'Businesses need to build threat intelligence for cybersecurity': Dipesh Kaura, Kaspersky

With threat vectors looming large and cyber criminals becoming audacious with sophisticated tools, it is imperative for enterprises to rethink their approach towards security. In an interview, Dipesh Kaura, general manager of Kaspersky South Asia, talked about the changing cyber threat landscape and how important it is for businesses to build threat intelligence to thrive in a digital economy.  

How has the enterprise threat landscape evolved in recent times?  

The cyber threat landscape has been continuously evolving. The recent years, particularly, have marked a shift in how cyber criminals target their attacks. As the business environment has become distributed in nature, with increased dependency on digital. With remote working being largely adopted and business information accessed from multiple locations and networks, organizations are moving from a centralized security approach to endpoint-centric security practice.  

Realizing this, cyber criminals are now looking to exploit endpoint vulnerabilities to launch attacks, such as ransomware. According to Kaspersky's findings, the number of users encountering targeted ransomware increased by a whopping 767% between 2019 and 2020. 

Furthermore, the pandemic-led disruption has forced enterprises to reduce their on-premise dependency and adopt cloud and as-a-service platforms. This is not only driven by infrastructure manageability challenges, but also by the focus on building use cases around emerging technologies.

Why is there a sudden rise in the need for threat intelligence among enterprises?

In an increasingly digital, highly connected business environment, and with an ever-evolving threat landscape, organizations need to prioritize mitigating attacks before they hit their systems. To achieve this, they need to collect threat data and analyze it to understand attack motives and behaviours. In simple terms, enterprises need to build threat intelligence that helps them move faster than the attackers and take more-informed and proactive decisions in terms of protecting their digital infrastructure.

Here, we need to look at how threat intelligence works in favour of enterprises. It is quite evident that cyber criminals use complicated intrusion ‘kill chains’, campaigns and customized tactics, techniques and procedures (TTPs) to disrupt businesses. By integrating up-to-the-minute threat intelligence feeds containing information on suspicious and dangerous IPs, URLs and file hashes into existing security controls, security teams can automate the initial alert triage process, while providing their triage specialists with enough context to immediately identify alerts that need to be investigated or escalated to Incident Response teams for further investigation and response.

What is the key solution that businesses should consider to equip themselves with threat intelligence? 

Organizations across industries are faced with the challenge of cybersecurity and the need to build threat intelligence holds equal importance for every business that thrives in a digital economy. While building threat intelligence is crucial, it is also necessary to have a solution that understands the threat vectors for every business, across every industry. A holistic threat intelligence solution looks at every nitty-gritty of an enterprise's security framework and gets the best actionable insights.

A threat intelligence platform must capture and monitor real-time feeds from across an enterprise's digital footprint and turn them into insights to build a preventive posture, instead of a reactive one. It must diagnose and analyze security incidents on hosts and the network and signals from internal systems against unknown threats, thereby minimizing incident response time and disrupt the kill chain before critical systems and data are compromised.

What do enterprises gain by taking a threat intelligence security approach?

A robust threat intelligence framework can enable enterprises to detect and prevent reported threats to safeguard critical assets, including software and hardware components. IT teams can perform vulnerability assessments of their business environments and assets, and make informed decisions on patch management or the implementation of the other preventative measures.

Another major benefit is that they can leverage information on attack technologies, tactics and procedures, recently discovered vulnerabilities and other important threat landscape changes. All these capabilities eventually help make informed strategic decisions in terms of security investments and ensuring a resilient business.

What are the key trends to watch in cybersecurity for 2022?

When it comes to cybersecurity, ransomware has become the undisputed story of 2021. Ransomware operators have refined their arsenal, focusing on fewer attacks against large-scale organizations, and an entire underground ecosystem has appeared to support ransomware gangs’ efforts.

Kaspersky experts have noted two important trends that will gain in popularity in 2022. First, ransomware gangs are more likely to frequently construct Linux builds of ransomware to maximize their attack surface, which is already being seen with groups like RansomExx and DarkSide. In addition, ransomware operators will start to focus more on financial blackmail. This is when operators threaten to leak information about companies when they are undergoing critical financial events, for example, conducting a merger or acquisition, planning to go public, etc. to undervalue their stock prices. When companies are in such a vulnerable financial state, they are more likely to pay the ransom.

We might also witness an increase of cyber espionage activities in India. Also, cyberattacks from advanced persistent threat (APT) groups, with intention to collect valuable geopolitical, business, and military intelligence will continue to expand in 2022 in India.