In an exclusive conversation with APAC News Network and CXO News, Dr. Sushil K Meher, Chief Information Officer of AIIMS Delhi, delves into the rapidly evolving landscape of cybersecurity. He shares valuable insights into the challenges and opportunities in securing critical infrastructure against sophisticated cyber threats. From discussing India’s cybersecurity readiness on a global scale to recounting major incidents like the AIIMS ransomware attack, Dr. Meher provides a comprehensive view of the measures needed to bolster national cyber defenses.
How do you see cyberspace evolving as a dimension of warfare in the future and how secure are critical infrastructures in India against cyberattacks?
Cyberspace will increasingly become a battleground, not just for state actors but also for non-state entities. Future conflicts may target critical infrastructure, financial systems, and even personal data.
India needs to view cybersecurity as a national priority and invest accordingly to safeguard its interests. No infrastructure, no matter how advanced, is 100% secure. The sophistication of cyberattacks and the vulnerabilities inherent in any system mean we must remain constantly vigilant. This is why proactive detection and rapid response are essential to minimizing damage.
Cybersecurity is an ongoing challenge. Why do you think there has been a surge in cyberattacks recently?
Cybercrime has evolved from physical theft to digital exploitation. With minimal resources—like a laptop, an internet connection, and access to open-source tools—anyone can orchestrate an attack. Technologies like AI also inadvertently aid hackers, providing them with resources to bypass traditional defenses. The accessibility and lack of awareness about safeguarding devices, especially mobile phones, have compounded the issue.
From a global perspective, how does India compare to other countries in terms of cybersecurity readiness?
India remains highly vulnerable to cyberattacks, ranking third after the US and European countries. While countries in the European Union and the US have advanced policies and frameworks like NIST, India is still building its capabilities. Initiatives like the National Critical Information Infrastructure Protection Centre (NCIIPC) under the PMO are steps in the right direction.
According to you, what are some major cybersecurity incidents that India has faced in recent years?
Cyberattacks have been happening for some time now, but the frequency and scale have increased significantly since the COVID-19 pandemic. One major incident was the 2019 attack on the Kundankulam Nuclear Power Plant. It was carried out using the DTrack malware, linked to North Korean hackers. This attack utilized phishing, social engineering, and supply chain vulnerabilities to breach the system. The attackers compromised browser history, network data, and sensitive files, causing significant disruptions.
Another significant attack occurred in November 2022 on AIIMS Delhi. It was a ransomware attack by the LockBit group, which severely disrupted critical services, including patient care. The attackers exploited vulnerabilities through phishing and brute force techniques, leading to a substantial compromise of sensitive patient data.
What, in your opinion, are the main challenges India faces in combating such cyber threats?
India faces several challenges. The most pressing of them is Rapid Digitalization. The increasing reliance on digital platforms expands the attack surface. Another challenge is a significant gap in trained cybersecurity experts. Furthermore, many organizations lack robust training programs to prevent attacks like phishing. Critical infrastructure often relies on legacy systems that are not equipped to handle advanced threats. Additionally, there’s insufficient adoption of IT policies and data governance practices. While international companies adhere to regulations like GDPR, similar frameworks in India, such as the DPDP Act, are yet to be fully implemented.
Could you elaborate on the specific vulnerabilities in these attacks, particularly in the AIIMS ransomware incident?
The AIIMS attack highlights the inherent vulnerabilities in cybersecurity infrastructure. Even with robust systems in place, no infrastructure is entirely foolproof. In this case, the attackers used phishing techniques and exploited weak points in the network and endpoint security. The fully automated systems at AIIMS made the impact more severe, halting essential services.
It’s important to understand that cybersecurity is a constantly evolving challenge. Attackers adapt their techniques, and even the best defenses may eventually be breached. It’s a game of staying ahead through continuous upgrades and monitoring.
Could you share insights into how the attack occurred and the lessons learned?
The attack was initiated through a malicious email, which infiltrated the IT infrastructure and caused significant disruption. The incident highlighted vulnerabilities in social engineering defenses and emphasized the need for robust IT policies, awareness programs, and early detection mechanisms. Post the attack, AIIMS has taken several steps, including implementing stricter policies, regular audits, and deploying technologies like multifactor authentication. We also limit internet access for users who don’t require it and block specific websites. Moreover, a 24/7 monitoring team ensures suspicious activities are addressed immediately.
Social engineering attacks are a major concern. How can organizations protect against them?
Social engineering attacks, such as phishing, rely heavily on human error. Organizations must conduct periodic training to help employees recognize malicious emails and links. They should implement stricter email security protocols and maintain communication with CERT-In (India’s Computer Emergency Response Team) to report and address incidents swiftly.
Technology evolves quickly, making cybersecurity a moving target. How can organizations keep up?
I believe continuous investment in advanced technology is critical for organizations. This includes leveraging AI-based tools for threat detection and behavior analysis, regular updates to security software and policies, and collaborating with industry leaders and governmental bodies to stay informed about emerging vulnerabilities.
Data encryption is often mentioned as a key cybersecurity practice. Can you elaborate on its importance?
Data encryption ensures that even if attackers steal data, it remains unusable without the decryption key. Ransomware attacks often involve encrypting stolen data and threatening to release it publicly. Proper encryption practices can mitigate this risk. Additionally, implementing an ‘air-gapped backup strategy’—where backups are stored offline and disconnected from the network—ensures that critical data can be restored even in severe attacks.
You mentioned the importance of identifying vulnerabilities. How should organizations approach this?
The first step is identifying the assets and vulnerabilities within your system. This requires thorough planning, including policies and governance frameworks, to protect these assets. If a system is compromised, detection must be immediate. The faster you detect an issue, the quicker you can respond, minimizing potential damage.
What solutions would you suggest to strengthen India’s cybersecurity framework?
For India, a multi-pronged approach is needed. Regular audits and upgrades need to be undertaken to ensure that both private and public sector systems are regularly updated and tested for vulnerabilities. Second, creating awareness and training employees across all levels to recognize and mitigate potential threats is equally crucial. India also needs to adopt advanced threat detection systems and AI-based monitoring tools. Lastly, it is important to strengthen national policies on cybersecurity and collaborate with international agencies to track and combat global threats.
Could you explain the role of SIEM and SOAR in improving an organization’s security posture?
Certainly. SIEM, or Security Information and Event Management, evaluates logs from various sources and alerts about any suspicious activity through a clear red, blue, or green status system. SOAR, which stands for Security Orchestration, Automation, and Response, is a suite of software tools designed to enhance threat management, incident response, and automation. These tools make organizations more efficient in countering cyberattacks and resolving incidents quickly.
What are the best practices for building a robust cybersecurity framework?
Implementing robust cybersecurity practices is crucial for safeguarding systems against threats. Regular vulnerability scans help identify and address weak points in the infrastructure, while secure remote access, bolstered by multi-factor authentication and continuous audits, ensures protection against unauthorized entry. Educating users and IT personnel through security awareness training is essential, especially since social engineering accounts for 92% of attacks. Organizations should also establish and regularly drill incident response plans, with clearly defined roles for all stakeholders to ensure preparedness. Centralized logging and monitoring using tools like Security Incident and Event Management (SIEM) systems enable the analysis of logs from firewalls, databases, and networks, providing comprehensive oversight and facilitating quick detection of anomalies. Together, these practices form a proactive defense against evolving cyber threats.
Lastly, what is your advice to organizations aiming to enhance their cybersecurity resilience?
Cybersecurity is not a one-time solution but an ongoing journey. Organizations must regularly assess and update their security frameworks, ensure compliance with regulations, and educate their teams about potential threats. Early detection and preparation are key to mitigating risks effectively.
Anannya Saraswat, APAC News Network
Discussion about this post