Cyber
Security
Hub
speaks
to
Sourabh
Haldar,
threat
policy
implementation
lead
of
information
and
cyber
security
at
Standard
Chartered
Bank
about
the
importance
of
cyber
resilience
in
the
face
of
emerging
threats.
Cyber
Security
Hub:
What
do
you
think
will
be
the
biggest
threat
vector
and/or
threat
target
in
2023?
Sourabh
Haldar:
From
a
sector-wide
perspective,
phishing
and
social
engineering-based
attacks
are
definitely
a
concern.
Phishing
is
the
easiest
way
for
malicious
actors
to
gain
a
primary
entry
point
for
cyber
attacks.
I
come
from
the
banking
and
finance
sector
and
we
receive
hundreds,
if
not
thousands,
of
phishing
attempts
on
our
perimeter
and
towards
our
employees,
daily.
The
financial
sector
is
not
the
only
industry
facing
this
problem,
as
75
percent
of
cyber
security
professionals
say
phishing
attacks
are
the
most
dangerous
threat
to
their
security.
Then,
of
course,
there
are
emerging
threats
coming
from
the
fact
that
there
are
an
increasing
number
of
devices
getting
online
capabilities.
This
gives
rise
to
a
unique
attack
surface
for
malicious
actors.
Previously,
the
primary
targets
for
attackers
were
endpoints
that
connected
to
the
internet,
like
computers
and
mobile
devices.
Nowadays,
the
Internet
of
Things
(IoT)
has
opened
the
attack
surface.
With
the
introduction
of
smart
devices,
something
as
simple
as
a
light
bulb
can
be
connected
to
a
network.
The
potential
ramifications
of
this
are
vast.
For
example,
someone
claimed
that
he
was
able
to
hack
into
and
control
the
functions
of
around
20
Tesla
smart
cars.
The
fact
that
we
are
using
smart
devices
and
even
have
smart
homes
exposes
people
to
a
new
form
of
threat.
From
an
industry
point
of
view,
however
I
do
not
think
that
smart
devices
as
an
attack
target
are
a
big
concern
for
the
banks,
as
we
do
not
really
use
a
lot
of
IoT.
This
being
said,
mobile
devices
and
other
endpoints
can
become
exposed
to
threats
through
employees,
as
well
as
third-party
partners,
so
it
is
something
to
keep
an
eye
on.
Finally,
one
more
emerging
trend
that
I
believe
will
grow
as
a
threat
target
is
digital
assets.
Digital
assets
are
things
that
have
a
uniquely
identified
digital
presence
and
perceived
value,
such
as
cryptocurrency.
The
way
these
assets
are
held,
for
example
through
smart
contracts,
or
via
digital
wallets,
are
also
considered
digital
assets.
Digital
assets
currently
utilize
distributed
ledger
technology
on
a
decentralized
network,
which
has
introduced
a
new
form
of
vulnerabilities.
As
an
outcome,
we
are
actually
seeing
a
lot
of
research
papers
warning
us
about
this
as
a
growing
risk.
In
fact,
more
than
US$3.8bn
worth
of
cryptocurrency
was
stolen
through
cyber
attacks
last
year.
“Cyber
risk
management
is
about
trying
to
minimize
the
likelihood
of
successful
attack,
and
cyber
resilience
is
about
minimizing
the
likelihood
of
an
impact
from
an
incident”
CSH:
Continuing
the
focus
on
digital
assets,
what
can
those
within
the
cybersecurity
space
do
to
mitigate
threats
against
digital
assets?
SH:
A
lot
of
people
are
jumping
on
the
bandwagon
of
digital
asset
creation
and
trading.
This
means
there
are
a
number
of
smaller
organizations
that
are
likely
not
mature
enough
to
prevent
cyber
attacks
handling
digital
assets
which
are
often
a
target
for
hackers.
Larger
organizations,
for
example
commercial
banks
like
HSBC,
are
much
more
prepared
to
deal
with
threats.
This
is
because
they
can
leverage
their
existing
means
of
cyber
risk
management
while
evolving
their
security
and
threat
defense
strategies
to
face
emerging
threats.
They
are
also
able
to
utilize
tools
like
automation
and
artificial
intelligence
that
may
not
be
available
to
smaller
organizations.
This
being
said,
while
these
companies
are
building
the
backbone
of
their
threat
response
capabilities,
they
still
have
to
apply
common
risk
management
principles
to
ascertain
and
understand
what
kind
of
capabilities
their
adversaries
process
to
help
them
decide
what
kind
of
controls
to
put
in
place.
From
an
overall
approach
point
of
view,
the
security
strategy
employed
by
both
smaller
and
larger
businesses
will
be
the
same.
From
a
capability
point
of
view,
however,
large
businesses
are
in
a
better
place
to
apply
new
techniques
and
put
new
controls
in
place.
Additionally,
larger
businesses
are
better
able
to
invest
in
both
front-end
and
back-end
capabilities
simultaneously,
while
smaller
businesses
may
have
to
choose
only
one
to
invest
in.
As
smaller
businesses
will
be
looking
to
enhance
the
experience
for
customers
using
their
platform,
they
may
neglect
their
security
capabilities
to
do
so,
leaving
them
open
to
attack.
Another
point
that
is
certainly
worth
highlighting
is
that
bigger
organizations
will
also
have
better
insurance
against
cyber
attacks.
Therefore,
their
cyber
resilience
is
increased.
If
their
network
is
brought
down
completely
during
an
attack,
they
are
more
likely
to
be
able
recover
than
a
company
that
does
not
have
protections
against
this
in
place.
This
is
true
from
both
a
business
and
financial
perspective.
CSH:
What
is
the
difference
between
cyber
risk
management
and
cyber
resilience,
and
why
are
they
both
important
in
threat
intelligence?
SH:
In
layman
terms,
I
would
say
that
cyber
resilience
bridges
the
gap
between
cyber
security
risk
management
and
operational
resilience.
Traditional
operational
resilience
is
all
about
disaster
recovery
and
business
continuity
planning,
for
example
making
sure
a
company
can
bring
service
back
into
operation
if
the
network
goes
down.
Whereas
cyber
risk
management
is
all
about
establishing
security
infrastructure
in
place,
ensuring
your
most
important
assets
are
protected
against
the
most
common
threats.
In
short,
cyber
risk
management
is
about
trying
to
minimize
the
likelihood
of
successful
attack,
while
cyber
resilience
is
about
minimizing
the
likelihood
of
an
impact
from
an
incident.
In
broader
terms,
cyber
resilience
is
about
anticipating
what
will
happen
if
an
attack
occurs.
It
is
all
about
asking
the
right
questions:
How
will
you
withstand
this
specific
threat
vector?
How
will
you
recover
from
the
attack?
Using
this,
cyber
security
professionals
can
then
evaluate
the
recovery
and
response
mechanisms
they
have
in
place
and
develop
them
as
needed.
Cyber
resilience
looks
at
minimizing
the
extent
and
duration
of
cyber
attacks
and
the
impact
they
have
on
the
business
and
its
services
as
much
as
possible.
Cyber
resilience
considers
all
the
possible
impacts
of
threats
and
how
to
combat
them.
As
an
example,
when
looking
to
develop
a
cyber
resilient
security
strategy,
a
cyber
security
professional
may
consider
what
would
happen
if
a
very
advanced
persistent
threat
actor
breached
their
company’s
perimeter
and
remained
in
its
network
for
six
months.
They
will
consider
how
they
would
cope
with
the
discovery
of
such
a
breach,
including
minimizing
the
confidential
and
sensitive
data
a
malicious
actor
could
gain
access
to
once
in
their
network.
By
doing
so,
they
can
attempt
to
minimize
the
likelihood
of
a
data
breach.
Overall,
cyber
resilience
is
largely
about
detection
and
response,
while
cyber
security
risk
management
is
more
about
how
companies
define
themselves.
By
using
these
definitions,
cyber
security
professionals
can
identify
the
threat
vectors
that
are
likely
to
be
used
to
target
their
company
and
guard
against
them,
giving
their
company
the
maximum
amount
of
protection
possible.
Learn
more
from
Sourabh
Haldar
by
registering
for
his
session,
Mitigating
threat
actors
and
becoming
cyber
resilient
by
understanding
the
‘what,
why,
how’
of
cyber
attacks,
at
CS
Hub
Live:
Threat
Intelligence
APAC.
About Author
