The recent Wipro case reminds that there is more to IT than agility, speed and business edge. The chinks that make ships sink can be, often, tucked away in the crevices of hurry, negligence or human oversight
April 14 or 16. The dates can change but the message does not.
Titanic or Boeing. The names can change but the story does not.
For long, people assumed that Titanic went down due to a nasty and hard-to-spot iceberg. Some pin it down to its greed to break a speed-record. But investigators, firefighters-on-the-scene and researchers have slowly put together another possibility. Not ice. But coal. And lots of it – that was burning since the say it left a land-shore.
New documentaries and accounts unfold the mystery when they show that the fire was so uncontrollable that stokers were shoveling this burning coal to get a grip on the fire. This coal in the furnaces actually accelerated the speed of the ship by making the engines work harder.
Also, one of the coal bunkers that housed this fire could have been wedged right near one the main bulkheads of the ship. Yes, the very bulkheads that were supposed to give a life-boat like feel to the ship just in case it sank. The watertight walls that were designed to keep seawater from spreading if a hull breach happened – those very walls suffered a breach. The 30-foot-long dark mark on the hull could be evidence that Titanic sank not because, or not just because of, hitting an iceberg. But because of the uncontrolled coal inside that could have made the bottom of the watertight compartment dinge aft and the other part dinge forward. The bulkheads did not hold up as they were supposed in the eventuality of a wreck, and rest is, a tragic history.
What Senan Molony and some universities have unfolded about 1912, somehow, holds relevant for what we have seen with another luxury-liner of this century. Use of autonomous technology, inadequate/improper pilot training, sloppy and hurried factory work, electronic/mechanical garbage lying unattended – Boeing’s factories have come under a new spotlight after the 737 fiasco. They reek of the same issues that made the unsinkable ship wobble.
And the story of chasing speed at the cost of security, agility by cutting corners, convenience by jeopardizing long-term stability – that just keeps turning new pages and death-rolls.
IT – the new iron and irony
No matter how ambitious a ship or a plane or a company is; every small cog, wheel, mistake, pinch of coal, IT network, server configuration and software bug matters. Most companies are too busy to focus on the engines and varnish of a car that they forget that the axle of the wheel is as important, if not more, in ensuring a smooth ride/race ahead.
That’s why Wipro’s case is a Jamais Vu one here. Cyber attacks are not a one-off annual meteor anymore. They are happening more frequently and leaving longer tails for the analysts to drill their eyes in. But when an IT service provider, a set of rear-wheel axle shaft that is supposed to keep the car moving, a chamber of coals that is tucked into the ship by design in a way that it is almost invisible, when that very trusted piece suffers a dent – then worry-meters are bound to hit the ceiling.
Because a small slit here is good enough to slice the whole ship of a customer’s enterprise into shreds. After all, it is IT that we are talking about. If IT networks or service providers are compromised, what better, or easier, jumping-off point could an attacker wish for?
Oil-checks – A must
The latest cyberattack on Wipro’s IT systems are deeply concerning – and yet not surprising as Surendra Singh, Country Director, Forcepoint India describes it. “While the organisation has done the right thing to launch investigations into the source of this attack, the reports suggest that nefarious actors compromised digital identities/ credentials of approved users – so as to operate within the Wipro network, masquerading as insiders.”
Here, Sanjay Katkar, CTO, Quick Heal Technologies Limited calls technology both an enabler and an Achilles ‘heel and explains the reasons. “IT/ITeS companies are typically amongst the early-adopters of any new technology and proactively develop applications and software based on newer technologies, whether for their enterprise clients or for their employees. This, unfortunately, leaves them vulnerable to security risks which might not have been addressed or even identified.”
According to the Seqrite Threat Report H2 2018, the IT/ITeS industry was highlighted as the most targeted sector, accounting for 27.83 per cent of the total malware detections during the reporting period – Katkar reminds.
The threat is pronounced for certain categories and for the reason that OEM providers of an invincible car can also be the avenues to slip in a fragile pane of glass or a loose nut.
“Cybercriminals want to target organizations that are dealing with payment systems/card credentials for bigger heists, feels Katkar. “Most of these organizations are well protected because of the sensitive nature of the data. So now cyber criminals are looking for back -door entry by hacking into their service providers who may have not applied as much security as the parent organizations and hence they can enter into these companies unnoticed.”
So, just picking a sturdy OEM and souping-up legacy cars will not be enough. A company will have to be as rigorous, relentless and alert about vulnerabilities on back-door fronts as it is for front-door frisking.
Listen to what Katkar suggests. “Such attacks exploit the weakest link in the supply chain network which grants attackers access to larger organisations in custody of the sought after data. Hence, organisations need to have a proper oversight of security risks through vendors and regularly evaluate their privacy and security policies.”
Smell the smoke
Consider what fire science expert Guillermo Rein from the Imperial College of London reckoned about the Titanic tragedy. The fire could have been as severe as 1,800 degrees Fahrenheit. What is alarming and regretful, however, is that a coal fire could have been easily burning for days or weeks before getting noticed.
KrebsOnSecurity that brought the torch on Wipro, is already warning similar vulnerabilities in the systems of other IT Bellwethers as well.
The risk amplifies because of the sheer amount of sensitive information that IT/ITeS companies handle on a daily basis, including customer data, financial data, future planning, sales data, industry insights, new innovations and IPs, etc.
Katkar weighs in the gravity. “The flexible working environments and BYOD functionality also leave IT/ITeS companies facing a situation where a breach can occur internally or externally. All of this makes securing valuable databases and resources a priority for players in the domain.”
What can service providers do better to be fore-armed? Here is the angle of a Managed Service Provider (MSP) itself. Neelesh Kripalani – Sr. VP and Head – Center of Excellence (CoE), Clover Infotech surmises that it is imperative for organizations to stay ahead of the game against the hackers, and we as the MSP play an important role in ensuring the same.
“The approach towards cyber security threats needs to be proactive rather than reactive. We recommend implementation of Database Activity Monitoring (DAM) solutions to monitor database traffic for detection and blocking of threats. We conduct regular VAPT tests and ensure corrective actions are taken up in real-time. In addition, we implement data security features such as redaction, masking, database vault, encryption etc. to ensure that sensitive data is protected. For cloud environment, we suggest to implement role based access so that the administration privileges do not stay with single user account. Additionally, we recommend implementation of cloud access security management tools for greater security control and access visibility of Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) solutions”.
Singh leaves a whiff of caution. “Increasingly, sophisticated attacks are being launched on enterprises and government agencies to gain access to critical data and intellectual property. And, traditional security approaches for combating such cyberattacks are no longer effective in today’s digital world. To secure the digital enterprise, Chief Security/Information Security Officers (CSO/CISOs) need to understand who is accessing data and why. Organisations should focus on understanding the normal behaviour of legitimate users who have access to critical data. By creating a baseline of normal behaviour, it becomes much easier to know when this behaviour changes – signalling an attempted breach or a compromised insider.”
In addition, controlling data access, creating individual user authorisations, and enabling quicker detection and response through cutting-edge security solutions are some additional measures which can be implemented by the organizations, as Katkar recommends as well.
Nothing is water-tight
It certainly helps to be fussy and alert rather than complacent and ignorant. Businesses will find this extra-difficult in this digital age where competitive advantage boils down to microseconds be it, real-time, up-time and before-time. It is easy to gloss over what is missing or working under the hood – to trust the small parts for keeping everything running smooth. But this is exactly where an iceberg gets in.
Never neglect the bulk heads, as many security experts and forensic teams have gathered by now. Business waters or oceans, it never hurts to include extra lifeboats.