Think Like the Enemy
Think’s Executive Security Advisor Harish Siriparapu Urges Hypervigilance in Cyberspace
Harish Siriparapu wanted to be a fighter pilot growing up, but when his parents deemed his dream too risky, he discovered a new way to take off in the field of international security. He would learn to employ assault tactics and conduct evasive maneuvers in the airspace of the new millennium: cyberspace.
Harish, who grew up in Chennai, India, discovered his natural inclination for cyber security at University of South Carolina, where he took an immediate shine to the tactical detective work required to combat hackers. “I really enjoy the investigations and forensics, searching for clues and answers,” he says.
Harish, who is based in Ellicott City, now leads Think’s efforts to stay one step ahead of cybercriminals. It is a fight, he says, that requires constant vigilance against a target that never stops moving.
Q: What is the biggest cyber security issue companies face?
A: Cyber threats are evolving so quickly that if you recognize a relevant cyber threat in June, by August or September that information might be obsolete. IT professionals must constantly keep on top of new threats and how they can impact an organization. In the current business climate, companies are transforming their systems to be more versatile, flexible and accessible. They’re moving more information to the cloud to allow employees to work from home. Organizations need to recognize that any computer system change is going to significantly impact security. In an environment that’s evolving as rapidly as IT, it can be difficult to keep track of the changing risks in a changing environment. Controlling unauthorized access to your data – from either a cyber threat or phishing malware — tests your organization’s agility, and ability to identify and adjust protocols to adequately mitigate risk. To me, this is the biggest problem in the market right now.
Q: What is the goal of a cyber attacker?
A: It is all tied to money. Cybercrime is the second largest economy outside the legal economy. There are cybercrime gangs, and there are nation-state actors that attempt to hurt an entire nation by attacking its critical infrastructure or government institutions. There are very few individual ‘mischief makers’ trying to hack into people’s systems. Today it is all about people trying to profit from cybercrime.
Q: Where are these gangs operating?
A: Many hackers are believed to be in Russia, eastern Europe, China and North Korea. To hack, you need to have a good internet infrastructure, so many believe Russia is a huge source of cybercrime. Gangs have distinct signatures in the tools they use. Some ransomware is exclusive to certain gangs in Russia and eastern Europe.
Q: So, what is the impact on small and large companies?
A: In 2018, cybercrime cost companies $1.5 trillion annually. It is believed the average data breach will cost about $3.8 million. Small and medium-sized businesses suffer 43 percent of all attacks, and 50 percent of small businesses experienced at least one cyberattack in 2019. The percentage of all attacks that are launched on phishing is 91 percent.
Q: How should a company combat cybercrime?
A: First, you have to be aware of what’s happening. Subscribe to industry bulletins like InfoGuard and FBI lists. The Secret Service issues advisories when they recognize certain threats, educating the community about what types of attacks are increasing and what types of controls can block the threat. Second, IT professionals should constantly analyze new and evolving tools in the market and understand how technological advances can be used against whichever threats you face. Constantly be on the lookout, understand what is happening in the industry, understand what is happening in your environment and respond quickly. Security monitoring — collecting logs from all systems – is key.
Q. Where are companies falling short?
- Many companies don’t perform adequate security monitoring because they’re put off by the price tag. It can be one of the most expensive components of a security program, but there are cost-effective ways to perform security monitoring. Third and most of all: train people to use the systems you’ve put in place. In the security world there is a saying that humans are the weakest link in the chain. You can have the smartest firewalls and email security controls but if your users are not adequately trained, your entire program could be defeated by your own users.
Q: What does a leading company do to ensure cyber security?
A: An ordinary company trains it workforce on best practices in cyber security, such as using encrypted email, but a leading company will build what is called a cyber resilient culture. In a cyber resilient culture you are training your workforce not only to detect cyberattacks but to be part of the response process.
Q: What news sources or blogs do you find indispensable in your line of work?
A: I’ve set up Google alerts for topics like digital transformation, cloud security, and more. Security Blvd and Dark Reading are also good publications.
Q: Where do you think cybercrime is heading?
A: We haven’t seen the worst of it. It is going to get quite bad out there. There are two areas that concern me: the types of environments getting attacked are increasing. Industrial technology has traditionally not been targeted, but when you connect the technologies used in manufacturing plants, these become targets. The attacks are getting deeper too. While we are building cyber security solutions for artificial intelligence and machine learning, the attackers are also building hacking tools based on AI and machine learning. It is a money-making industry and cybercriminals have a lot of money to invest.
Q: What advice do you have for companies facing these evolving threats?
A: Don’t put all your focus on operations like patching or compliance. That’s the bare minimum. The secret is to build a wholistic program. You need a team of well-rounded information security individuals who are able to tackle planning, governance, operations and compliance. In the small business market, companies need to either find someone who can handle all these facets, train someone to perform these functions or hire a virtual chief information security officer. Cyber-attacks are not just happening to the big guys: they are happening to small companies as well. The small business market needs to take cyber security threats seriously. The risks are real and getting more sophisticated every day.
About Harish Siripurapu
Harish is a Cybersecurity and Privacy Executive Advisor at Think. He brings over 16 years of cybersecurity strategy and operations management leadership, including Fortune 100 experience. Harish served as Director of Global Security at Sitecore, and previously PricewaterhousCoopers where he developed and implemented security strategies, transformed programs, responded to cyber incidents and critical regulatory findings (GLBA, HIPPA, PCI, DSS) instituting remediation plans.