Nexdigm hosted a webinar with seasoned experts in technology / techonology risk domain and discussed plausible techniques of enhancing cybersecurity in line with the US Executive Order (EO) on Cybersecurity. After a year of rampant cybercrimes costing in excess of an estimated $1 trillion, the newly announced United States Executive Order on Cybersecurity (EO) seeks to minimize losses and create a system of security by design. The EO is written with the interest of national security in mind and, if followed by industry, can result in minimizing ransomware attacks like that which impacted Colonial Pipeline Company which had its first shutdown of operations and had to pay a ransomware demand of over $4 million.
According to the data presented in the webinar, as many as 36 billion records were exposed last year, with around 3,000 reported breaches. The data further stated that during the lockdown, a steep rise of 600% was reported in phishing attacks, while cyber attacks on banks increased by 238% and ransomware attacks increased by 148%.
The EO focuses on how IT service providers (including cloud providers) and Operational Technology providers need to imbibe a robust Cybersecurity posture in the form of Zero-Trust Architecture (ZTA), Endpoint Detection and Response (EDR), and encryption of data while in rest and in transit.
Dr. Anupam Srivastava, Vice President of International Strategy and Business Development at Safe Zone Ltd., opened the panel discussion by shedding some light on how the new White House directive gained relevance and spoke extensively about the ways and means hackers use to escape legal jurisdiction from international agencies.
“I should point out that in my work with the US government and others, one of the things we always talk about is that systems are only good as the people manning and operating those machines,” Mr. Srivastava said. He also added a key observation stating, “security culture is a value system that has to be imbibed by employees all the way up and down the management chain.”
Jerry Leishman, Head of the Regulated Security & Compliance practice, CORTAC Group, further elucidated upon the extent of the impact of the new White House Directives on the existing cybersecurity framework. He noted that the amount of financial loss with cyber theft was more than the existing drug trade across the globe and went on to explain how the Department of Defense is working with all stakeholders to strengthen cyber infrastructure across the board.
Keith Frederick, who is the Chief Information Security Officer in four different companies, started off by giving his perspective on damage control post a cyber attack. His suggestion for businesses was to keep an incident response plan, quarantine the attacked segment, and continue with day to day to operations - to maintain cash flow into the business. He emphasized upon learning from attacks and analyzing them to learn and improve.
Krishnanand Bhat, Director - Technology Advisory, Nexdigm, provided an explanation on ZTA computing. He talked about how computers used to trust each other and communicate seamlessly. But with the passage of time and growth of cyber crime, it has become imperative to ensure the information to be validated, identified, and then processed. He explained that devices, networks, and people that utilize the technology paradigm need to be validated each and every time.
Krishnanand concluded the discussion by advising organizations on how to maintain cybersecurity standards. He said, “Cybersecurity is everyone’s responsibility. Don’t rely on any directive to tell you how secure you need to be. It’s like protecting yourself - when you protect yourself, you protect your organization. When you protect your organization, you protect the society at large, and then it spreads to the country. It needs to become a way of life.”