security forms the cornerstone of this strategy. A strong identity foundation ensures that only authorised users gain access to critical resources, mitigating the risk of unauthorised access and ransomware infiltration.
• Strengthen Identity Security: Acknowledge the significance of identity management in maintaining a robust security posture. Respondents to a recent CyberArk survey have emphasised that identity management (97%) and endpoint security/device trust (99%) are pivotal in supporting the Zero Trust model. Implement multi-factor authentication (MFA), strong password policies, and secure identity validation processes to ensure only legitimate users access sensitive data.
• Implement Least Privilege and Just-In-Time Access: As part of the identity security strategy, prioritise least privilege principles. Restrict users’ access to the minimum resources required for their roles. Adopt Just-In-Time access, where users are granted temporary access only when needed, reducing exposure to potential threats. These practices prevent attackers from moving laterally within the network and limit the damage in case of a breach.
• Automate Access Management: Consider the automatic provisioning and de-provisioning of access to resources. When users change roles or leave the organisation, their access should be promptly adjusted or revoked. Automation reduces the chances of overlooked or lingering access, minimising the attack surface for potential ransomware attacks.
• Collaborate with Trusted Partners: Recognise that cyber threats are continuously evolving. Leverage the expertise of trusted cybersecurity partners to forecast and design solutions for future cyber risks. This collaboration ensures that the defence strategies remain relevant and effective, even against advanced ransomware threats.

Hence, the modern IT landscape demands a proactive and holistic approach to ransomware prevention. By aligning with Zero Trust principles, enhancing identity security, implementing access controls, and collaborating with trusted partners, organisations can significantly reduce the risk of ransomware attacks and protect their sensitive data.

4. How does identity compliance play a role in ensuring the security of organisations’ systems and data?

In today’s cybersecurity landscape, data breaches and cyber-attacks are on the rise, growing more frequent and sophisticated. Identity compliance serves as a fundamental tool for organisations to counter these threats. It ensures that employees and users follow both internal and external regulations and policies, forming a crucial line of defence against potential security risks.

Identity compliance helps organisations identify and prevent security risks and vulnerabilities by enforcing proper access controls and verifying the identity of users. As the frequency and complexity of data breaches and cyber-attacks increase, identity compliance becomes instrumental in identifying and thwarting security risks.

By enforcing strict access controls and verifying user identities, organisations can significantly reduce vulnerabilities and prevent unauthorised access to sensitive data and systems:

• Compliance with regulations such as GDPR and CCPA is crucial to avoid costly penalties and reputational damage. Compliance with these regulations is essential not only to avoid substantial financial penalties but also to protect an organisation’s reputation. Failing to uphold identity compliance can lead to dire consequences, both in terms of legal repercussions and damage to public perception.
• CyberArk’s solutions for identity compliance focus on privileged access management, managing and monitoring user activity, and implementing strong authentication and authorisation policies. CyberArk offers comprehensive solutions designed to ensure identity compliance. This includes privileged access management, effectively controlling and monitoring users with high-level access. Managing and monitoring user activities are critical aspects of maintaining identity compliance, alongside enforcing robust authentication and authorisation policies.
• The end goal is to minimise the risk of insider threats and external attacks by ensuring that each user only has access to the specific resources they need to perform their job functions securely. By meticulously managing identity compliance, organisations aim to mitigate the risks posed by both insider threats and external attacks. This detailed approach reduces the attack surface and minimises the potential impact of security breaches.

Identity compliance is paramount for maintaining the security and integrity of an organisation’s sensitive information. It not only ensures adherence to regulations but also contributes to a robust security posture that safeguards the organisation’s systems and data from a myriad of cyber threats.

5. Can you discuss the role of cyber insurance in mitigating the financial risks associated with cyberattacks?

Cyber insurance, also known as cyber liability insurance, plays a crucial role in mitigating the financial risks associated with cyber-attacks and data breaches. It provides businesses with valuable financial protection against the increasingly complex and damaging cyber-related risks that modern organisations face. This insurance serves as a safety net, helping businesses cover the substantial costs involved in responding to and recovering from cyber incidents.

According to CyberArk’s 2023 Identity Security Threat Landscape Report, more than nine in 10 Indian organisations (91%) surveyed, experienced ransomware attacks in the past year, and 55% of affected organisations reported paying up twice or more to allow recovery, signalling that they were likely victims of double extortion campaigns.

The evolving threat landscape has implications for the insurability of organisations. Rising incidents of cyber-attacks, especially ransomware, have led to higher premiums for cyber insurance policies. This emphasises the importance of proactive cybersecurity measures and the role of cyber insurance as a financial safeguard.

Given the escalating threats and the potential impact on insurability, organisations must adopt a multifaceted defence strategy. Identity Security, with its focus on protecting and managing user identities, forms a critical layer in this strategy. By implementing robust identity controls, organisations reduce the risk of successful cyber-attacks and enhance their eligibility for cyber insurance. A solid identity security foundation bolsters an organisation’s overall security posture, making them better equipped to manage cyber risks and ensuring the effectiveness of their cyber insurance investment.

6. With the cybersecurity landscape becoming more challenging, what are the key reasons businesses and organisations are opting for cyber insurance?

The escalating challenges within the cybersecurity landscape have driven businesses and organisations to opt for cyber insurance for several key reasons:

• Rising Prevalence of Ransomware Attacks: CyberArk statistics reveal a concerning reality: more than 90% of Indian organisations surveyed, experienced ransomware attacks in the past year. Of these, over half resorted to paying ransoms, indicating the alarming prevalence of these attacks. Cyber insurance serves as a shield to manage the financial consequences of ransomware incidents, which can lead to substantial losses.
• Impact on Insurability and Premiums: The evolving threat landscape has influenced the insurability of organisations. CyberArk statistics shows that 30% of Indian organisations faced higher cyber insurance premiums in 2023 compared to the previous year. With cyber-attacks like ransomware becoming increasingly sophisticated and damaging, obtaining coverage or maintaining affordable premiums has become a challenge.
• Reinforcing Security Posture: Given the potential financial consequences of cyber incidents and the challenges in obtaining insurance coverage, organisations are focusing on strengthening their security posture. This involves adopting a defence in depth strategy centred on Identity Security. By implementing robust identity controls and protection mechanisms, organisations enhance their eligibility for cyber insurance coverage and reduce the risk of successful cyber-attacks.

The decision to opt for cyber insurance stems from the need to mitigate the substantial financial risks associated with cyber-attacks and data breaches. The adoption of a comprehensive defense strategy, particularly focusing on Identity Security, not only bolsters an organisation’s security posture but also enhances its ability to effectively leverage cyber insurance in today’s challenging cybersecurity landscape.