With enterprises worldwide gripped by cyber threats, Indian Space Research Organisation (ISRO) chairman K. Sivan has advocated prioritising threat-hunting strategies over passive damage control measures to thwart emerging advanced persistent attacks (ATPs) in the cyber world.
Delivering the keynote address at the concluding day of the 14th c0c0n - cyber security and hacking conference organised by Kerala Police on Saturday, Dr. Sivan said many critical infrastructure in the country had come under targeted cyber attacks during the last few years. The Indian Computer Emergency Response Team (CERT-in), which functions under the Ministry of Electronics and Information Technology, handled 11,58,208 cyber security incidents in 2020 alone. Of these, 25,969 cases were of website defacements.
“It is generally felt most of these attacks are being carried out by state-sponsored hackers. We can no longer afford to believe that our security measures are perfect and impenetrable,” he pointed out.
Dr. Sivan, who is also Secretary of the Department of Space, said traditional reactive defence systems were insufficient in countering such ATPs that affected major government organisations, financial institutions, power, energy and telecom sectors; and strategic and public enterprises across the world.
“The effective way to ensure IT infrastructure in protected against APTs is to search for signs of breaches and compromises within the network. It is vital to constantly look for attacks that get past security systems and catch intrusions in progress rather than intervening after attackers have completed their objectives to cause significant damage.
Threat-hunting tactics employs known adversary behaviours to proactively examine the network and endpoints to identify new areas of breaches. Threat hunting should ideally become part of the IT security arsenal of each organisation. IT engineers must be imparted specific training on such techniques,” Dr. Sivan said.
With increasing digitisation leading to the exponential growth of data, Dr. Sivan stressed on the need to propagate cyber awareness not just to employees, but also among students and the common populace. While a study conducted in 2018 had found nearly 2.5 exabytes of data created each day, 90% of the current data was generated during the last two years, he added.
