Bret Hartman is the vice president and chief technology officer, Security Business Group at Cisco. He has more than three decades of experience in building information security solutions for major enterprises and institutions across the globe. Hartman began his career as a United States Air Force officer assigned to the US National Security Agency. At the agency, he helped in the creation of the 'DoD Trusted Computer System Evaluation Criteria' (Orange Book). An alumnus of the Massachusetts Institute of Technology (MIT), Hartman talks to THE WEEK about different aspects ranging from preparedness of organisations to dealing with cyber security threats, data privacy concerns and how visibility and control can go a long way in preventing cyber attacks.
How prepared are today's organisations, be it in India or globally, to deal with any cyber or information security threats?
These days a lot of time is being spent by managements and the board of directors in different organisations to discuss about the cyber security threats and the potential damage they can cause.
Organisations globally are aware about the seriousness of such threats and the potential damage they can cause. In India too, a lot of organisations in the retail, financial and banking segment are very matured and have effective policies to deal with cyber security threats and prevention. Off late, I have seen that even some small and medium businesses have started feeling the need to prevent themselves from any potential cyber or information security threats. Though small and medium businesses do not have the money to invest in a large infrastructure, they are outsourcing their cyber security requirements to a managed service provider through cloud based services.
What are the new emerging information security threats and how vulnerable are organisations including government institutions to these threats?
As per my observation, all through the years ever since I have been working in this field, cyber and information security threats are becoming sophisticated and are evolving everyday. In the earlier days, there used to be simple viruses then came the Ransomware and then cyber threats became the kind of an organised crime. Now cyber attacks are large in magnitude and are attacking the geopolitical systems across the globe. Take the cyber attack that started in Ukraine (Petya cyber attack) that spread across the world and affected computer systems across the globe. The attack caused enormous damage and crippled thousands of machines. Considering the seriousness, it is a continuous arms race to deal with cyber security threats by chief security officers (CSO)s in different organisations across the world. As per our observation, there are over 20 billion cyber security threats that are detected every day across the globe.
As per the Cisco 2018 Asia-Pacific Security Capabilities Benchmark Study, India Inc faces one of the highest cyber security threats in the Asia-Pacific region with over 500,000 security alerts on a daily basis, which is nearly thrice the number of alerts faced by global companies. According to the report, India leaves nearly 39 per cent or approximately up to 200,000 alerts unattended due to lack of required skill sets. This presents a significant concern for the cyber security defenders who need to identify the genuine threats from a vast number of daily alerts.
We talk about smart cities that are taking shape across India. However, they are all connected and the IoT based systems that they work on are also extremely vulnerable to cyber security threats. What can be done to prevent this?
Most of the serious attacks are on the IT side of the systems (the back-end systems which connects to the IoT devices). One possible way to prevent IoT based systems from cyber attacks is to maintain a significant amount of separation or segregation from the back-end systems to the IoT devices so that the cyber attack do not spread to the devices soon. Though everything is eventually connected with each other through connected devices, visibility and control has to be constantly exercised.
What kind of steps should be taken to prevent data theft?
Currently huge amount of data is visible to us all around and steps must be taken to detect threats and prevent them. Data analytics and machine learning (ML) can help in analysing huge amounts of data and can help in the detection of potential threats to this data. Data theft can be prevented by having multi-factor authentication and one must not just limit it to password authentication. Our focus has been to prevent data breaches and most importantly the back-end servers that holds this data need to be secured. An analysis of the behavioural traits of the employees needs to be done as many employees have access to sensitive information and data, and can possibly indulge in data theft. Regulatory frameworks such as the GDPR (General Data Protection Regulation) will be beneficial in maintaining data privacy further.
What kind of work does Cisco do globally and in India as far as information security is concerned?
Cisco is actively working in this space and we are trying to make products and solutions very simple for our customers. We currently have around 5,000 people working in this space globally, out of which around 1,000 people are working in our Bengaluru centre focusing primarily on data security. We are increasingly using data analytics and ML in our solutions for better visibility of cyber security threats and prevention.
