Sunday, February 5, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Latest Issue - Free!
The Cyber Express
Ransomware Report
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Voice Networks

    Voice Networks are Under Attack – is Anybody Listening?

    Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

    Dominic Alvieri

    After Hive, Will More Ransomware Groups be Taken Down in 2023?

    McEwan Fraser Legal

    ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

    Kewal Kiran

    Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

    BATLoader

    Stealthy BATLoader Lurks Under PowerShell Script to Evade Detection and Launch Malware

    Guardian Analytics Data Leak

    Guardian Analytics Data Leak: Ransomware Groups Daixin Team and Lockbit List Firm as Victim

    VectorStealer

    VectorStealer, Unlocking Doors to RDP Hijacking

    Qakbot Malware

    Spammers Deploy Information Stealing Qakbot Malware in OneNote Attachment

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Voice Networks

    Voice Networks are Under Attack – is Anybody Listening?

    Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

    Dominic Alvieri

    After Hive, Will More Ransomware Groups be Taken Down in 2023?

    McEwan Fraser Legal

    ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

    Kewal Kiran

    Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

    BATLoader

    Stealthy BATLoader Lurks Under PowerShell Script to Evade Detection and Launch Malware

    Guardian Analytics Data Leak

    Guardian Analytics Data Leak: Ransomware Groups Daixin Team and Lockbit List Firm as Victim

    VectorStealer

    VectorStealer, Unlocking Doors to RDP Hijacking

    Qakbot Malware

    Spammers Deploy Information Stealing Qakbot Malware in OneNote Attachment

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Interviews

You Can’t Have Privacy Without Safeguarding Data

Augustin Kurian by Augustin Kurian
August 19, 2022
in Interviews, Main Story
4
You Can’t Have Privacy Without Safeguarding Data
587
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter
Listen to this story

Kartik Shahani is the Country Manager for Tenable in India. Based in Mumbai, India, Kartik has over 30 years of experience in the IT industry, driving momentum for enterprises. He spearheads initiatives for Tenable in the enterprise security market, manages operations, and continues efforts towards channel activities in India. Kartik has extensive experience in telecommunications, finance, and government sectors. Along with his innovative sales strategies, he is instrumental in driving growth in India.

In an exclusive interaction with The Cyber Express, Kartik Shahani talks about the need for the right cybersecurity tools, the role of CISOs in choosing them, and the best methods to protect the active directory.

You might also like

After Hive, Will More Ransomware Groups be Taken Down in 2023?

Artificial Intelligence: The Bridge Between Utopia and Dystopia

Why Singapore Has the Best Cybersecurity in The World

Here is an excerpt from the interview.

TCE: What are the different factors that affect the choice of cybersecurity tools? Also, how can CISOs assess their existing security environment to choose the right tool?

Kartik Shahani: In today’s digital everything world, organizations operate on distributed, hybrid networks across multiple geolocations, cloud-based infrastructures, applications, virtualized platforms, services, and more. That means that there are a plethora of technologies, assets, and services – some of which CISOs may not be aware of. While attacks continue to increase in sophistication, the vast majority are opportunistic, preying on the fact that most security teams are overwhelmed and unable to address even well-known vulnerabilities. Therefore, instead of disparate tools, it’s important for CISOs to focus on the best practices around cyber hygiene and core security principles as the strongest lines of defense. This includes making sure they have visibility across the attack surface, focusing efforts on preventing attacks and having clear communication of exposure risk to make better decisions.

TCE: What according to you are the top cybersecurity tools in 2022?

Kartik Shahani: We see the need for Exposure Management which draws on deep insights into all aspects of the modern attack surface – across assets as things change, and with the context of interdependencies to accurately gauge and prioritize risk exposure. By practicing exposure management, organizations can be equipped to have visibility across the modern attack surface, anticipate threats, prioritize efforts to prevent attacks, and communicate cyber exposure risk to make better decisions.

TCE: What are the key metrics CISOs need to consider while choosing the right cybersecurity tools?

Kartik Shahani: Just as financial investments are monitored to determine their performance, organizations need to monitor their investments in security solutions. But not all cybersecurity products have actionable metrics that quantify cyber exposure. There are five crucial aspects CISOs need to consider —

  1. Does the solution provide complete visibility — into AD, OT, cloud, business-critical vulnerabilities, and internet-facing assets?
  2. Is the attack surface monitored continuously?
  3. Threats change over time, so does the cybersecurity solution have a large data set of threat intelligence to keep up with these changes?
  4. Is the platform customizable and scalable for the organization’s needs?
  5. Can cyber exposure be communicated in business terms??

Once CISOs have answers to these questions it becomes easier to communicate metrics in business terms back to the board.

TCE: How does cybersecurity affect data privacy? What are the benefits of using a centralized cybersecurity solution?

Kartik Shahani: When discussing data privacy, we must also consider data security – you can’t have privacy without safeguarding it. The issue is that threat actors know they can monetize their crimes by targeting valuable data. Unfortunately, in the vast majority of cases, it’s not advanced threats that cause organizations to spill their secrets, it’s known unpatched vulnerabilities. If companies want to stay ahead of the curve and avoid becoming a target, they need to appear unattainable to bad actors and that means removing the low-hanging fruit – the known but unpatched flaws in systems and software. Rather than focusing on the tactics threat actors use, organizations must focus on identifying and blocking the attack paths they look to exploit.

TCE: How does a CISO know if they are getting value for money from their investment in cybersecurity tools?

Kartik Shahani: An effective cybersecurity program should be able to measure success by risk reduction. Remediation actions should be prioritized to reduce an organization’s cyber exposure. CISOs should view, validate, and prioritize vulnerabilities critical to the business, while also understanding the context of the vulnerability. Patching and remediation are critical, but equally important are follow-up testing and quality assurance reviews. In doing so, security leaders should be able to analyze the effectiveness of their program and by default, their investment.

TCE: What is your take on the recent slew of attacks on cryptocurrency exchanges? How do you feel about the plan of the Indian government to ban cryptocurrency?

Kartik Shahani: Cryptocurrency is one of the ways cybercriminals are monetizing their efforts – it isn’t the root cause. If we got rid of cryptocurrency tomorrow, cybercriminals would just come up with another way to monetize their efforts. Instead, organizations need to focus on stopping attacks first, starting with basic cyber hygiene.

TCE: Lastly, what is the best step toward protecting the active directory?

Kartik Shahani: Cybercriminals look for unpatched software vulnerabilities and misconfigurations to gain a foothold in any organization. Once inside the system, attackers often go after the Active Directory (AD) infrastructure to gain lateral movement and compromise other systems. If threat actors gain privileged access to AD, they essentially have the “blueprints to the castle” and can create new admin-level users, add new machines to the network, deploy malware and steal data. The first step to protecting AD is to mitigate misconfigurations and reduce privileged AD group membership and privileged AD accounts. AD must be continuously monitored to evaluate user rights and to detect suspicious activity. Once visibility is achieved, vulnerabilities arising out of trust can be addressed.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: CISOcryptocurrencyCyber Express Exclusivecyber express newscybersecurity toolsdata privacyKartik ShahaniTenable
Previous Post

PyPi Packages Steal Data, Pretend to be Roblox and Discord

Next Post

Researchers Find Vulnerability in Google Pixel’s Titan M Chip, Earn $75,000

Augustin Kurian

Augustin Kurian

Augustin Kurian is the Editor In Chief of The Cyber Express, an information security publication catering to an audience encompassing CISOs, CXOs, network engineers, technology enthusiasts, security professionals, and students. In his role, he leads the editorial division, manages outreach campaigns, and promotes establishing best cybersecurity practices.

Related Posts

Dominic Alvieri
Firewall Daily

After Hive, Will More Ransomware Groups be Taken Down in 2023?

by Vishwa Pandagle
February 4, 2023
Artificial Intelligence
Firewall Daily

Artificial Intelligence: The Bridge Between Utopia and Dystopia

by Editorial
February 2, 2023 - Updated on February 3, 2023
Lanx Goh Cybersecurity
Firewall Daily

Why Singapore Has the Best Cybersecurity in The World

by Editorial
February 1, 2023
Security Pill: How Far Can Allowlisting Restrictions Defend Threats and Human Errors?
Firewall Daily

Security Pill: How Far Can Allowlisting Restrictions Defend Threats and Human Errors?

by Editorial
February 1, 2023
Women In Cloud
Interviews

Women In Cloud: Gender Parity Efforts is a Guinness Record Effort in Itself

by Chandu Gopalakrishnan
January 31, 2023
Next Post
google pixel

Researchers Find Vulnerability in Google Pixel’s Titan M Chip, Earn $75,000

Comments 4

  1. Mathew T says:
    6 months ago

    The interview is on point. A must read for CISOs

    • Augustin Kurian says:
      6 months ago

      We surely agree with you.

  2. Pingback: Plex Data Breach: Users Asked to Change Passwords
  3. Pingback: Data of 44 Million Start Users leaked

Latest Issue is Out. Subscribe Now

Ai in Cybersecurity - Cybersecurity Magazine by The Cyber Express

Download Now



Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

Recommended

Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

February 4, 2023
GoTo Confirms User Data Stolen With Encryption Key

GoTo Confirms User Data Stolen With Encryption Key

January 27, 2023

Categories

Don't miss it

Voice Networks
Features

Voice Networks are Under Attack – is Anybody Listening?

February 4, 2023
Firewall Daily

Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

February 4, 2023
LockBit. Ion Group
Cybersecurity News

LockBit Claims Ransom From ION Group, Firm Declines To Comment

February 4, 2023
Dominic Alvieri
Firewall Daily

After Hive, Will More Ransomware Groups be Taken Down in 2023?

February 4, 2023
McEwan Fraser Legal
Data Breach News

ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

February 3, 2023
Kewal Kiran
Firewall Daily

Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

February 3, 2023

About

The Cyber Express

Cybersecurity News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News

© 2022 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cybersecurity Magazine
  • Events
    • World CyberCon Middle East 2023
    • Webinars

© 2022 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.