Sophisticated attacks from cybercriminals have risen in the last one and half years: Check Point’s Prakash Bell

Cyberattacks have continued to increase over the years. Despite many firms putting high-end security firewalls in place, cybercriminals always appear to be a step ahead. The security incidents such as the SolarWinds attack reveal that criminals are using more sophisticated techniques to gain users' access. A recent ransomware attack on a key US pipeline network also indicates the severe consequences of falling prey to cybercriminals.

Indian firms and individuals are also among the top targets of cybercriminals, especially after the onset of the Covid-19 pandemic that forced a remote working transition. What can Indian firms and individuals do to ensure they face bare minimum damage from such hacking attempts? We spoke to Prakash Bell, Head of Customer Success, Regional SE Lead, Check Point Software Technologies, India & SAARC, to discuss the cybersecurity situation in India and other relevant issues. Here are the edited excerpts.

How has the cybersecurity landscape evolved since the Covid-19 pandemic began and remote working became the new normal?

While we've been seeing a biological pandemic, I think as a cybersecurity leader, Check Point has been advising people about a cyber pandemic, which could also possibly explode around the same time and the reasons for this are as follows in terms of the current landscape - We have seen that last year due to the pandemic, the biological pandemic, that is the COVID situation, everybody has started to work from home and they've also started using makeshift devices, which are their personal devices, phones, tablets, whatever they could get their hands on to continue to stay engaged in their work-related matters. 

Now, businesses have also had to adapt to the situation with a very, very short span of time, because while many businesses may have had some level of IT, this was partially available to some of their employees, to the team managers and so on, but maybe not to the general population. So, one they had to make this rolled out across the entire employee landscape, i.e., point number one. 

And second is, also ensure that data security is not compromised in this entire period and they are doing all these changes and shifts. So, the biggest concern for all these companies has been a combination of factors. One, I think the attack surface has just exploded and it's become exponential all of a sudden, overnight and they had to scramble around to kind of see how to address that and mitigated. Second, business continuity is of paramount importance. How do I continue my business without putting anything at risk, especially my digital infrastructure? How do I secure all my digital assets? And around these areas is where we've been working with companies, providing solutions and also guidance and ensuring that they're able to deploy these in quick time as well as gain the necessary security measures which are required to make them stay protected from digital rights perspective. 

But with that said, I think one other thing is that there has also been a significant uptick in terms of the threats that have started to come in. I'm sure you would have read about the advanced persistent threat or APTs, as they're called, a lot of them surfacing over the last year and some of them really very, very concerning, given the sophistication of those levels of attacks. 

So, we've been seeing very, very sophisticated attacks in the last year and a half. Second, I think using the COVID, a lot of phishing attacks have happened and also hundreds of thousands of spurious websites which potentially carry malware and bad code, which are designed to infect the end machines, have also been seeing an increase in the last year. 

And last but not the least, that have been significant attacks on infrastructures, particularly in a growing nation like India. India has been a target of such attacks, as well as certain industries within various countries are getting a lot of focus on those, particularly working on the COVID vaccine, who has been a part of it. So, all of this has seen a significant uptick in the last year. So that those are the trends that we see. And in terms of sharing some data points around it, I think companies have had to also work on educating employees in terms of how to practice digital security hygiene, if I may call it that.

Cybercriminals are trying to trick users into giving up their personal data through very legitimate-looking phishing emails. How can employers and employees protect themselves from such a barrage of phishing attacks?

.The traditional way of having protection is like securing your perimeter, which is your offices and data centres. But today, people are operating out of this perimeter, which definitely poses the risk that we spoke of. For that endpoint security is a very, very important area and companies have solutions that are deployed. Check Point as a leading vendor has solutions in this area also, which provides complete security for their endpoint devices, be it their mobile phones or their laptops. Now, there are different levels of security that you would have over here. You could have protection at a browser level when you are entering forms or updating any information. There is intelligence that can run in the backend process that can run to scan this and protect you against any kind of potential threats. Similarly, for phishing attacks. Now, how do we do this is that we leverage a lot of advanced techniques around artificial intelligence and machine language running across various devices, which can not only detect known threats, but also unknown threats and zero-day malware if we were to say that.

Now, notwithstanding this part of it, only on mobile and endpoint devices, I think cloud security is also a lot of importance because many companies have suddenly started adopting because of the Covid situation going on to SaaS applications. So there are solutions available for that as well in terms of not just securing your north-south traffic, which goes in and out of your cloud, securing the SaaS applications, as well as your east-west traffic, which happens between your applications and data within your cloud itself.

There are multiple solutions available across. We not only cover the network perimeter but, we cover beyond the perimeter in terms of cloud as well as your endpoint devices, which covers both your mobiles and your laptops. Now, thus far I've only talked about the computing infrastructure. Then I've not even stepped into talking about OT and IoT infrastructure, which is very, very relevant for organizations and factories and which are heavily dependent on business control systems, industrial automation systems, as well as building management systems and so on. So, we have solutions that secure them as well. So, security is not just a single point solution. You've got to cover it like a blanket across all of your digital products and assets to get total protection. And the key part here is that the way these solutions work together with themselves through a consolidated architecture, I think it becomes very, very important to question to say how a threat in one location can be detected and tied to another activity happening somewhere within the infrastructure so that they can take a more holistic view about it and prevent it before it happens in your infrastructure.

What should be the immediate response of a company be when it faces ransomware or a similar cyberattack?

So, one of the ways we work with companies is that we have services also a part of our portfolio. We are not just a product company alone. So cybersecurity vendors are available for suitable guidance and help and we have a dedicated team, which is called the incident response team who can engage. And these are available not only for customers of Check Point, but they are also available for customers or using third party products. 

They're welcome to reach out to us and we engage with these customers and guide them accordingly in terms of what needs to be done. And first, of course, is to take steps to mitigate the attacks and then kind of contain them at the same time, also eradicate it and take steps to prevent future occurrences of that. So, this is definitely a fairly secure activity. At the same time, it's a fairly specialized activity and we have specialists who do this for optimizations around the world. So, reaching out to one of these organizations, who have such capabilities was able to help them, and an instant response would be a first step in what I would think would be the right approach. But at the same time, it would also help for organizations who have the budget and the capabilities to develop many of these skills internally, because these are things which would certainly pay you off in the long term and start to develop those things in-house as well, both from a defensive as well as from an offensive strategy perspective.