Security consulting firm Cyber Resilient Group’s founder Kapil Matta shares insights into the biggest security threats organisations will face in 2019 and beyond, and how they can help organisations stay resilient.
Please give us a brief overview of Cyber Resilient Group’s business.
Cyber Resilient Group is a niche cyber security consulting and technology solutions firm. We are committed to creating a cyber resilient ecosphere through our unique approach. Our core consulting expertise includes information security, business continuity management, technology advisory and solutions, and compliance advisory services for PCIDSS and GDPR.
What do you think are the biggest data and security risks now facing businesses?
We have seen organisations being breached in 2018 and this number will grow exponentially this year. The first quarter of this year has already seen this trend with govt. institutes and fortune 100 companies being breached which will only see the uptrend. One of the key reasons being hackers are using the same AI-based deep learning and behaviour technique which we are trying to protect our organisations. Most peers forget this elementary but crucial fact while embracing cyber security solutions.
Phishing still remains to be the largest of threat vectors with more than 90 percent of malware, backdoors and ransomware among others being targeted through email campaigns.
Multiple variants of ransomware will also continue to be present alongside malvertising campaigns which can be run on legitimate websites and without the users clicking any links the malware (payload) can be dropped and the users machine can be infected.
In addition, regional firms will face threats and risks such as crypto jacking or crypto mining, which involves unauthorised use of computing resources that can have severe impact on organisations infrastructure and even damaging it. Another threat is cross site scripting attacks (XSS), which injects malicious scripts or code into legitimate and trusted websites and web applications.
Regional firms can also expect increasing threats on IoT/OT/IoMT devices: unmanaged and single-purpose IoT devices present the biggest security challenge posed to organisations. Another threat organisations need to wary of is mobile malware, cybercriminals are taking advantage of the significant increase in mobile devices which are often targeted due to poor vulnerability management and outdated software patches.
Geopolitical risks and state sponsored attacks remain as big threats in this part of the world. With the implementation of data protection policies cum GDPR organisations are now carefully considering where their data resides. By doing so, they are increasingly realising intricacy of third-party risks pushing them to put measures in place. Hence, enterprises are accepting geo-political risk as part of cybersecurity risk.
Last but not the least shadow IT, a huge percentage of employees use shadow IT applications at work place which is a serious compliance and cyber security threat as IT department is unaware of its usage, unable to monitor and the difficulty in integrating within the existing infrastructure.
How do your organisation’s services help Middle East firms to drive their digital and security transformation?
We are committed in creating and assisting a cyber resilient ecosphere by delivering a broad range of consulting services and cyber security solutions. We also aim to enable organisations build strength in line with business strategy, facilitate change, achieve their vision, optimize performance and cyber resilience.
Our unique approach towards digital and security transformation in terms of providing complete visibility, embedded with virtual reiteration, automated tools and information services works as a catalyst in providing value-added offerings which is unheard of in the industry. This unique approach and industry-wide experiences has enabled us to help customers address various cybersecurity risks.
How important is the role of security consulting firms like Cyber Resilient Group in terms of helping modern enterprises stay secure in the digital era?
CRG works closely with clients to understand their corporate DNA, align with business strategies and identify lacunae in their current environment from people, process and technology perspective. it’s imperative for CRG to stay ahead of the curve and predict cyber security landscape and recommend scalable, futuristic solutions to ensure cyber resilient ecosphere for enterprises.
What can regional firms expect from Cyber Resilient Group in 2019?
Our vision is to set new industry benchmarks and impart knowledge to our customers. To achieve this we would like to be their strategic knowledge partners wherein we can foresee and identify their challenges. Our focus would be raising awareness through different mediums including digital inclusion to educate our clients with the current and future trends of cyber resilience.
