Infosec Opinion

An Unpatched Software is a Magnet for Malware: Ambuj Bhalla, CISO, Indigo Airlines

The global pandemic has resulted in increased cyberattacks. Threat actors are not sparing any moment to be on top of their game plan to exploit any business or industry. The Covid -19 has also compelled cybersecurity professionals to relook at their combat strategies and ensure every asset, within the organisation, is safe from the preying eyes of criminals.

The outbreak of Covid-19 enforced ‘work from home’ across geographies, making systems hot targets of criminals through various forms of attacks including phishing scams, ransomware, DDoS and others, which could target all weak links such as WI-fi and internet connections, files, unpatched software, data etc. Aviation, as an industry, is also not spared by cyber criminals. The recent attack on Easy Jet where the company was hit with highly sophisticated and left affected nine million customers, was talk of the town. Of those nine million, over 2,000 also had their credit card information exposed. The situation is quite grim from cybersecurity perspective as user data is getting exposed and security leaders trying to fix as much as they can.

dynamicCISO spoke to Ambuj Bhalla, Director IT Security and CISO, Indigo Airlines India’s largest domestic airline in size and operations. Ambuj, during this conversation, underlined the challenges of a security leader.  He feels that while work from home is mandatory in these times, it is full of challenges. Ambuj  says that cybersecurity is a key business enabler during the extraordinary times and organisations need a robust security posture to sustain the new workplace.

According to Ambuj, WFH is the need of the hour where employees are using numerous WiFi hotspots to connect to the office network. These hotspots and connections are usually not secure. Public WiFi just covers the basic hygiene which may not be very effective in corporate environment. For a CISO, it’s a daunting task to safeguard the critical business assets and functions while the work shall go as usual from any location.

Ensuring Last Mile Stability and Adopting the Right Security Posture

“Creating end user awareness and providing them with the ‘Do’s and Don’t’s’ when using home networks etc. remained our priority,” says Ambuj. “We ensured that timely device integrity checks were performed before allowing access to the corporate network. For VPN response, we adopted a policy of zero trust access through adoption of a risk-based authentication to the VPN gateway. A VPN access of a user is generally baselined. The moment we find a deviation, the device throws a step up authentication to the end users to prove the identify before it allows further access,” he says.

Tools such as DLP (Data Leakage Prevention) and tools to monitor employee activities closely were enforced. This was done to avoid any untoward incident that could impact business adversely.

Multi Cloud Collaboration: Here, it was important to put deterrents. We enforced a multi-factor authentication on all critical systems. Alongside, we also enabled close monitoring into cloud access environments in consultation with our cloud service providers. “Effective governance and third-party auditing of our partners/service partners was done to ensure that security BAU requirements are not compromised at their end,” informs Ambuj.

Securing Remote Working Tools:  As an organisation aware of the cybersecurity threats, we ensured device integrity before allowing a device to access the technology farm. Data security and protection controls were put in place and compliance to those was regularly monitored. “Any actions thereof are taken care in collaboration with the IT Helpdesk teams. All critical configuration/patching requirements are ensured by the use of ITSM tools. SOC teams looked at events 24*7 for early identification and remediation to avoid any considerable damage,” says Ambuj

Active Directories (AD) remains one of the key challenging areas for enterprises. “The devices, which connect over VPN, generally get the AD policy updates but the tricky part is to have 100% compliance. This is dealt with either by leveraging capabilities through ITSM Tools or by manual methods on case-case basis,” explains Ambuj.

Achieving a Seamless Experience in Remote Working Scenario 

Patching End Points: Device integrity checks were performed to ensure that end points used for connecting to our technology farm are meeting the bare minimum security standards. (for AV, Patch and other controls), This helped in reducing the cybersecurity attack surface. “Secondly, only critical patches and AV updates are pushed after testing to avoid any end user escalations, because an unpatched software is a magnet for malware,” cautions Ambuj.

Securing Data Moving Within Cloud

Here also, a strong user authentication enforced by Multi-factor Authentication (MFA) on all critical systems came handy. “We have enabled close monitoring into cloud access environments in consultation with our cloud service providers. Evaluation has been done while keeping in mind data security and according it the highest priority. This includes data encryption capabilities for both data in transit as well as data at restPrivacy controls on who can access your data, how long it may be used, stored, etc.,” he says. 

Speed up Detection & Fraud Forensic Employees on WFH

Digital forensics may not be possible unless the device is physically available. To speed up detection, the company did device integrity checks, along with 24*7 monitoring of technology farm and all remote access to the systems to identify any malicious/suspected behaviour.  “For Incident response/remediation we referred as per run books defined for specific used cases. We ensured that access is restricted to the corporate systems from compromised devices/end points,” says Ambuj. The security team also installed remote assistance to end users to fix up the issues on case to case basis. There was a continuous log analysis and malware analysis going on at the SOC level to identify the root cause and update the knowledge base for future requirements.

Compliance Followed

At an operational level. Indigo is aligned to ISO 27001 & IT Act 2000. Also, all of company’s data egress channels are closely monitored and security incident management plan is invoked to avoid any unwanted events. “Any new applications/projects being enabled to meet the business requirements undergo a comprehensive security review (including Vulnerability and Penetration tests). For effective governance and self-compliance, certificates from all our partners/service providers are obtained so that we ensure security requirements are not compromised at their end,” concludes Ambuj. 

Leave a Comment

Your email address will not be published.

You may also like