Offensive techniques need to be adopted to get the actual assessment of an organization’s security posture


Offensive techniques need to be adopted to get the actual assessment of an organization’s security posture

Prof. Triveni Singh IPS
SP, Cyber Crimes - Uttar Pradesh Police


Key priorities for 2021
For the organisations to be in the business, one has to get into “Being Digital Mode” and since this has been mandated from top management / board, CIOs / CTOs responsibilities have changed drastically. “Being Digital” means almost all the areas of operations need to be migrated to a digital platform. The actual meaning of Being Digital shall be all the operations need to follow the concept of Manage, Monitor and Measurement digitally. CIOs / CTOs need to work with every department to bring them on the digital platform, especially for those tasks, which are in manual monitoring mode now. It is going to be a total paradigm shift culturally.


Adopting Work-From Anywhere
The “New Normal” – Work from Anywhere or Telecommuting, earlier it was more confined to IT Sector/BPO/KPO sector only, which has been extended to other departments now. Barring the manufacturing & R&D sector, all of them are now working remotely. To enable this, corporate IT infrastructure and connectivity had to be extended to workstations used by an individual employee in the form of VPNs, Corporate Collaboration Tools.


Companies had to arrange for workstations / laptops for every employee who could use them from home or anywhere. Since now the majority of the workforce working outside the regulated and controlled office infrastructure, appropriate security controls on the individual workstations had also to be implemented, which was challenging. That’s the reason Cyber Attacks have increased drastically since the pandemic globally.


Redesigning IT & Security strategy
New Threats have been a problem from the beginning itself, now it has propelled like anything because earlier there were very few entry points for the threats and vulnerabilities to enter for example adversaries had to target corporate network firewalls but now since the entry points have been multiplied in terms of the number of employees - each employee of the corporate working outside the corporate network are considered as entry points. The basic and foremost priority is to make employees aware of these threats in practical mode. We have been trying to conduct awareness sessions on cyber security, cyber hygiene by giving practical demos of how vulnerable are they. Employees are encouraged to participate in talk shows/webinars.


As far as medium-term strategy is concerned, there have been efforts to include the RED Teaming exercise mandatorily to check the actual defensive posture of corporate infrastructure in terms of PPT: People, Process & Technology. Currently, methods of defensive controls are more kind of reactive where processes are defined as per ISO or industry standards but the People & Technology area lags. With offensive techniques we shall get the actual assessment – which is the weakest area – If we know this, it shall be easier to put the remediation strategies more effectively.


Copyright @1999-2022 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : |