Monday, November 25

Mitigating Cyber Threats; An exclusive interview with Ankit Satsangi

The year 2023 brings in new hopes and its own set of challenges. We sat down with Ankit Satsangi to uncover what 2023 holds for the stakeholders of Cyber Security.

Ankit is a seasoned Hacker, Cybersecurity, and Intelligence professional with over a decade of experience in Offensive Security, Incident Response, Insider Threat Detection, Dark Web Research and working on classified government projects as an intelligence officer. He is a subject matter expert in core cybersecurity and counterintelligence and has successfully designed advanced cyber defense systems for sensitive organizations. In addition, Ankit has served as a trusted advisor to numerous international cybersecurity organizations and has garnered recognition as a renowned speaker at various IT and security conferences. Prior to founding Ahad, Ankit served as the Global CISO for a multi-million-dollar enterprise with AED 65 billion in assets protecting the organization from hackers and advanced cyberattacks.

  1. So, Ankit, we know that technology has evolved a lot; there are numerous technologies and controls an organization implements, and still, we hear news of data breaches & incidents. Are the hackers outpacing us?

Technology has evolved rapidly, and organizations have implemented various controls to protect against data breaches and other security incidents. Regardless, organizations that have deployed the most expensive, significant, and outstanding solutions have still faced a violation.

Hacking is an ongoing battle between those who seek to protect systems and data and those who seek to exploit vulnerabilities for various reasons.

While it is true that hackers are constantly finding new ways to attack systems, it is also true that security professionals are constantly finding new ways to defend against these attacks. Moreover, it is essential to note that not all data breaches and security incidents result from hacking. In some cases, they may be caused by human error, such as an employee accidentally exposing sensitive data or system failures or vulnerabilities that have not yet been addressed.

2. We can see that the cyber threat landscape is constantly altering; in your opinion, what are a few threats modern-day organizations face?

The technology landscape has evolved to a point where it has become challenging to keep up. Some of the most common and potentially damaging threats include:

  1. Ransomware attacks involve hackers encrypting an organization’s data and demanding a ransom in exchange for the decryption key. If the ransom is not paid, the hackers may threaten to release the encrypted data publicly or sell it on the dark web.
  2. Advanced phishing attacks involve hackers sending fake emails or messages that appear to be from a legitimate source, intending to trick the recipient into divulging sensitive information or clicking on a malicious link.
  3. Insider threats come from within an organization, such as a disgruntled employee who intentionally exposes sensitive data or causes a security incident.
  4. Supply chain attacks target an organization’s supply chain by compromising a third-party vendor or provider to gain access to the organization’s systems.

It is crucial for organizations to stay aware of these and other potential threats and to implement appropriate safeguards and security measures to protect against them.

3. The year 2022 witnessed a rise in Cyber Security Incidents and technology; we also heard about defense in depth, the zero trust model, and other models. How do we know which security model suits our organization the most?

There are several factors that an organization should consider when deciding which cybersecurity model is most appropriate for them. Some of the key considerations include the following:

1.  The organization’s size and industry: Different models may be more or less suitable for different types and sizes of organizations and organizations operating in various industries.

2.  The organization’s risk profile: An organization’s chosen model should be tailored to the specific types of threats and vulnerabilities that it is most likely to face. This can be achieved by leveraging Threat Intelligence and identifying the APTs (Advanced Persistent Threats) or cyber-criminal groups targeting the organization industry.

For example, an organization that handles highly sensitive data may have a different risk profile than one that does not.

Ultimately, regardless of the size and vertical, every organization should follow basic cyber hygiene and harden controls per industry best standards such as the CIS controls and NIST  framework.

4. We have realized that security breaches are inevitable. However, in case of a security breach, what’s the ideal course of action to limit the impairments?

Some key steps that an organization can take to reduce the likelihood of experiencing a security incident and controlling the damage can include:

1.  Implementing strong security policies and practices: This may include establishing strong passwords, regularly patching and updating systems, and training employees on cybersecurity best practices through awareness sessions and technologies that can run through various informational videos in regional languages.

2.  Conducting regular offensive security assessments: It is important for an organization to regularly assess its systems and identify any vulnerabilities that need to be addressed. This can be done through Penetration Tests, Red Team engagements, and other methods such as internal audits.

3.  Implementing robust incident response plans: If a security incident occurs, an organization needs to have a response plan or an SOP (Standard Operating Procedure). This may include procedures for identifying and containing the incident, as well as for communicating with stakeholders and restoring systems and operations.

4.  Ensuring proper data management: Some robust controls include strong access controls and data encryption to protect sensitive data and prevent data breaches.

 5. Being in the limelight for a security breach can perpetually tarnish an organization’s reputation. So, what measures can an organization take to avoid being in the news for a security incident?

The  Chief Information Security Officer (CISO) must have a solid technical background and be able to effectively communicate an organization’s risks to the board and other stakeholders. However, this is not necessarily a guarantee that the organization will not be in the news for a security incident.

Security incidents can occur despite the best efforts of a CISO and the rest of an organization’s security team. However, having a CISO who is technical and able to communicate risk effectively can help to minimize the likelihood and impact of a security incident. For example, a CISO with a strong technical background can better understand and identify potential threats and vulnerabilities and implement controls to mitigate risk. They can also work with the board to develop and implement a comprehensive security strategy that aligns with the organization’s business objectives. In addition, effective communication is crucial if a security incident should occur.

A CISO who can clearly explain the situation to the board and other stakeholders can help minimize the damage and ensure that appropriate measures are taken to prevent similar incidents from occurring in the future. The ideal CISO should be able to explain cybersecurity threats and risks in business terms to be on top of the game.

6. Resource shortage in the cyber security industry is crucial; how do you see this issue, and how to address this?

A significant lack of trained cybersecurity professionals makes it challenging for organizations to find and retain the necessary personnel to safeguard their systems and data effectively.

Several factors responsible for this shortage include increasing demand for cybersecurity professionals as the number and complexity of cyber threats continue to rise.

Unfortunately, we have a limited number of qualified individuals in this field, and the constantly evolving nature of cybersecurity requires them to continuously learn and update their skills.

To address this shortage, organizations can invest in training and development for current staff from certifying bodies such as SANS, CREST, ISC2, EC-Council, etc., and offer competitive compensation and benefits packages to attract and retain top talent.

Share