Cloud & the New Wave of Risks for Business Applications

One of the main drivers of these cyber threats is the increase in online activity - users engaging with commerce, education, shopping, and more on the Internet and through mobile applications – mostly deployed on the Cloud

India is among the top five countries in the world with the highest number of cyber security incidents in 2020. While all industries are prone to cyberattacks, Government, insurance, legal, education, and research, healthcare and manufacturing remain the most vulnerable

11,58,208 cyberattacks were registered by the Indian Computer Emergency Response Team (CERT-IN). In response to this, the government launched the Cyber Surakshit Bharat program which aims to create awareness about cybercrime and set in place adequate safety measures for Chief Information Security Officers (CISOs) across all government departments.

The implications of growing cyber-attacks on Indian businesses are serious.

86% of the data breaches occur at the app level, making it imperative for businesses to strengthen the application ecosystem. Bad actors probe the networks to find vulnerabilities in applications and use a variety of tricks to lure customers into giving up sensitive information and carry out account takeover (ATO) attacks.

Today, a business of any size becomes an easy target of automated botnets that can launch massive, terabyte-per-second attacks. This disrupts business and can cause massive losses every year.

Doing business in an online, interconnected world raises a constant fear of cyberattacks, outages, and privacy violations. Businesses need to have active bot management and anti-fraud capabilities.

One of the main drivers of these cyber threats is the increase in online activity - users engaging with commerce, education, shopping, and more on the Internet and through mobile applications – mostly deployed on the Cloud. According to the 2021 report by IDC, the Indian public cloud services market will be approximately $10.8 billion by the end of 2025.

As businesses increasingly migrate to more efficient cloud-based services to meet escalating demands on infrastructure, they also become victims of a range of security complexities that follow.

We must therefore ask: How can businesses optimize performance from any device while providing a robust behind-the-scenes security architecture to their customers?

Systems, infrastructure, networks, platforms and applications equip every digital business with a vast wealth of digital-health data through probes, agents, logs, or traces.

Four essential considerations:

Zero trust model for a robust cybersecurity framework

Organizations must adopt a ‘Never trust, always verify, continuously monitor’ approach. This is important because users connect from a variety of locations and devices to access a range of applications. Security of applications is critical for preventing data breaches. Thus, the first approach is to create a cybersecurity framework with a zero-trust model to protect from bad actors. Then, to anticipate, plan and respond to risks in real-time, advanced web application firewall (WAF) and Web App and API Protection (WAAP) solutions monitor behavioral analytics embedded with machine learning and artificial intelligence.

Enhancing observability with analytics and automation

Leveraging automation to bypass manual review and approvals in the wake of an attack can improve performance or even halt an attack.

Systems, infrastructure, networks, platforms, and applications equip every digital business with a vast wealth of digital-health data through probes, agents, logs, or traces.

However, they don’t always have the insights to take positive or corrective action. Advanced machine learning-based analytics can deliver quick and accurate actionable insights and align with desired business outcomes.

Protecting end-users against fraud with client-side security

Businesses are broadening their digital services. Offering more convenience and enhanced customer experience leads to expansion of the digital attack surface. The need to defend against bots, recognize legitimate users and rapidly gain insight into client-side attacks is thus growing daily. Real-time engines that proactively monitor traffic and identify fraudster activity can help mitigate fraud early.

Seamless coordination between the security and fraud teams can prevent fraudsters from targeting the teams with automated credential stuffing and launching account-takeover (ATO) attacks.

ATO is considered the most prevalent and expensive attack, which resulted in over $ 6 billion in losses globally in 2020, as per the 2021 Identity Fraud Study by Javelin Strategy and Research.

Strengthening security with updates and training

Web app exploits are among the most common techniques in security incidents and have an average time-to-discovery of 254 days – a long time for damage to be done. Performing threat assessment and security testing regularly – especially after changes or updates in an application – is imperative.

It helps uncover potential risks. Incorporating a standard practice to update security patches helps plug every target hole. These controls mitigate, and protect applications against security misconfigurations and prevent data leakage.

Attackers today have the advantage of a vast data pool. Application security training for stakeholders becomes even more crucial due to this. Conducting regular security awareness training for employees to recognize and mitigate threats – using appropriate tools – can ensure employees’ preparedness for potential attacks.

Applications are the heartbeat of every business. Today, organizations should take all steps to ensure that their applications are fast, secure, available for employees and customers, and ready for application-layer attacks.

Dhananjay Ganjoo1

By Dhananjay Ganjoo

Dhananjay Ganjoo, Managing Director for India and South Asian Association for Regional Cooperation (SAARC) at F5, Inc.

feedbackvnd@cybermedia.co.in