Rakesh Viswanathan is the Regional Director for India & SAARC at Cyberbit, a provider of IT/OT security solutions, and cybersecurity simulation. Cyberbit is a subsidiary of defense technology leader Elbit Systems.
Rakesh heads strategy and business for Cyberbit in India, and is dedicated to providing next-generation cybersecurity to BFSI, government and enterprises. In an exclusive interview with CISO MAG, Rakesh talks about IoT security, patch management, ways to build an information security team, and much more.
What are your views on the IoT ecosystem in India? Which sectors or industries do you think will widely adopt IoT in the recent future?
The IoT ecosystem in India is maturing right now, and IT and OT convergence is beginning to take place, but there are still a lot of gaps between the two. On the one hand, IT has developed very profoundly in India and the industry here has adapted many new technologies and developed a very advanced work force of highly skilled professionals that are very aware of security concerns and best practices.
By the end of next year (2019), India is set to become the world’s 3rd largest manufacturing nation (PWC). Critical industries like manufacturing, oil & gas and energy will be the frontrunners in IT/OT convergence and the leaders in adapting the best security tools and practices.
Attacks on converged OT networks almost always begin in the IT network, but those skilled IT teams are always focused on layers 1-7. As IT/OT networks converge, the security approach and tools must adapt. The entire OT industry in India is responding because everyone understands the how costly a cyberattack could be.
Most OT and IT networks in India today are segregated only by a firewall. The OT networks are mostly isolated and have not interconnectivity, no internet access.
This means also security operations are segregated. OT security alerts aren’t sent to IT and vice versa. The departments are not connected and there is a very real lack of both cooperation and skill set needed to run a security-focused OT organization. This is a very real pain for OT networks and a strong driver for convergence. These organizations understand the value of implementing one platform that can orchestrate investigation and response to alerts from both the OT and IT networks together in a unified platform.
One of the hurdles in IoT security is authorizing and authenticating devices. How do you think this can be handled?
Authorizing and authenticating devices is a known problem that can be handled by following industry standards such as ISA/IEC 62443, ISO/IEC 27001, NERC CIP, NIST. The standards address particular sectors and industries. By carefully implementing the relevant standards, organizations can be confident that devices are been authenticated and authorized and security is being upheld.
A recent survey by Ivanti suggested that 80% of the organizations have a patch management policy in place. How scary is this stat and what can companies do to address such problem?
Indeed, most OT organizations do not have a patching policy in place, and this means they are more exposed to cyber threats and vulnerabilities. The first step to address this problem is to improve detection, monitoring and management of assets. I recommend beginning by mapping assets and traffic and using this to create baseline policies for all assets, protocols and communication in the OT environment. The baseline makes it much easier to detect known vulnerabilities and unpatched devices.
What are the essentials of building an efficient cybersecurity team?
People. Metrics. Training. Tools
People: The first essential element is people. Everything starts with people. Recruiting, training and retaining skilled, motivated security professionals is the most important foundation for any cybersecurity team. CISOs and SOC manager need to be creative about how to achieve this. One very basic element that is lacking in the hiring process is a reliable, relevant way to assess the skills of candidates. Some of our global customers are using our Cyber Range simulator to test the capabilities of candidates in a very realistic environment.
Metrics: “You can’t improve what you don’t measure”. The old adage is especially true in the modern SOC. The speed and accuracy of detection and response can mean the difference between just another alert handled by the SOC or a devastating breach that costs the organization dearly in terms of time, money and damage to reputation. Every SOC manager needs to set key performance metrics, constantly monitor the performance of the SOC as a whole and each individual analyst. This is the best way to identify bottlenecks and failure points and implement solutions.
Training: 68% of SOC analysts have never seen a live attack. This means when an attack hits, it will be the first time many of your team members have every confronted the situation. That fact should make everyone uneasy. Just as you wouldn’t send an inexperienced young soldier into battle, young SOC analysts deserve ample hands-on training so that they are ready to face the worst. The most effective way to give them the experience and training they need is to perform realistic drills in a cyber range simulator.
Tools: Obviously, having the best cybersecurity tools in place is important, but I mention tools last because just deploying them isn’t enough. Tools will only ever be as good as the people using them. So don’t just purchase the best tools, make sure your team is well trained on how to use them. Tools should empower your people and make each analyst smarter, faster and more effective.
Any advice to a budding information security professional?
Firstly, I would congratulate him or her on choosing a challenging, important career. Cybersecurity is one of the fastest growing highly skilled technology fields and the demand is only going to continue to grow. My advice would be to constantly continue learning, through reading, online course, managers and senior team members, conference and industry events. Whenever you have an opportunity to learn or practice, grab on to that opportunity with both hands. Also, make sure your learning is practical and includes lots of hand-on experience. This will make you a highly valuable and sought after professional.