The last six months have brought in big challenges for cyber security leaders, given that post the Covid-19 pandemic, enterprises saw staff working from home, resulting in a lot of the cyber activity often coming out of firewalls. CISOs had to deal with a whole lot of new devices that are connecting into their networks.
Old legacy approaches to securing these assets are no longer working. Why? Because you have to find the vulnerabilities within these devices. You cannot protect what you cannot see. So, the first step is towards creating awareness and understanding what are the challenges before getting into the solutioning, says Adam Palmer, Chief Cybersecurity Strategist with Tenable.
Tenable is a US-headquartered company that provides cyber vulnerability management services and compliance services using the latest in AI / ML. The company proffers solutions to a slew of industry verticals ranging from healthcare to finance, energy to retail besides working with several government and governmental agencies to reduce cyber risk.
An interesting trend that Tenable has witnessed with its clients in recent times is for attackers to go after any of the dozen or more connected devices that is operated by an individual or within an enterprise. Every type of access controls, be it heating, air conditioning or even ingress and egress of employees connects to the corporate network and thus open up more vulnerabilities.
I see these as blind spots for the CISOs, who think of the traditional points of vulnerability such as computing devices, printers and other accessories that form an office network. Attackers see any organisation as an easy target. Have done lots of work in India, and oftentimes we reiterate the point that attackers are not just after money, but the brain power that enterprises create and maintain on their network.
Another area that requires attention is government projects. India has been building large and broad databases and the challenge that cybersecurity experts face is often the breadth of the attack surface. There is also serious concern over attacks against critical infrastructure. The risk is far greater as attacks could destabilize governments and economies.
Watch the full interview where Adam Palmer goes into details of how businesses, governments, small enterprises and even individuals can become aware of cybersecurity and become risk officers of their own domains….