Cybersecurity has been a major concern for enterprises, especially amid the COVID-19 outbreak. The result is an increased frequency of cyberattacks, which have affected various industries across the globe. While there is an abundance of experts in the field, not many are as accomplished to discuss cybersecurity, cyberattacks, and digital resilience as Kumar Ritesh, founder and CEO of Cyfirma, a cyber intelligence firm headquartered in Singapore.
Cyfirma recently acquired a couple of major customer wins with Japanese carmaker Mitsubishi Motors and Zuellig Pharmaceuticals, which selected its Decyfir cloud-based cybersecurity platform to help strengthen their organisations against the recent spate of cyberattacks worldwide. Cyfirma was established in 2017 as a cybersecurity division of Antuit, an artificial intelligence solutions provider, then spun off in 2019 to become an independent entity.
Ritesh spent the first half of his career as the head of cyber intelligence at Britain’s Secret Intelligence Service – also known as MI6. He then transitioned into the corporate world as a senior executive for multinational corporations IBM and PwC. Before establishing Cyfirma, Ritesh was also head of cybersecurity at mining giant BHP Billiton.
We talk to Ritesh on all things cybersecurity, including how it is affected by geopolitics, the evolution of its technology, and what companies should look out for when it comes to cyberattacks.
How do global issues like COVID and the United States-China trade war affect cyber posturing and organisations’ efforts to protect their IPs from cyberattacks?
COVID-19 has been a test on organisations’ preparedness and resiliency on all fronts, especially in the cybersecurity sphere. Hacker groups are taking advantage of people’s fear and anxiety from the global health crisis to profit from scams, vaccine hoaxes, misinformation, and exploiting vulnerabilities. For example, we uncovered that the North Korean-based Lazarus Group had planned a large-scale phishing campaign targeting more than five million individuals and businesses across six countries and multiple continents, using phishing emails under the guise of local authorities in charge of dispensing government-funded COVID-19 support initiatives to siphon personal and financial information.
As remote working becomes a default for most organisations, hackers have also discovered very quickly that it is easy as well as lucrative to target employees working from home. Without the protection of the corporate network, remote workers remain vulnerable to social engineering tactics, phishing campaigns, VPN weakness, and porous home networks.
Furthermore, current geopolitical tensions are fuelling cyberthreats globally, especially with the United States-China trade war not abating. Such trade wars are seeing more nations adopting cyberwarfare capabilities, and the economic and ideology battle has taken to the wire in the form of cyberespionage. State-sponsored or affiliated hackers have been relentless in their attempt to gain political hegemony. These cybersecurity threats have become a great concern for governments and businesses. With cyberthreats constantly evolving, governments and organisations have had to double down on their efforts in protecting their data and intellectual property from such hacker groups.
What limitations and complications do organisations face in strengthening their cyber posture and protecting their intellectual properties?
Traditional cybersecurity approaches such as installing new security appliances or creating new firewalls and layered defenses are outdated. Most organisations take a reactive, inside-out approach to understand their IT environment. When a new malware emerges, threat intelligence suppliers often tailor the indicators of compromise to an enterprise, which then applies them across its infrastructure to suss out threats. While such an approach may close the cybersecurity gaps in the short term, threat actors will only have to try a different attack method to infiltrate the organisation again.
There also tends to be much focus on how a cybersecurity threat happened. Even before knowing how a cyber breach happens, organisations need to know the 5Ws:
- Who the attackers were
- What they were after
- When they would attack
- Where they were, and
- Why were they planning an attack
To form a holistic cybersecurity strategy, organisations need to contextualise threat intelligence to their operating environment.
The technology in cybersecurity and cyberattacks evolve at a rapid pace. What changes have you seen since you started at Cyfirma?
Today, threat actors are becoming more sophisticated in their attack methods, and they are also more well-funded to invest in new hacking tools and capabilities.
We have also observed that the traditional process of going behind external-facing systems is on a downtrend. Instead, attacks now have data exfiltration codes embedded in them. This is a more efficient form of attack for the threat actors, who want to understand the profile of the organisations’ environment and the types of systems and data they have. With hacker groups now engaging in more traditional forms of espionage beyond merely seeking monetary gains, this form of attack allows them to use this opportunity as a backdoor to control systems within the organisation. Their ultimate goal is to live in the organisation for months or years to exfiltrate data, then demand for ransom only when they want it.
It becomes increasingly important for organisations to be equipped with the capabilities to predict such attacks before they occur to prevent the infiltration of malware and exfiltration of intellectual properties and sensitive data.
Where do you think cybersecurity and cyberattacks technology will be in 3-5 years?
Adoption of emerging technologies such as 5G, Internet of Things, and artificial intelligence (AI) is on the rise, and with it comes increased cyber risks. Cyberattack technology is going to adapt to these advancements and find a way to infiltrate such systems. Combined with the trend of hacker groups colluding and collaborating to target a common enemy, cyberattacks will be more dangerous than ever in the next few years.
Self-defence systems will be the way forward. Similar to how our immune system consistently self-monitors, learns, and heals when battling foreign elements, future cybersecurity solutions should be able to identify abnormal foreign elements and programs using adaptive machine learning. Automated self-defence cybersecurity technology powered by AI will be able to continuously find, respond to, and recover from new threats. This will reduce the risk of a cyberattack and the attractiveness of an organisation as a hacking target.
IT is a vast industry with many possible disciplines to specialise in. Why focus on cybersecurity? What is it about the field that interests you?
I first joined the intelligence service when I was 20 years old. After being in the service for close to a decade, cybersecurity was a natural path for me to take when I entered the corporate world. During that period, I observed that while the cybersecurity landscape had evolved, security processes and controls have failed to integrate an “outside-in” view. Generally, there is a lack of deep insights and contextual intelligence around cyber events, threats, and risks. The integration of intelligence into all verticals of cyber posture management is missing.
I took this as an opportunity, as well as a challenge for me, to bring my expertise in predictive threat intelligence into the corporate world. Bringing predictability into the game of cyberwarfare and cybersecurity is not an easy task with the world of cyber technology constantly changing, especially since such predictiveness was not quite available before. Cybersecurity is an essential part of any business around the world, especially now more than ever with cyberattacks increasing and the types of attacks evolving. Being equipped with accurate intel related to their cyber adversaries can help companies take actionable steps to protect their systems and data, which is a rewarding feat for me.
You once headed the cyber intelligence practice at Britain’s Secret Intelligence Service or MI6. What specific lessons learned there are you able to apply at Cyfirma? What was the most interesting part of working at MI6?
Unsurprisingly, ‘intelligence’ has always been the key for the British Intelligence service when it comes to cyberthreats. Threat intelligence is always based on information we processed, allowing us to say that this is where things are heading, and help law enforcement agencies take corrective actions to properly react to it. This was not the case in the corporate world.
When I first joined the corporate world, the state of cybersecurity was not ideal and security professionals were struggling to keep up with cyberattacks and threats. Beyond their perimeter lines, they had no visibility into cybercriminals and external threats – who they are, what they want, and when and how they can potentially attack. Businesses could not pre-empt cyberattacks; they could only react to them.
Leading a national cyber intelligence unit taught me that the only way to have ironclad security is to blend the most appropriate security controls with advanced technology. Predictive threat intelligence is an essential part of safekeeping data. Fighting an avalanche of unknown threats is a futile effort. Businesses need to know who and what they are up against in order to be truly cyber safe.