Keep Track of Data, Tools, and Traffic to Identify Threats

Arvind Venkatraman, CTO, Congruent Solutions Featured in   CIO-CISO Knowledge Series, Powered by Sophos

Arvind Venkatraman, CTO, Congruent Solutions, is responsible for the development and implementation of the CORE suite of solutions for the retirement plan industry. He manages technology direction, product design, implementation, and production support.

He has over 30 years of experience in the area of software development and maintenance, having verticals of more than 3000 members and managing P&L on a revenue base of over 100 million USD. He has worked with various Fortune 100 clients to establish offshore development & support centers for application delivery.

Over the years, Arvind has been leading product development and implementation of Treasury Systems, Mutual Fund Management, Online Trading, Equity Lending and Borrowing, Cash Management, Card Management, and Employee Benefits Administration Systems. These products were developed from conception and implemented in various large institutions.

In this interview, he shares the risks and opportunities for security in today’s context of digital transformation.

This article is published as part of our CIO/CISO Knowledge Series, Powered by Sophos. 

In this era of digital transformation can you share the top three security threats businesses face today?

Digital transformation has steadily taken over businesses in the past few years and has opened up significant avenues for growth. Digitization of data brings efficiencies in business processes and has enabled organizations to deliver better customer experiences. Digital solutions in healthcare, banking & finance, e-commerce and even government have proven to be a game-changer in administration. While digital technology has revolutionized businesses, data security is a challenge that needs constant attention. With vast amounts of data, including private information of individuals and organizations, it’s essential to build a robust security system to avoid breaches.

In 2019, a woman from Danvers, Massachusetts, could not withdraw funds from her 401(k) account. Investigators later discovered that a crime syndicate had conned her third-party fiduciary to transfer over $200,000 of retirement funds to their bank account. They had stolen her private information associated with 401(k) and hacked into her email address to complete the transaction. According to Vanguard’s Advisor’s Alpha research, 70% of respondents say that they switch advisors if they feel low levels of trust. In the retirement plan industry, where valuable assets are handled regularly, cybersecurity becomes a crucial investment. Ensuring the security of the clientele’s data and financial savings is a significant responsibility of organizations that function in this industry.

These are the common security threats that businesses typically face –

Social Engineering Phishing

Social Engineering Phishing ranges from tricking victims into providing confidential information via email, website or even physical tailgating in some cases. Cybercriminals play on human elements and convince individuals to provide confidential information, transfer money, or download a malware file that could corrupt the company network. Almost one-third of the breaches last year incorporated social engineering techniques. Cisco’s data suggests successful spear-phishing attacks account for 95% of the breaches.


Ransomware is a malicious malware that threatens to block the victim’s access to their own data unless a ransom is paid. Cybercriminals indulge in digital extortions by blackmailing individuals to pay a certain amount under the pressure of their private data being exposed or deleted. A media report by Security Magazine states that last year the overall sum for ransom demands would have reached $1.4 billion, with an average sum to rectify the damage reaching up to $1.45 million per attack.

DDoS (Distributed Denial of Service) 

DDoS attacks are a major concern when it comes to online security today. When a particular server, service or network is targeted by compromising multiple computer systems to overwhelm the host with a flood of internet traffic, a distributed denial of service attack has been attempted. This is to disrupt the regular traffic and make a website or service inoperable. According to a statement by Richard Hummel, threat intelligence lead, Netscout, the first half of 2020 witnessed a radical change in DDoS attack methodology to shorter, faster, harder-hitting complex multi-vector attacks that is expected to continue. According to Netscout, it is a perennial problem faced by the industry, with 4.83 million DDoS attacks attempted in the first half of 2020 alone.

Kindly share the best practices in threat hunting to proactively protect data.

At Congruent Solutions, we believe in building a robust cybersecurity strategy. The best way to begin working on a cybersecurity strategy is to assume that cyberattacks are imminent. Having a reactive approach, especially when it comes to data theft, is inefficient and expensive. In the retirement plan industry, the data is processed across multiple layers of agencies and hierarchies. Data security, availability and integrity are an absolute must. Hence, it is of paramount importance to have a well-laid-out disaster recovery strategy.

Moreover, we echo McAfee’s recommendation of having the human-machine teams as the best possible threat hunting team. Artificial Intelligence (AI) and Machine Learning (ML) tools can be used to safeguard our security systems too. Machine learning allows teams to be better equipped to make better decisions by analyzing faults to prevent damage from attacks.

Some of the best practices when it comes to threat hunting are:

Know your data

Document the data and security needs of the organization for easy access by the security team. Security teams need to know where that information is accumulated and be well-equipped to recognize any breach.

Use the latest firewall and equipment

A firewall is an essential tool to secure businesses from security threats and keep data from being compromised. Endpoint security practices should be implemented across the company’s devices such as computers, laptops, and even mobile phones to avoid cybersecurity attacks. Latest endpoint solutions are optimally designed to identify and restrain attacks in progress immediately.

Track DNS traffic

DNS traffic provides rich information, including domain names, user-agent, etc., to track the source of any unusual activity.

Create early warning traps

Creating Early Warning Systems (EWS) is one of the best countermeasures to mitigate threats, especially in the finance and economic sector. This method helps predict a crisis before the damage happens and reduces the chance of a potential crisis. By having an EWS in place, businesses can increase their preparedness to prevent possible security attacks at early stages. This is carried out in a systematic process where a threat hunter collects information internally or gathers data from third-party sources (such as number of login failures, rate limit exceeds) to analyze the threat vector and dangers to the environment.

Run attack simulations

An identical simulation of a breach can be physically built to spot vulnerabilities and futureproof the security system, in addition to preparing teams to deal with threats across degrees of impact.

What kind of tools and teams do you need for threat hunting?

At Congruent, we look for tools that perform three critical functions –

  • Tools that make use of analytics, machine-learning and User Entity Behavior Analytics (UEBA). These typically help develop aggregated risk scores and formulate multiple hypotheses. Some of these tools we use include Maltego CE, Cuckoo Sandbox and Automater.
  • Intelligence-driven tools that perform a comprehensive malware analysis, vulnerability scans, and create intelligence reports and feeds. Examples of cyber threat intelligence tools include YARA, CrowdFMS and BotScout.
  • Tools that help in situational awareness, undertake enterprise-level risk assessments, and crown jewel analysis, i.e., identifying digital assets critical for the company. Examples of these tools include AI Engine and YETI.

The essential skills that a good threat hunting team needs are:

  • A firm grasp of data analytics
  • Good reporting skills, including pattern recognition, technical writing, data science, problem-solving, and research
  • Awareness and in-depth knowledge of multiple operating systems and networks
  • Comprehensive know-how of organizational systems and networks
  • Experienced in information security—including malware reverse engineering, adversary tracking, and endpoint security
  • A clear understanding of past and current tactics, techniques, and procedures (TTPs) used by the attackers
  • Programming language fluency in at least one scripting language and one compiled language that’s common, though modern tools are increasingly eliminating the need for using a scripting language.

How can digital transformation technologies such as AI/ML help with threat hunting and crisis preparedness?

The financial services industry has rapidly embraced AI — automatic fraud notifications, mobile check deposits, and web chatbots are all rooted in this next-generation technology. Not just consumer banking, but a Nationwide Advisory Solutions’ survey found that 33% of registered investment advisors and fee-based advisors were using AI in some capacity, even two years ago. Among these respondents, 37% expect their profitability to increase substantially.

AI/ML is majorly used for threat hunting, vulnerability management and hardware maintenance.

  • The usage of AI with traditional security techniques are major resources to detect threat quickly amongst millions of vulnerable events
  • Use of UEBA to analyze and identify unusual behavior of user accounts, endpoints, and servers, and protect the organization against vulnerabilities before they are reported and patched
  • AI also reduces the costs of hardware maintenance by alerting the personnel when to fix or change the equipment or when there is a security vulnerability

Talking about capitalization on digital transformation, we feel maximizing participant engagement with the chatbots, personalized plans with intelligent insights and automating back-office tasks will help every employee get a solution tailored by their behaviors and characteristics. Technologies like artificial intelligence, machine learning, and automation can enable this better, easier and faster.

Kindly share three best practices businesses must incorporate for security and governance as more digital initiatives are implemented.

Digital initiatives or strategies are a necessity to organizations in various sectors today. The digital adoption rate across verticals is growing rapidly, enabling businesses to transform the whole ecosystem. A recent survey by IBM Institute for Business Value Study states that almost 91 percent of financial institutions worldwide have moved to cloud services or plan to make a move in the next 6-9 months. These include hybrid cloud technology, cloud security and cloud collaboration, among others. Here are the best practices that every business must adapt and follow to avoid security vulnerabilities while transforming to digital technologies:

  • Proactiveness

Proactiveness includes initiatives like creating a dedicated insider threat role, conducting phishing simulations, and creating awareness programs, to name a few

  • Implementing governance and approach

Establishing and maintaining an Information Security (IS) framework that aligns with the business’s existing assurance strategies

  • Creating a backup/redundancy policy

Data back-ups are good practice to include in one’s basic security hygiene, as well as to combat emerging cyber threats

What can be some of the bottlenecks to security in organizations especially still on legacy systems? What can be some of the impacts of this?

One of the main bottlenecks is the lack of support. With fast-paced changes in the industry, the average Long Term Support (LTS) is not more than 3-5 years. Any system older than that suffers from a lack of support and hence becomes vulnerable.


Sophos Cybersecurity

Meera Srikant has been working with publishers and publications since 1993, writing and editing articles, features and stories across topics. She also blogs and writes poems, novels and short stories during leisure. Writing for The Smart CEO since 2010, she is also a classical dancer.

Leave a Reply

Related Posts