Security

Organizations need to rethink their security approach and align it with the present business landscape: NTT

CISOs are constantly focusing on adapting to the new environment and create security strategies that can proactively deal with any risks.

Many businesses are still unprepared for deterring actual cyber-related attacks against their network, because security has been the most sensitive area of concern for them.

Businesses can reduce the risks by implementing new IT security infrastructure, and by requiring employees to follow policies and protocols to maintain data security and privacy, wherever their physical locations.

In an interview, Rishikesh Kamat, Vice President – Products and Services, NTT Global Data Centers and Cloud Infrastructure, India, tells how NTT is ensuring security of the client IT infrastructure.

Excerpts:

DQ: Why do organizations need to rethink their security approach and align it with the present business landscape?

Rishikesh: Cyber-threats and security have been a priority for enterprise technology teams in the digital era. The outbreak of the pandemic last year and its continued spread has increased the demand for security solutions tremendously. Almost every business including sectors that were traditionally run offline have been compelled to move online.

The rapid adoption of remote working has created a huge impact on enterprise security. 
A survey by software firm Hiver indicates that about 60% of the Indian companies were targeted by email-based security threats on a weekly basis. Researchers from Palo Alto’s Unit 42 team found that out of the 1.2 million newly registered domains related to COVID-19 between March and April 2020, as many as 86,600 displayed malicious intent.
Revamping enterprise security to proactively handle the challenges of a hybrid work environment is an absolute necessity in this high-risk environmentThe new paradigm is that it is a given that any organisation will get hacked into, irrespective of its current security posture.
Hence organisations need to start investing efforts into detective and corrective measures that help mitigate the adverse impact of any breach that has broken through the current protection mechanisms. Latest technology tools organizations can leverage to safeguard against data theft and data breaches.

The digital and work-from-home switch has led to a change in not only the work processes, but also the priorities in most organizations. CISOs are constantly focusing on adapting to the new environment and create security strategies that can proactively deal with any risks.

Here are some of the tools that we recommend for the security best practices in the new normal:

Securing remote workforce: The International Information Systems Security Certification Consortium (ICS)2 indicates that about 23% organizations have experienced higher instances of cybersecurity risks since switching to remote working.

The demand for secure logins in a WFH scenario is huge. We thus recommend a cloud-based zero trust framework instead of a VPN. Another option is to go for virtual desktops through which company data and applications can be accessed by the employees.

Avoiding third party apps: A survey by security firm CyberArk found that 77% of remote employees use unsecured devices to access company systems. Companies need to guard against such practices by allowing access through only the pre-approved devices which have the necessary security solutions and applications installed on them.

Adherence of company security policies: Organizations must constantly sensitize their employees on security policies and habits such as changing their passwords frequently. They must be advised against clicking on any suspicious or unverified emails. It has to be realised that just one click on phishing mails can provide hackers an entry into the corporate network. It is also important to avoid usage of unsecured social media channels and apps for corporate communication.

Strategic software updates: Outdated software can prove to be a weak link that hackers can exploit to access the corporate network. Organizations can overcome this challenge by using remote cloud-based automated patch management solutions or MDM solutions to push updates to remote devices.

Data backups: It is important to constantly back up organizational data either on cloud or on secondary storage locations. This will help an organization recover data and resume operations even if a ransomware attack takes place.

DQ: Why monitoring security needs to be an ongoing effort for companies now and in the future?

Rishikesh: Cyber-threats are constantly on the rise and the sophistication of the attacks is also increasing by the day. Therefore, it is imperative for companies to constantly upgrade their threat detection and response systems. The need of the hour is to have proactive security tools in place which provide real-time monitoring and response.

We are witnessing a lot of demand for services bundled with features such as commercial threat intelligence, orchestration and automation, threat hunting and 24×7 alerts, as well as analysis of threats and recommendation of remedial steps. Constant monitoring is going to be an integral security strategy for all companies going forward.

DQ: How through various services/WFH resources NTT is ensuring security of the client IT infrastructure or any other related queries that you might have with regards to the same.

Rishikesh: Remote working and other innovative digital business models are rapidly erasing workplace boundaries. Borderless technologies such as cloud have made it necessary for organizations to do away with the old perimeterbased security approach.
This is where NTT has introduced Zero Trust solutions. These include secure application access, securing the organization’s main DNS, and solutions which allow ‘need to know access and monitoring.’ There is a robust monitoring of privileged activities while creating, deploying and enforcing privileged account security policies.
There is also the Enterprise Application Access service which is a unique cloud architecture that closes all inbound firewall ports and allows access to the internal applications as per need basis to only the authorised users and devices. We also offer DAM-as-a-Service to continually monitor all data access in real time and protects against internal as well as external threats through timely identification of data risks.
NTT’s Enterprise Threat Protector (ETP) allows organizations with an emerging security approach to swiftly deploy robust and effective security solutions which don’t disrupt their network and require minimal management.

Leave a Reply

Your email address will not be published. Required fields are marked *