This July, MediaNama held an open house discussion on Securing Online Data, supported by Microsoft and Akamai. This is Part 1 of our coverage of the discussion, which looks into emerging cyber threats in India and how well Indian users/companies are equipped while handling cyber attacks, based on presentations from Bruno Goveas, Director, Business Development (APAC & Japan) at Akamai, and Manish Tiwari, Chief Information Security Advisor at Microsoft.
Types of new age Cyber threats
According to Bruno Goveas, Director, Business Development (APAC & Japan) at Akamai, 31% of malicious IP addresses that attack the company’s India customers are coming from outside the country. Web-based attacks are the most prevalent because hackers don’t want you to know that you are breached, they want you to know only after it’s too late. Among this (web attacks), credential checking stuff is getting to be a big problem of late”. The most prevalent types of attacks (ranked as Per Akamai) include:
i) Web attackers
ii) Scanning tools
iii) Web Scrapers/Bots
iv)DoS Denial of Service) attacks
Manish Tiwari, Chief Information Security Advisor at Microsoft said “almost 3 lakh new villages will be digitized…because of the national fiber network program which the government is driving. With this, the need for cyber security also increases. There is a tendency of organized crime, moving into cyberspace. We have seen the case of the Cron as well as other Ruby (based) malware attacks targeting Android systems. Cron was an a ttack reported in Russia against the banking system, and Ruby is a much larger malware which is spreading across in the Android ecosystem.
“We also had WannaCry, which was a massive thing, but probably one of the reasons it succeeded on a global scale was because a large number of systems have not been updated/upgraded or have not been patched. But the WannaCry attack wasn’t a commercial success.”
What needs to be done apart from securing data centers
Goveas said “securing data at the data center level isn’t always enough. Each malicious IP trying to attack data centers once in a month. A data center approach is not enough, you need to complement it with a cloud security solution which extends the perimeter. The key is visibility—you (or your company) needs to know whether something is malicious or not, when these guys (hackers) are coming from all over the world, and are attacking you from 400,000 IPs, once in a month or once in a week, you will need this intelligence, recorded and saved in a platform and reviewed whenever required.”
“What people (or companies) don’t realize is that there is a need for added layer of security. In a VPN for enterprise network, one gets access through DNS resolver, to get access to company (private) content. Now hackers have started targeting DNS resolvers. So you need to protect the DNS as well. Some hackers use dynamically generated domains, using certain domain generation algorithms. They make a request with the command and control server with the short-lived domain to gain access to private content. How do you catch such an attack? Only if there is a global perspective (recorded history of malicious IPs), you can catch such an attack, you need intelligence to find it and block it, right at the source, because every (malicious) request is going to be a DNS request.”
E-commerce and Fintech most targeted segments
Tiwari said that “for e-commerce companies, it’s important not only protect your own data and the IT infrastructure that holds the data, it is also important to protect the weakest link in the chain, and that is your customer. With the advent of wallets and payment banks, there is a silent revolution taking place, and the days of brick and mortar banks are over. It’s good for the customer, but at the end of the day, more and more transactions, particularly, micro transactions are gonna happen in the digital world, and a large number of probably not so IT literate people are going to be dependent on this in a big way. It’s important for us to spend time and effort to protect this weakest link… The financial sector is the most targeted industry, obviously, because there is a lot of money at stake.”
Are Indian users prepared?
Quoting a KPMG report, Manish Tiwari said that 74% of the organizations in this country have not done a risk assessment including cyber security. India is one of the most infected countries in the world, with respect to malware, and also unwanted (malicious) software. We also have a very high rate of prevalence of piracy.
“Increasingly what I see is cyber security incidents taking place, not because some very fancy and expensive cyber security solution has not been put into place. In most of the cases, it’s because basic fundamentals of cyber security have not been applied. C-level personnel like CFO, CXOs, CEOs, and the board of directors—they don’t understand Cyber Security…although this is changing. I think we have not done a great job in convincing the leadership of the organizations on what truly is wrong and what truly needs to be done from a secured digital transformation perspective.
“When we talk about securing online data, we should also think about securing any kind of data, no matter if the data is online or offline. And we are moving towards a mobile ecosystem—not cell phones—it’s about anywhere and anytime computing. Today data moves from platform to another, one product to another, and it’s important to secure data in all its forms. Your access to your data and the services that enable productive access to your data, should never be interrupted. Your data should only be accessible to those who are authorized to see it. These are the two fundamental principles that govern cyber security.”