Cyber attacks are growing in volume and complexity. Research findings indicate that many Indian firms are still showing a lukewarm response in building an advanced cyber security strategy that can safeguard their businesses against the highly destructive activities of cyber criminals. In an interaction with Dataquest, Mrinmoy Purkayastha, VP, ALTEN Calsoft Labs, shares his views on the gaps in enterprise cyber security policies and how technology can be used to fix these
Can you point out some interesting cases where the lack of adequate and timely response mechanism cost an organization heavily in case of a cyber-attack?
Wide-ranging motives of a cyber-attack includes installation of a spyware, deletion of information from a PC and even destruction of complete infrastructure for a whole nation. With time, cyber-attacks continue to escalate in frequency, severity and impact.
Recently eBay suffered one of the biggest hacks so far. Personal records of 233 million users were stolen by the hackers leaving them vulnerable to identity theft. Hackers managed to gain access to the sensitive data like username, password, phone numbers and physical addresses. The company urged its users to change passwords as soon as possible and also ensured them that the financial information was safely stored in an encrypted format. The Syrian Electronic Army claimed responsibility of this attack and regarded it as a hacktivist operation.
What are the major cyber security gaps you see in the context of Indian enterprises?
KPMG reports that 72% of Indian companies faced cyber-attacks in 2015.
Indian enterprises are mostly suffering attacks in terms of access to financial and customer confidential information leading to disruption in production and business processes. Financial organizations followed by the Communication/Entertainment and Infrastructure Industry appears to be the assailable sectors.
In India, the future of urbanization and population sustainability is SMART CITY. To provide a conductive environment for living, commercial activities and healthcare, smart cities predominantly rely upon use of information and communication technologies (ICT). The ubiquitous usage of ICT, IoT, M2M and cloud computing has left it vulnerable to cyber-attacks against the critical infrastructure. If properly executed, such a cyber-attack can cripple the entire city. While Critical Infrastructure Protection in India is still an incipient, Cyber Security Policy is also weak. This has accelerated the necessity to implement the cyber security related projects shortly to bridge this gap.
What kind of investments are organizations making on these lines?
Global State of Information Security Survey 2016 revealed 117% increase in detected information security incidents and a 71% boost in security budgets in India. To cope up with the financial losses of about 135% incurred due to cyber-attacks, an increasing number of organizations are now adopting cloud based security models. Cloud-based security tools such as analytics, advanced authentication and identity & access management are some of the most opted preferences of the enterprises. Big Data encourages storage of real time data that would certainly be helpful to draw more accurate insights.
How do you see technology solutions making a difference?
The harm caused by a majority of cyber-attacks can be circumscribed by technology and preventive & detective control implementation. Logging of critical events and monitoring central security incidents, 24/7 standby crisis management systems fortifies the technology detection metrics. Prevention schemes concentrate on governance and organization.
An ounce of prevention is worth a pound of cure. So, it’s high time for every company to embrace a preventive approach to confront the cyber security challenges. To ensure your security in the cyber space, check your code signing certificates, SSH and Server keys regularly.
"Cyber attacks are not what makes the cool war cool. As a strategic matter, they do not differ fundamentally from older tools of espionage and sabotage,” articulates Noah Feldman, an American author.
Although there is no guarantee that you’ll always be free from spyware, there are some things which you surely can do to seriously lower your risk. So, let’s start doing those from today itself.