Home Interviews “Best way to handle malware attacks is automation and continuous monitoring”

“Best way to handle malware attacks is automation and continuous monitoring”

Wahab Yusoff

Wahab Yusoff is a veteran in the information technology industry. The Vice President, Asia, of ForeScout Technologies Inc. has assisted a number of organizations in establishing and growing their operations in the Asia Pacific Region. In an exclusive conversation with CISO MAG’s Rudra Srinivas, Yusoff talks about his role in the organization, the rapidly expanding Internet of Things market, and the need of implementing cybersecurity measures during a technology partnership.

First of all, I would like to congratulate you on your appointment as a member of the Future Economy Council’s leadership team. How has been the journey in the field of information security so far?

My journey in cybersecurity has been very rewarding. For over 25 years, I have been focused on helping businesses secure themselves and grow in the Asia Pacific region. Technology is advancing rapidly, and the threats that come along with it are constantly evolving. It’s a very fast-paced industry that has kept me on my toes.

In addition to my position as Vice President of Asia at Forescout Technologies, I have also been appointed as a member of Singapore’s Future Economy Council in November last year. As technology has a key role to play in charting the direction for Singapore’s future, I hope to share my expertise, particularly in the realm of cybersecurity, and ensure the protection of assets as the government looks to leverage advanced technologies to propel Singapore’s economy forward.

As a security leader, what are the challenges you face while enforcing cybersecurity strategies at ForeScout Technologies?

Visibility remains a top cybersecurity challenge for businesses across the globe. Malicious actors are constantly evolving and will try to find a way in through any device, known or unknown, as long as they are connected to the network. In many instances, attacks take place because an organization lacks visibility and is unable to protect assets that they don’t realize are connected to their network.

According to a research from McAfee, there is an increase of 73 percent in malware targeting IoT devices. Do you think that the businesses in the Asian countries are prepared to handle malware attacks?

Asia is highly complex and diverse in terms of their cybersecurity preparedness. On one end of the spectrum, there are developing countries that are just starting on their digitalization journey. On the other hand, we have countries that have already set up government agencies dedicated to overseeing the country’s cybersecurity strategy, operations, education, outreach, and ecosystem development, such as the Cyber Security Agency of Singapore and CyberSecurity Malaysia.

On a corporate level, the best way for businesses to effectively handle malware attacks is to leverage automation and continuous monitoring to minimize the likelihood of such attacks and ensure good execution of cybersecurity best practices. Automation will enable businesses to offload time-consuming and unnecessarily burdensome tasks and retool a portion of their workforce, resulting in stronger cybersecurity programs.

The proliferation of IoT devices has led to complexity and newer threats to several businesses. How can the IoT devices be protected from new and evolving threats?

The growth of enterprise IoT devices and operational technology (OT) is tremendous. This adds a layer of complexity, as businesses need to ensure that all of their devices are compliant with cybersecurity measures set out by the business. As the use of network-connected devices grows, businesses also need to ensure that all of their devices are secure to prevent malicious actors from accessing their entire network infrastructure – and it only takes one device and one attempt for a breach to be successful.

Cybersecurity will therefore become an integral component. Businesses will have to ensure that they, first and foremost, have device visibility and control across their entire network in order to mitigate cyber-attacks. This way, businesses have the ability to see devices the instant they connect to the network and assess for vulnerabilities and malicious activity. After which, businesses can also classify these devices and validate their identities. This key capability is essential for improving compliance as well as defining your enforcement policies.

According to you, how the Internet of Things (IoT) is going to change the cybersecurity landscape in 2019?

In 2019, we can anticipate that the use of IoT devices will continue to flourish in enterprises. However, in addition to this, we can also expect to see the convergence of IT and OT environments. Given the rapid rate at which these devices are being leveraged by businesses, interconnectivity is continuing to prove itself valuable for business efficiency.

Although these devices operate differently, they must not be treated in isolation. We predict that attacks by malicious actors will increase in frequency and intensity, forcing the enterprises to either invest in newer, more secure systems, or reevaluate their entire security architecture and reassess the manner in which IoT, OT and IT devices interact.

Recently, ForeScout partnered with Respond Software to strengthen Industrial Control System (ICS) cybersecurity programs. How do you intend to boost cybersecurity through this partnership?

The complexity of industrial environments has led to an increasing number of ICS-specific cyber threats, in which asset owners have no visibility. This is further compounded by the challenge of finding skilled security personnel.

There is a need for a solution that enables businesses to continuously monitor and analyze key networks and quickly make appropriate decisions. To address this, we have partnered with Respond Software to roll out a new technical integration called Virtual ICS Threat Analyst Logic (VITAL), which allows ICS asset owners to automate threat analyst decision-making processes. The integration streamlines ICS security operations for critical infrastructure by escalating and prioritizing critical incidents, while eliminating false positive alerts. On a broader scale, this partnership strengthens our joint customers’ ICS security teams by allowing them to focus on the serious security issues.

Any piece of advice for budding security professionals?

Malicious actors are constantly evolving and will continue to find new ways to break through the network. The best way to be prepared for such an instance is by employing a three-step defense strategy – see, control and orchestrate.

See: Lack of device visibility and control continues to be top concerns for IT and security team as well as risk management leaders. Oftentimes, organizations lack a complete, up-to-date inventory of the devices and assets they have. Visibility and intelligence of network-connected devices is therefore essential in helping organizations effectively manage security risks.

Control: To reduce the attack surface and risk, it is important to have the security tools that can control the level of access provided to any device on the network. Once an organization has the ability to see all of the activity on a network, they can then manage risk more effectively by applying the appropriate network controls. Through this process, organizations can decide to allow, deny or limit network access based on device posture and the organization’s security policies.

Orchestrate: Organizations need the ability to align network controls as well as automate and orchestrate information sharing across all network environments in order to identify, prioritize and mitigate cyber threats quickly and effectively. This enables the ability to enforce consistent network security policies and mitigate risk effectively.