Meet Prashant Jadon, the Founder and mastermind behind NormSec, dedicated to safeguarding your digital realm and creating cutting-edge Android applications. Prashant embarked on his cybersecurity journey during high school, launching into stealth mode and collaborating with major banks in India, functioning as a cyber-world secret agent.
As the leader of the Android squad at Google Developer Student Club, Chandigarh University, Prashant goes beyond mere tech enthusiasm. NormSec, his brainchild, reflects his commitment to exploring innovative cybersecurity solutions for app protection. Joining forces with the cybersecurity Avengers at Hackerone, he has worked alongside industry giants such as Apple, Rockstar Games, and the U.S. Department of Defense.
Prashant’s role as a Security Analyst for top Indian companies involved detective work—testing apps, infiltrating web applications, and ensuring cloud security, akin to a digital Sherlock Holmes. Beyond codes and puzzles, he has shared his tech adventures as a speaker at IIT Delhi‘s Evolve 2018, earning acclaim from industry heavyweights like Apple and Adobe. Prashant’s projects—Clubnorms, Infotic, and Ground Control Station Nambi—serve as showcases for his exceptional tech prowess.
In a candid interaction with The Interview World, Prashant discusses the evolving landscape of cybersecurity, mechanisms and hacks for enterprises to thwart cyber threats, emerging tools and technologies, and urges for pre-emptive measures. Here are the excerpts from his interview.
Q: In light of the evolving cyber threat landscape, what are the most significant types of cyber threats that enterprises should be concerned about today?
A: Navigating the online landscape is akin to mastering a complex video game, where cyber threats are formidable adversaries and unexpected obstacles. Understanding these threats is like acquiring special powers or weapons to fortify the digital realm.
Ransomware, a digital menace, resembles having a cherished game held hostage. It infiltrates systems, encrypts files, and demands a ransom for release.
Zero-Day Exploits are akin to discovering hidden passages in a game before creators are aware—secret flaws exploited by hackers before fixes can be implemented.
AI-Powered Attacks mirror facing an intelligent computer opponent in a game, using smart programs that learn and adapt to exploit security system weaknesses.
Vulnerabilities in IoT and OT devices are comparable to gadgets with hidden doors that hackers use to access sensitive information or gain control without permission.
Human ignorance is a significant gateway for cyber attackers. A lack of awareness of online safety practices creates vulnerabilities exploited by attackers, necessitating robust cybersecurity education.
The recent Uber hack by a teen accessing internal systems underscores how human ignorance impacts cybersecurity. Initially seen as a joke, the breach highlights the risks of neglecting security measures, emphasizing the need for stringent protocols and proactive cybersecurity education.
The Uber security breach incident, where a hacker claimed access to internal systems, exposes the role of human ignorance in cybersecurity. Initially perceived as a joke, the hacker gained access using Google Cloud credentials, emphasizing the vulnerabilities resulting from human error. This incident underscores the importance of cybersecurity awareness and robust security protocols, prompting Uber to reinforce measures and prevent future incidents.
Q: How crucial is a thorough risk assessment for enterprises, and what methodologies or frameworks do you recommend for identifying and prioritizing potential cyber risks?
A: Embark on a video game adventure, and envision the importance of checking the map before diving in—similarly, a company relies on a risk assessment to navigate potential hazards in the digital landscape.
For enterprises, a risk assessment acts as a comprehensive map, revealing dangers and ensuring safe navigation through the business-technology realm.
Identifying Potential Threats: Like anticipating monsters in a game, a risk assessment helps companies discern threats—cyberattacks, natural disasters, or financial issues—that could harm their business.
Understanding Vulnerabilities: Similar to finding weak spots in a castle, a risk assessment aids businesses in pinpointing areas prone to issues, such as outdated software or inadequate security measures.
Minimizing Risks: Imagine donning armor before battle; a risk assessment empowers companies to mitigate potential risks, creating plans to alleviate problems’ severity.
Protecting Resources: Much like safeguarding treasures in a game, enterprises protect valuable resources like data. A risk assessment shields these resources from potential harm.
Compliance and Assurance: Rules and regulations exist for businesses to follow. A risk assessment ensures compliance, providing assurance to customers, partners, and regulators that security is prioritized.
Recommended frameworks—OWASP Risk Rating Methodology and MITRE ATT&CK Framework—are community-driven tools:
OWASP Risk Rating Methodology: A grading system for security risks in web applications, helping organizations identify and prioritize risks based on attack likelihood and impact.
MITRE ATT&CK Framework: An encyclopaedia of cyber threats and attack techniques, categorizing tactics and techniques used by attackers. It enhances organizations’ ability to detect, respond to, and prevent cyber threats.
Q: Beyond technical solutions, how important is fostering a cybersecurity-aware culture within an organization, and what steps can businesses take to instill a sense of responsibility for cybersecurity among employees?
A: Creating a cybersecurity-aware culture within a company is akin to assembling a cohesive video game team, united in the mission to safeguard digital assets. In this cyber “game,” every employee serves as the frontline defense against potential threats, forming a collective shield against phishing, social engineering, and cyber-attacks.
A cybersecurity-oriented culture empowers all team members, from leadership to newcomers, to recognize, report, and address risks. It’s a game where each individual’s actions are critical, emphasizing that cybersecurity is not solely the domain of tech experts. Everyone plays a pivotal role in the company’s digital security squad.
To breathe life into this culture, companies follow specific steps:
Training and Education: Regular sessions and workshops educate employees on cyber threats, safe practices, and the importance of cybersecurity.
Clear Policies and Procedures: Establish concise cybersecurity policies outlining expected behavior, password policies, data handling practices, and incident reporting protocols.
Leadership and Communication: Leadership demonstrates commitment, fostering a culture where security is a shared responsibility, with effective communication of updates and best practices.
Simulated Phishing Exercises: Conduct campaigns to raise awareness and train employees to recognize and respond to suspicious emails.
Encouragement and Recognition: Foster a culture where reporting security concerns is comfortable, recognizing and rewarding good security practices.
Regular Assessments and Feedback: Continuously evaluate the effectiveness of awareness programs, collecting employee feedback for refinement.
Integration in Onboarding Processes: Incorporate cybersecurity training into onboarding, emphasizing its importance from day one.
Technology Tools and Support: Provide user-friendly security tools complementing employee responsibilities.
In essence, building a cybersecurity-aware culture forms a team of digital superheroes, promoting safety, responsibility, and collaboration to protect against cyber threats, much like successfully tackling digital challenges in a game.
Q: Given the inevitability of cyber incidents, what elements should be included in a robust incident response plan, and how frequently should it be tested and updated?
A: Picture an organizational scenario resembling a school’s fire drill—a meticulous plan tailored for unexpected situations. Similarly, in the corporate realm, the Incident Response Plan (IRP) serves as a strategic blueprint, outlining precise protocols for digital crises like cyberattacks or technical glitches.
Comparable to strategic moves in a game, a proficient IRP requires clear crisis directives, designated authorities, and a comprehensive communication framework. Consistent testing, akin to recurring game practices, ensures the plan’s seamless functionality, turning it into a routine exercise. Simultaneously, updates are vital, aligning with metaphorical additions of new game levels. The IRP must adapt to emerging threats and technological shifts, making it a dynamic response strategy.
Establishing a Robust Incident Response Plan involves key elements:
Clearly Defined Roles and Responsibilities: Assigning distinct roles to individuals or teams ensures a structured response, involving incident coordinators, technical staff, communication liaisons, legal advisors, and management.
Predefined Escalation Procedures: Establishing clear paths for escalation streamlines reporting and response, enabling swift action.
Incident Identification and Classification: Procedures for identifying, assessing, and classifying incidents based on severity ensure a targeted and proportionate response.
Containment and Eradication Strategies: Defining steps to contain and eliminate threats safeguards affected systems.
Forensic Investigation and Analysis: Documenting procedures for forensic analysis aids in understanding the root cause and preventing future incidents.
Communication and Notification Protocols: A well-structured communication plan ensures transparency and compliance with legal obligations.
Recovery and Restoration Procedures: Clearly delineated steps for system recovery and data restoration mitigate post-incident fallout.
Post-Incident Review and Improvement: Regular assessments and updates post-incidents identify areas for improvement, enhancing the plan’s efficacy.
Testing and Updating Frequency:
Regular Testing: Conduct simulated exercises, tabletop drills, or full-scale simulations to expose gaps and weaknesses, ensuring continuous refinement.
Annual or Significant Change Reviews: Periodically review and update the plan, aligning with organizational shifts in infrastructure, technology, regulations, or threat landscapes.
Integration of Real Insights: Updates should integrate insights gained from real incidents or testing exercises, ensuring practical relevance.
Prompt Adjustment: Adapt the plan promptly in response to emerging threats, technological changes, or alterations in business operations.
To augment the plan’s effectiveness, continuous training sessions for involved employees are imperative. Ensuring a profound understanding of roles, plan dynamics, and awareness of evolving cyber threats fortifies preparedness and adaptability in effectively managing potential incidents.
Q: With the increasing reliance on third-party vendors and services, what strategies do you recommend for effectively managing and mitigating the cybersecurity risks associated with external partners?
A: Consider the analogy of forming alliances in a game where trust is paramount for success. Similarly, in the corporate realm, when companies collaborate with other entities, they entrust them with their digital assets. Here’s a guide on how to secure these partnerships:
Strategic Partner Selection:
- Just as you carefully choose reliable teammates in a game, companies must wisely select their partners.
- Evaluate whether potential partners prioritize cybersecurity, akin to ensuring your gaming buddy adheres to fair play.
Limiting Information Sharing:
- Share only essential information with partners, maintaining confidentiality without divulging all the secrets.
- Imagine sharing only the necessary gaming clues for success.
Evaluating Security Measures:
- Companies should scrutinize their partners’ security measures, similar to safeguarding a gaming treasure.
- Inquire about their data protection methods, strong passwords, and protective firewalls.
Monitoring Partner Actions:
- Regularly monitor partners’ handling of data, ensuring adherence to security standards, just like keeping an eye on your teammate’s moves in a game.
- Conduct checks and audits to ensure fair play.
Preparing a Backup Plan:
- Companies need contingency plans, similar to having extra lives in a game.
- Develop backup strategies (Plan B) to keep operations running smoothly if issues arise with a partner.
Now, from a technical perspective in dealing with third-party services:
Vendor Risk Assessment and Due Diligence: Conduct thorough risk assessments before onboarding vendors, considering security practices, data handling, and compliance with industry standards.
Contractual Agreements and Security Requirements: Clearly define cybersecurity expectations in contracts, specifying security standards, incident response procedures, and the right to audit vendor security practices.
Continuous Monitoring and Oversight: Implement ongoing monitoring and oversight of third-party vendors, using automated tools to track activities and detect potential risks in real time.
Security Standards and Best Practices: Set minimum security standards for vendors, aligning with your organization’s policies, and encourage a cybersecurity culture within their organizations.
Data Protection and Access Controls: Define data handling guidelines and access controls, implementing secure data transfer methods for shared information.
Incident Response and Contingency Plans: Collaborate with vendors to establish incident response and contingency plans, ensuring alignment with your organization’s protocols.
Regular Vendor Training and Awareness: Provide cybersecurity training for vendor employees with access to systems or data, promoting an understanding of security protocols.
Establish Exit Strategies: Plan for contingencies in case of termination, ensuring proper data retrieval, deletion, or transfer procedures.
In summary, managing cybersecurity risks with external partners mirrors effective teamwork in a game. It involves choosing trustworthy allies, sharing information selectively, assessing security measures, monitoring actions, and having contingency plans. This approach enables companies to collaborate successfully while safeguarding their digital assets.
Q: What are the essential components of a comprehensive cybersecurity technology stack, and how can organizations strike a balance between implementing the latest security tools and ensuring compatibility with existing systems?
A: Cybersecurity Tool Kit – Your Digital Arsenal: A cybersecurity technology stack mirrors a superhero’s toolkit, defending computers and data from digital threats.
Firewalls & Antivirus – The Protective Shields: Firewalls act like impenetrable force fields, while antivirus software plays the hero, battling malicious viruses to safeguard computers from harmful attacks.
Encryption – The Secret Decoder: Encryption operates as a secret message, decipherable only by trusted allies. It secures vital information by transforming it into code, accessible solely to authorized individuals.
Intrusion Detection Systems (IDS) – The Watchful Eyes: IDS serve as vigilant guards surveilling a castle for potential threats. Similarly, they monitor computer systems, raising alerts at any hint of suspicious activity.
Balancing Act – Game Compatibility: Just like adding game features without disrupting existing ones, organizations must harmonize new cybersecurity tools with their current systems.
Compatibility Checks – Like Game Updates: Before integrating new security tools, organizations verify their compatibility, akin to ensuring a game update doesn’t crash the entire system.
Gradual Upgrades – Adding New Levels: Rather than sudden changes, organizations gradually introduce new security tools, step-by-step, resembling unlocking game levels while ensuring seamless functionality.
Testing & Tweaking – The Gameplay Testing: After implementing new security tools, rigorous testing and adjustments occur, similar to exploring new game features for glitch-free performance.
A cybersecurity tech stack acts like a team of digital superheroes, guarding computers and data. Balancing the integration of new tools with the preservation of existing systems is comparable to adding game features without disrupting gameplay. This necessitates compatibility checks, gradual upgrades, and thorough testing to counter cyber threats effectively.
Here are some bonus points:
Firewalls and Network Security: Deploy next-generation firewalls (NGFW) and intrusion prevention systems (IPS) to monitor and control incoming and outgoing network traffic, protecting against unauthorized access and malware.
Endpoint Protection: Utilize antivirus software, endpoint detection and response (EDR) tools, and endpoint security solutions to safeguard individual devices (computers, mobile devices) from malicious activities.
Security Information and Event Management (SIEM): Implement SIEM solutions to centralize log collection, analyze security events, and detect anomalies or potential threats across the network.
Vulnerability Management: Use vulnerability scanners and assessment tools to identify weaknesses in systems, applications, or networks, enabling proactive patching and mitigation of potential vulnerabilities.
Identity and Access Management (IAM): Deploy IAM solutions to manage user identities, access privileges, and authentication mechanisms, ensuring only authorized users can access resources.
Data Loss Prevention (DLP): Employ DLP tools to monitor and prevent unauthorized access, use, or transmission of sensitive data, both within and outside the organization.
Encryption and Data Protection: Implement encryption mechanisms for data at rest and in transit, ensuring confidentiality and integrity of sensitive information.
Incident Response and Forensics: Have incident response tools and forensic analysis capabilities to investigate and respond to security incidents effectively.
Strategies for Balancing New Tools and Compatibility:
Assess Current Systems: Evaluate existing systems, identify gaps in security measures, and assess compatibility of new tools with current infrastructure.
Integration Capabilities: Prioritize security tools that offer integration with existing systems, allowing for seamless deployment without disrupting operations.
Scalability and Flexibility: Choose scalable solutions that can adapt to changing business needs and accommodate future technological advancements.
Pilot Testing: Conduct pilot tests or proof-of-concept trials before full-scale deployment to assess compatibility, performance impact, and effectiveness of new security tools within the existing environment.
Vendor Collaboration: Collaborate with vendors or service providers to ensure proper integration and compatibility of new security tools with existing systems.
Risk-Based Approach: Adopt a risk-based approach to prioritize security investments, focusing on critical assets and areas with the highest cybersecurity risks.
Regular Updates and Maintenance: Maintain a proactive approach to regularly update and patch both new and existing security tools to mitigate vulnerabilities and ensure compatibility.
Q: How does the use of encryption contribute to overall cybersecurity, and what measures should enterprises take to ensure the privacy and protection of sensitive data, especially in the era of increasing data regulations?
A: Encryption – The Hidden Language: Imagine crafting a clandestine language with your companions, a code known exclusively to you. This is encryption in action—morphing crucial information into an enigmatic cipher, akin to a securely locked chest accessible solely to those possessing the elusive key!
The Cybersecurity Power of Encryption: Analogous to having an ultra-secret refuge for your most prized possessions, encryption stands as the paramount guardian of sensitive data. It transmutes information into an indecipherable code, ensuring protection against digital prying eyes. It’s akin to constructing an intricate puzzle that only you can unravel.
Securing Data with Precision: Envision your most valuable trading cards safeguarded in a highly fortified vault. Organizations deploy encryption to shield their digital treasures—such as passwords and personal information. Robust encryption tools act as sophisticated locks, fortifying data against cyber threats.
Access Control, the Digital Bouncer: Picture your favourite club admitting only VIPs; businesses dictate who gains access to their confidential data. Access control restricts entry solely to authorized individuals, utilizing sophisticated passwords or even fingerprint scanners.
Routine Security Audits: Just as you’d give your bike a periodic checkup, organizations conduct security system audits. They ensure encryption is performing effectively and update it regularly, akin to installing cutting-edge bike accessories for enhanced safety.
Adhering to the Data Rulebook: In the realm of cyber games, there are established regulations to abide by, such as GDPR or CCPA in the data world. Companies must adhere to these rules, much like playing by the game’s regulations, to safeguard data and avoid penalties. Staying abreast of these regulations is imperative!
In essence, encryption serves as your confidential language for shielding data from cunning online troublemakers. To ensure data security, companies require robust encryption tools, astute access controls, routine security assessments, and a rule-compliant mindset—just like safeguarding your secrets in a digital world full of mischief!
Q: How important is continuous monitoring for detecting and responding to potential threats in real time, and what tools or strategies do you recommend for maintaining a vigilant security posture?
A: Continuous Monitoring – The Digital Watchdog: Continuous monitoring in cybersecurity acts as a perpetual guardian, tirelessly scanning computers and networks for signs of trouble.
Why Continuous Monitoring Matters: Detecting cyber threats in real-time, continuous monitoring is crucial for swift action, akin to catching bad actors in a game before they wreak havoc.
Tools for Continuous Monitoring – Your Cyber Guard: Security Information and Event Management (SIEM) systems are like digital guards, collecting and analysing information from different network areas to detect anything suspicious.
Strategies for Staying Vigilant:
Alert Systems – Sounding the Alarm: Companies need alert systems, akin to home alarms, providing immediate notifications when something is amiss—a pre-emptive warning signal against potential trouble.
Threat Intelligence – Knowing Your Opponents: Understanding cyber villains’ tricks is essential. Threat intelligence tools gather information on new threats and tactics, helping organizations stay ahead in the digital game.
Regular Checks – The Health Checkup: Similar to routine medical checkups, companies should conduct regular system checks to ensure everything is healthy and secure, much like maintaining a well-functioning game console.
Continuous Monitoring – The Cyber Sentinel: Continuous monitoring serves as a vigilant ally, akin to a super-smart digital watchdog, overseeing computers and networks ceaselessly.
Why It’s a Big Deal: Continuous monitoring catches cyber threats in real-time, acting like a superhero preventing chaos. It’s a proactive approach that tackles issues swiftly.
Tools for Round-the-Clock Surveillance – Your Cyber Sidekick: SIEM systems act as trusty digital sidekicks, gathering and analysing data to uncover anything suspicious—a detective solving mysteries in the digital realm.
Stay Alert! – Sound the Alarms: Just like an alarm bell warns of unexpected visitors, companies need alert systems buzzing at the first sign of cyber trouble—an early warning system against potential sneak attacks.
Know Your Foes – Intelligence Gathering: Understanding enemy tricks is key. Threat intelligence tools help organizations stay ahead by uncovering new threats and tactics, much like knowing your foes’ weaknesses in a game.
Routine Check-ups – Healthy Systems, Happy Games: Regular system checks ensure everything runs smoothly, analogous to keeping gaming gear in top shape—a cyber health check for glitch-free operations.
Tools and Strategies for Maintaining a Vigilant Security Posture:
Security Information and Event Management (SIEM): SIEM solutions offer real-time threat detection, alerting, and incident response capabilities by aggregating and analysing logs and security events.
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): IDS/IPS solutions monitor network traffic for suspicious activities or known attack patterns, triggering alerts or blocking malicious traffic.
Endpoint Detection and Response (EDR): EDR tools provide visibility into endpoint activities, allowing real-time monitoring, threat detection, and response capabilities on individual devices.
Security Orchestration, Automation, and Response (SOAR): SOAR platforms integrate security tools, automate response actions, and orchestrate incident response workflows for faster and more efficient threat response.
User and Entity Behaviour Analytics (UEBA): UEBA solutions analyse user behaviour and entity activities to detect anomalous patterns indicating potential insider threats or compromised accounts.
Network Traffic Analysis: Utilize network traffic analysis tools to monitor and analyse network traffic, identifying suspicious patterns or anomalies signalling malicious activities.
Vulnerability Management Platforms: Implement vulnerability scanners and management tools to continuously assess and remediate vulnerabilities in systems or applications.
Threat Intelligence Feeds: Subscribe to threat intelligence services for up-to-date information on emerging threats, indicators of compromise (IOCs), and known attack patterns, enhancing monitoring capabilities.
Continuous monitoring serves as a proactive cyber partner, helping companies address potential threats with clever tools, alert systems, and a watchful eye on the digital playground.