At Grab, Southeast Asia’s biggest ride-hailing and transportation platform, detection is key to keeping out cyber threats that have affected its rivals in recent years, according to its security chief.
Speaking at a Splunk event in Singapore this week, Suchit Mishra, head of information security at Grab, said the company builds detective controls across its products, services, applications and infrastructure to gather insights on where it is most vulnerable to attacks.
Such insights are then used to shore up Grab’s cyber defences in what Mishra described as an “offence informing defence” strategy. This is less intrusive and cheaper to implement, he said, because the company would be able to invest only in what is needed to deter cyber threats.
In executing this strategy, Mishra said it is critical to collect log data about everything that is going on in both external and internal systems, such as customer service portals and business intelligence applications. That data should be held in a centralised repository, he said.
But that is not enough – organisations need to go one step further to put the data into action by building dashboards to make sense of those insights, so they can have a good overview of their overall cyber security posture, said Mishra.
Along with insights from Grab’s bug bounty programme, which offers rewards of up to $10,000, Mishra’s team relies on log data collated onto a Splunk dashboard to identify vulnerabilities and incidents, such as attempts to steal employee credentials and exfiltrate data. All of that information is then passed on to Grab’s engineering teams for further action.
“If we had only built preventive controls, we could only hypothetically say that something is vulnerable based on some threat model,” he said. “With this data, we now have more ammunition to push the security initiatives that we plan to put in place.”
In 2017, Uber, Grab’s former rival in Southeast Asia, revealed it had covered up a massive data breach that had affected 57 million riders and drivers. The blame was pinned partly on the failure to use multi-factor authentication for Uber’s account on GitHub, from which developer credentials were stolen to access the breached data housed on Amazon Web Services.
Uber has since exited the Southeast Asian market, selling off its operations in the region to Grab, which is valued at about $6bn. Under the deal, Uber would receive a 27.5% stake in Grab.