India must prioritise strategic over tactical intelligence: Google Cloud’s Mandiant Deputy Chief Analyst

What are some of the pressing cyber threats in India right now?

 In India, spear phishing has been more common and prevalent than where we’ve seen elsewhere. That might be something Indian organizations would want to focus on more. Cyber threat intelligence can help direct what adversaries are targeting, what they’re doing, and also where those specifics play out more locally. With the continued growth in the Indian economy, especially actors on the financially motivated side, we were talking about ransomware earlier, there’s going to be even further interest there. There’s gonna be further interest in trying to extort companies in that space. So hopefully some of the insights that we’re seeing elsewhere can be useful to Indian companies to better kind of safeguard themselves.  

How well aware do you feel India is as a market in terms of understanding and addressing cyber threat intelligence? 

 One particular item that could be improved is the use of strategic intelligence. We see a lot of use of tactical intelligence, dark web monitoring, tactical IPs that might be malicious or hashes or domains. But it’s also useful to look at the trends, more of strategic type of cyber threat intelligence and maybe that’s an opportunity to focus more heavily on locally here in India. While tactical intelligence would be like a bad IP address or a bad file hash, strategic intelligence looks at a new attack trend like multi-factor authentication fatigue and planning for it.  

Why is India not as hands-on with strategic intelligence?

 India is not the only place. The operational folks are very technical. They align themselves to technical things and the business people often delegate away things they perceive to be technical like cyber security. But actually the business people and the more senior levels can benefit from cyber threat intelligence as well.  

How would the investment for strategic intelligence differ from say regular cybersecurity investments? 

For an organization, they could maybe have a means of storing annual threat incidents, reports from the incidents, collate them together and put resources to saying what sort of insights can we get from these trends? Trends is a great example of a type of strategic intelligence. You can get trend reporting from threat intel providers like us, but you can also create that yourself. Forecasting is another example where you understand threat based off of what we’re seeing today and maybe changes in the geopolitical landscape. Where can we expect certain threats to potentially emerge if there’s a regional conflict or something like that?

What kind of a market is India for Google in terms of cyber security? 

 With the opening of the Google Safety Engineering Centre in India, we have invested in a number of different ways, but I think this is something that shows further commitment to investing on the cyber security side.  

How do you guys approach AI? Can AI help you be faster than the adversary in case of a threat? 

 Yes, let’s say, have a junior analyst in a security operations centre with not a lot of experience in cybersecurity. They can sit alongside an AI that can help them through specific processes. Writing a URL or a particular script to look for a piece of malware, or taking a file that they suspect could be malware and being able to plug that into an AI solution and to understand that this is what this file is trying to do. Those sorts of things can better skill up and train and enable that junior incident responder in a kind of more rapid, shorter period of time. But it’s still early stages, and I think that’s true for both adversary usage of AI as well as defender.