Posts in category: Technology

Cybersecurity should no longer be viewed as a function of information technology alone. The review of cyber security as a function should move under COO or CEO. It needs to form an integral part of culture and strategy of the organization. It should be reflected in every facet of the organization, right from the strategy to the behavior of an individual employee. We have also started to observe that the performance of any business on stock market is also dependent of their cyber security policies and practices.

An organization’s security culture is not something that grows in a positive way organically. One must invest in a security culture just when a security culture is sustainable, it transforms security from a one-time event into a lifecycle that generates security returns forever. A sustainable security culture has four defining features. 

One, it is deliberate and disruptive. The primary goal of a security culture is to foster change and better security, so it must be disruptive to the organization and deliberate with a set of actions to foster the change. 

Two, it is engaging and fun. People want to participate in a security culture that is enjoyable and challenging. 

Three, it is rewarding. For people to invest their time and effort, they need to understand what they will get in return. 

Four, it provides a return on investment. The reason anyone does security is to improve an offering and lower vulnerabilities; we must return a multiple of the effort invested.

It is an established fact that the computers do exactly what we tell them to do. The challenge is with the humans, as they need a framework to understand what is right thing and what is wrong for security. Making of cybersecurity culture includes following points – 

One, cybersecurity is the battle that can only be won by joining hands with other companies that are part of the ecosystem; 

Two, the journey of the cybersecurity culture must start with identifying and defining Internet governance in collaboration with governments and regulators; 

Three, the code of cybersecurity ethics can be created for each industry separately based on their needs; 

Four, the act of cyberattack transparency will build trust with everyone from suppliers to customers; 

Five, CEOs should be presenting cyber security as the DNA of the organization which is a part of their business model and value chain, including their leadership structure; 

Six, CEOs should acknowledge that cybersecurity is not an “add-on” feature, instead, it is an integral part of “security by design”.; 

Seven, organizations should start to bring CISO (Chief Information Security Officer) to the board, who will help organizations protect Cybersecurity Value Chain;

Eight, CEOs are in a position to influence Internet service providers as a first action to make the Internet more secure and to invest in implementing better base Internet protocols; 

Nine, despite many organizations focusing on developing cybersecurity awareness, not all individuals understand their role in the organization’s security culture; 

Ten, cyber security awareness is about changing the view of individuals who have the opinion that only security department is responsible for cyber security; 

Eleven, lack of employee buy-in is one of the main reasons that it is difficult for organizations to instill proper cybersecurity culture in their workforce.

Organizations can work on the idea of setting up the cyber security community within the organization.  It should be seen as the backbone of sustainable security culture. Security community is achieved by understanding the different security interest levels within the organization and addressing their needs.

Cybersecurity in its early avatar was more about protecting people and organizations from traditional threats such as malware, social engineering attacks, website defacing, hacktivism, etc. In the early days the hackers were also not evolved but with changing technology and emergence of cybercriminal network in the last few years cybercrime has witnessed increased sophistication and intensity in cyber-attacks. The new cyber-attacks are oriented towards financial crime, industrial espionage and have even targeted governments and critical infrastructure from time to time.

The cybersecurity landscape has changed over time and we are living in a complex environment where cybercriminals are more evolved than the cybersecurity professionals. In order to remain relevant in the era of Industry 4.0, traditional business and the government departments are increasing their digital footprints, adapting technology and engagement. In such a scenario, the cybersecurity landscape is also undergoing a paradigm change. Cybersecurity should lie at the heart of any digital transformation initiative and should never be an afterthought but built-in by design.

Industry 4.0 can be the catalyst of changes in different fields like governance, management and administration of smart cities and other applications which are driving the vision of Digital India. But at the same time, it also presents a very lucrative opportunity to the cyber criminals who find many more easy and insecure entry points into networks and devices. Cyber-attacks on critical infrastructure and strategic industrial sectors have become more frequent and sophisticated

In the international water navy encounters enemy warships, large merchant vessels, small merchant ships, fishing boats and guised surveillance ship from all directions. For navy, there are no defined border, everything around the navy warship belongs to enemy. Though there are Sea-Lanes-of-Communication (SLOC), but two ports are on connectionless service and no ship is bound to follow SLOC. The cyberspace is no exception, any asset that is not part of your safe and owned cyberspace is a possible threat to your cyber ecosystem. It is therefore necessary to identify the cyber assets positively in any cyber-conflict. It is important to understand that as a nation, we are facing complex geopolitical issues and state-sponsored attacks targeting our businesses and government on an enormous scale. Cybercrime has become more intense, sophisticated and potentially debilitating for any business and government department.

Industry 4.0 has pushed cybersecurity to the next level of sophistication. Moreover, cyberspace has no physical boundaries, thus ubiquitous nature of cyberspace, pervasive cyber network and internet connectivity makes the data of organizations, key government documents, critical banking and financial transactions, digital assets of armed force, etc. vulnerable to cyber-attacks from anywhere. There are several kinds of cybersecurity challenges like hacking, identity theft, phishing and spear phishing, scamming, computer viruses, ransomware, botnets, denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, mMan-in-the-middle (MitM) attack, drive-by attack, password attack, SQL injection, cross-site scripting (XSS), eavesdropping attack, etc. faced by government, business and individual every day.

It is widely believed that the large organizations are the easy victim of cyberattacks, but it is observed that small companies are more prone to cyber-attacks as they are often ignorant about the possible threats. In the case of the small organizations even if they are aware of the data breach, most of the times they are technically or financially not equipped to fight the battle of cyber security. It is also observed that most of the small companies are serious about data security, but they don’t have the budget for proper cyber security infrastructure.

“Ransomware, data breaches, phishing and security exploits are the top threats to cyber security. The future lies in cloud services in order to ensure better security and performance. Smaller businesses, including state and local municipalities, mom and pop shops, and others, will be targeted due to their lack of security solutions and limited budget. SMBs should look for solutions that are paired towards their small budgets and limited staffing resources to ensure compliance, network security, and peace of mind.”  Dirk Morris, Founder & Chief Product Officer, Untangle

The cybercriminals attack public, private or hybrid cloud technologies to get hold of trade secrets, customer data or other confidential information which can put the company, government agencies, or individual in deep trouble. In the absence of a structured cyber security framework it has become easy for any cybercriminal to walk into our system and walk out with the information. This vulnerability is a function of technology, policies, and education. The cybersecurity vulnerability, in India, is sumtotal of many elements including,

One, In India most of the critical government IT infrastructure is owned by private sector players. There is no national security architecture that unifies the efforts of all these agencies to be able to assess the nature of any threat and tackle them effectively. Furthermore, in the absence of National regulatory policy for cybersecurity there is a lack of awareness at both company level as well as individual level.

Two, companies often face big cyber security issues due to lack of capable people managing the cyber security solutions. This vulnerability increases when organizations engage with vendors that don’t follow cyber security protocols and don’t value the importance of data. In the absence of the cyber security protocols it is very difficult to protect netizens from the cyber-attacks. Moreover, in the absence of any legal framework, cyber espionage has become a norm in the connected world.

Three, data produced by the ever-growing number of online transactions be it customer information, results of product surveys, or generic market information create treasured intellectual property that is an attractive proposition for any cybercriminal. Data is critical for business and any breach brings in tremendous loss to business. There is a need of strong data protection policies and effective implementation of the same.

Four, businesses should have a complete inventory of all the IT assets present in their network. It is observed that one who fails to have an IT asset audit at regular interval get into deep trouble. In absence of the IT audit the organizations will fail to identify the gap in their system, and potential threats.

Five, it is also observed that the people inside a business are the biggest security loopholes. In 2016 Cyber Security Intelligence Index, IBM found that 60% attacks in an organization are carried out by the insiders. As the threats come from trusted users and systems, they are very difficult to detect. It is important to have well-developed cybersecurity training centers that are designed to answer the requirements of government, business, and individuals.

 The future of cybersecurity will be led by a workforce that intentionally studied cybersecurity, rather than fell into it as a default. We are just now beginning to see this generation of truly cybersecurity-trained students enter the workforce, and as they continue to do so, we will begin to solve some of the systemic problems that have been caused by the lack of a skilled workforce. – Mike Stamas, Co-founder of GreyCastle Security

Cybersecurity race is on to secure systems, devices, network from cyber criminals. The government, business, and individuals can do their part by strategically working with cybersecurity experts and investing in solutions and infrastructures that protect their key digital asset, data, etc. This task is not easy, as the cybersecurity challenges are evolving every moment and that is keeping the cyber security experts constantly on their toes. The amount of financial and reputational damage a data breach can cause is huge and can affect small as well as large companies. It is a known fact that the challenge of cybersecurity is bound to increase over the near future and it is important for us to be prepared for any eventuality. In our mind the question that remains unanswered and needs an answer – Is India Cyber Security Ready?

Cybersecurity needs an immediate attention not only because as a nation we need to have a strong cyber security roadmap but also as it offers us a huge business opportunity. According to a NASSCOM, Data Security Council of India & PwC Report, India’s cybersecurity market for products and services will grow up to $35 billion in 10 years from the present $4.5 billion. Cybersecurity offers an opportunity to established IT players to increase its market presence and creates an environment for start-ups to make maximum out of it and establish themselves in the market.

The immediate opportunity for the cybersecurity experts and players includes – data protection framework for Aadhar and similar other initiatives, data protection framework for all e-commerce players, digital banks, ML/AI-enabled solutions, IoT-enabled solutions to achieve automation and efficiency, cloud-based security model, blockchain based security model, etc. The cybersecurity experts and players who will focus on these areas of development will not only build a global business for themselves but will also help the Indian cyber security ecosystem to grow and mature. This journey must be managed by professionals and supported by the government.

Small organizations are finally realizing that they need to be as prepared as large organizations when it comes to cybersecurity, making it no longer an IT problem but a larger business challenge within every organization. Additionally, we will see small businesses’ approach to cybersecurity impacting larger organizations through the supply chain vector. Hackers will take advantage of smaller organizations, which often fuel larger business’ supply chains, because they typically have security vulnerabilities that can be more readily exploited than larger ‘targeted’ companies – Brian NeSmith, CEO and co-founder, Arctic Wolf Networks

The need of cyber security is eminent for both small and big organizations. It is important to understand that most of these small organizations are a part of the large organizations value chain. Any vulnerability at the small organization level may end up reflecting in the large organization’s security. Hence, the progressive organizations are not only answering their cybersecurity needs, but also reworking on their cybersecurity framework and architecture to support the business more effectively and efficiently. The organization that have shown commitment toward cybersecurity are progressively using artificial intelligence, robotic process automation, machine learning, and analytics to increase the security of their key assets and data. These organizations are aware of the fact that the cybercriminals are becoming more intelligent, networked and agile in their operations. They understand that their price of failure is high.

According to Mary Meeker’s 2019 Internet Trends Report, global internet users have touched 3.8 billion which is more than half of the world’s population. India, the second largest contributor, accounts to 12 percent of the global internet user base. Moreover, in India, the large internet user base is backed by proliferation of affordable smartphones, access of high-speed internet and low-cost data. As per a report by telecom equipment maker Ericsson, India has the world’s highest data usage per smartphone at an average of 9.8GB per month; this is set to double to 18GB by 2024. It will be only apt to say that mobile internet, is deeply embedded in every Indian’s daily lifestyle. In India, Internet is seen as extension of the basic infrastructure such as water supply, electricity, and public health systems, etc. In the preputial evolving digital infrastructure, the risks to the economy, government, and public information is very high. This risk is bound to increase in times to come as we are progressively maturing our Internet needs.

The impact of the risk and growing concern of the CEOs, and board members are reflecting in the cyber security trends. In last few years, CEOs have stepped up their spending on cybersecurity to protect their valuable data and other key business information. In its latest security forecast, Gartner projects that such spending was more than US$123 billion for 2018 and will grow by 10.8 percent per year to nearly US$170.5 billion by 2022. The rising Internet security market is also a hot area for venture capital investors, attracting almost US$33 billion to 2,479 security startups since 2009.

In India, the mobile internet has become a necessity for each Indian household, technology adaptation is increasing at an unprecedented rate, and we are fast evolving as a matured internet economy. It is also projected that the reach of the smart phones will increase significantly, and the number of IoT-connected devices is likely to reach 25 billion by 2021. It is also predicted that by 2024, 4G will cover an estimated 90 percent of the population, and 5G networks would cover about 40 percent. The rise in telephone connectivity and internet connected devices coupled with the affordable digital data is backed by a few million lines of additional code in the ecosystem. These new set of devices, new telephony backbone, and their additional program codes will create a new playground for the cyber criminals.

The question that needs to be answered by the government, businesses and individuals on priority include – One, are we ready to manage this situation? Two, are we ready with the cyber security framework? Three, have we developed cyber security policies to fight the emerging cyber threats? Four, are we developing the cyber security culture? Five, are we working towards becoming a cyber safe organization/nation?

It is critical for us to start thinking on these lines and most importantly start working on it to build cybersafe organizations, and government bodies. If we fail to build a resilient and trustworthy cyber security ecosystem, every single breach can have serious, cascading effects. For example, the 2017 NotPetya cyberattack cost Maersk more than US$300 million, and the damages to all other companies affected totaled more than US$10 billion. The concern of the cyber security is also reflected in the Accenture’s report “Securing the Digital Economy”, which suggests that as high as 68% of CEOs report that their businesses’ dependence on the Internet is increasing but the confidence in Internet security is going down. As per the report, in the next five years, the confidence level in the Internet is forecasted to drop to 25%, while dependence on it is assumed to remain at 100%.

Steven Gray, Head of Payments, Tax and Fraud, Radial says, “Fraud attacks continue to rise, and we can expect to see them increase in volume up to 2-3X in the coming year. In addition to an increase number of attacks, we anticipate cyber criminals will leverage new tactics to fool retailers and consumers. We will continue to see them utilizing compromised data obtained from data breaches but beyond that we can anticipate the use of account take over efforts like attacking small and medium-sized online merchants that don’t have proper eCommerce fraud risk technologies, and attacking online merchants with high speed velocity, identity takeover, and brute force high volume attempts.” The threat of the ever-increasing cyberattacks are cause of concern for everyone. Business leaders, political leaders, professionals anyone who is on the internet and deals in data can no longer afford to ignore cyber threats. It will be only apt to say that the very foundation of modern society increasingly depends on our ability to protect digital assets. Data is the key and safety of the data should be the priority of everyone – business, government, individual, or society.

As the Internet’s fault lines are becoming more apparent business leaders, political leaders and professionals are trying to build an ecosystem of trust. The task is not easy as the cyber criminals are actively working on the vulnerability that internet offers. In such a vulnerable environment, the data should be kept safe from the new age pirates. These new age pirates are sophisticated and frequently have resources and budgets that is more impressive than the best of cyber security departments managed by corporates, government, or individuals. We have also observed that some of these cybercriminals have well-developed cybercrime ecosystem that provides support as ‘cybercrime as a service’. Some of these mature cybercriminals, over period of time, have built a robust cybercrime ecosystem.

The challenge this cybercrime ecosystem has created in the Indian cybersecurity market also reflects in Internet security threat report (ISTR), Symantec 2018. As per this report, India ranked third in the list of countries where the highest number of cyber threats were detected, and second in terms of targeted attacks in 2017. The biggest challenge in Indian cyber security ecosystem is yet to evolved and challenge the cybercriminals at their turf. As of now the cyber security ecosystem is not even equipped to challenge the basic threat that comes from spam and phishing.

“Today CISOs are in defense mode and in many cases are far behind the attackers when it comes to creativity and sophistication. The future of cybersecurity will rely on the super skilled IT organizations, equipped with powerful tools that will allow them to better protect their organizations. The rise of machine learning and science will be at the core of this trend and vendors who will be able to truly deliver innovation in their respective areas will dominate.”  Shlomi Gian, Chief Executive Officer, CybeReady

According to Mary Meeker’s 2019 Internet Trends Report, global internet users have touched 3.8 billion which is more than half of the world’s population. India, the second largest contributor, accounts to 12 percent of the global internet user base. Moreover, in India, the large internet user base is backed by proliferation of affordable smartphones, access of high-speed internet and low-cost data. As per a report by telecom equipment maker Ericsson, India has the world’s highest data usage per smartphone at an average of 9.8GB per month; this is set to double to 18GB by 2024. It will be only apt to say that mobile internet, is deeply embedded in every Indian’s daily lifestyle. In India, Internet is seen as extension of the basic infrastructure such as water supply, electricity, and public health systems, etc. In the preputial evolving digital infrastructure, the risks to the economy, government, and public information is very high. This risk is bound to increase in times to come as we are progressively maturing our Internet needs.

The impact of the risk and growing concern of the CEOs, and board members are reflecting in the cyber security trends. In last few years, CEOs have stepped up their spending on cybersecurity to protect their valuable data and other key business information. In its latest security forecast, Gartner projects that such spending was more than US$123 billion for 2018 and will grow by 10.8 percent per year to nearly US$170.5 billion by 2022. The rising Internet security market is also a hot area for venture capital investors, attracting almost US$33 billion to 2,479 security startups since 2009.

In India, the mobile internet has become a necessity for each Indian household, technology adaptation is increasing at an unprecedented rate, and we are fast evolving as a matured internet economy. It is also projected that the reach of the smart phones will increase significantly, and the number of IoT-connected devices is likely to reach 25 billion by 2021. It is also predicted that by 2024, 4G will cover an estimated 90 percent of the population, and 5G networks would cover about 40 percent. The rise in telephone connectivity and internet connected devices coupled with the affordable digital data is backed by a few million lines of additional code in the ecosystem. These new set of devices, new telephony backbone, and their additional program codes will create a new playground for the cyber criminals.

The question that needs to be answered by the government, businesses and individuals on priority include – One, are we ready to manage this situation? Two, are we ready with the cyber security framework? Three, have we developed cyber security policies to fight the emerging cyber threats? Four, are we developing the cyber security culture? Five, are we working towards becoming a cyber safe organization/nation?

It is critical for us to start thinking on these lines and most importantly start working on it to build cybersafe organizations, and government bodies. If we fail to build a resilient and trustworthy cyber security ecosystem, every single breach can have serious, cascading effects. For example, the 2017 NotPetya cyberattack cost Maersk more than US$300 million, and the damages to all other companies affected totaled more than US$10 billion. The concern of the cyber security is also reflected in the Accenture’s report “Securing the Digital Economy”, which suggests that as high as 68% of CEOs report that their businesses’ dependence on the Internet is increasing but the confidence in Internet security is going down. As per the report, in the next five years, the confidence level in the Internet is forecasted to drop to 25%, while dependence on it is assumed to remain at 100%.

Steven Gray, Head of Payments, Tax and Fraud, Radial says, “Fraud attacks continue to rise, and we can expect to see them increase in volume up to 2-3X in the coming year. In addition to an increase number of attacks, we anticipate cyber criminals will leverage new tactics to fool retailers and consumers. We will continue to see them utilizing compromised data obtained from data breaches but beyond that we can anticipate the use of account take over efforts like attacking small and medium-sized online merchants that don’t have proper eCommerce fraud risk technologies, and attacking online merchants with high speed velocity, identity takeover, and brute force high volume attempts.” The threat of the ever-increasing cyberattacks are cause of concern for everyone. Business leaders, political leaders, professionals anyone who is on the internet and deals in data can no longer afford to ignore cyber threats. It will be only apt to say that the very foundation of modern society increasingly depends on our ability to protect digital assets. Data is the key and safety of the data should be the priority of everyone – business, government, individual, or society.

Today CISOs are in defense mode and in many cases are far behind the attackers when it comes to creativity and sophistication. The future of cybersecurity will rely on the super skilled IT organizations, equipped with powerful tools that will allow them to better protect their organizations. The rise of machine learning and science will be at the core of this trend and vendors who will be able to truly deliver innovation in their respective areas will dominate.”  Shlomi Gian, Chief Executive Officer, CybeReady

As the Internet’s fault lines are becoming more apparent business leaders, political leaders and professionals are trying to build an ecosystem of trust. The task is not easy as the cyber criminals are actively working on the vulnerability that internet offers. In such a vulnerable environment, the data should be kept safe from the new age pirates. These new age pirates are sophisticated and frequently have resources and budgets that is more impressive than the best of cyber security departments managed by corporates, government, or individuals. We have also observed that some of these cybercriminals have well-developed cybercrime ecosystem that provides support as ‘cybercrime as a service’. Some of these mature cybercriminals, over period of time, have built a robust cybercrime ecosystem.

The challenge this cybercrime ecosystem has created in the Indian cybersecurity market also reflects in Internet security threat report (ISTR), Symantec 2018. As per this report, India ranked third in the list of countries where the highest number of cyber threats were detected, and second in terms of targeted attacks in 2017. The biggest challenge in Indian cyber security ecosystem is yet to evolved and challenge the cybercriminals at their turf. As of now the cyber security ecosystem is not even equipped to challenge the basic threat that comes from spam and phishing.