wordpress blog stats
Connect with us

Hi, what are you looking for?

, , , ,

#NAMAcloud: New age Cyber Security threats and defenses

This July, MediaNama held an open house discussion on Securing Online Data, supported by Microsoft and Akamai. This is Part 1 of our coverage of the discussion, which looks into emerging cyber threats in India and how well Indian users/companies are equipped while handling cyber attacks, based on presentations from Bruno Goveas, Director, Business Development (APAC & Japan) at Akamai, and Manish Tiwari, Chief Information Security Advisor at Microsoft.

Types of new age Cyber threats

According to Bruno Goveas, Director, Business Development (APAC & Japan) at Akamai, 31% of malicious IP addresses that attack the company’s India customers are coming from outside the country. Web-based attacks are the most prevalent because hackers don’t want you to know that you are breached, they want you to know only after it’s too late. Among this (web attacks), credential checking stuff is getting to be a big problem of late”. The most prevalent types of attacks (ranked as Per Akamai) include:
i) Web attackers
ii) Scanning tools
iii) Web Scrapers/Bots
iv)DoS Denial of Service) attacks

Manish Tiwari, Chief Information Security Advisor at Microsoft said “almost 3 lakh new villages will be digitized…because of the national fiber network program which the government is driving. With this, the need for cyber security also increases. There is a tendency of organized crime, moving into cyberspace. We have seen the case of the Cron as well as other Ruby (based) malware attacks targeting Android systems. Cron was an a  ttack reported in Russia against the banking system, and Ruby is a much larger malware which is spreading across in the Android ecosystem.

“We also had WannaCry, which was a massive thing, but probably one of the reasons it succeeded on a global scale was because a large number of systems have not been updated/upgraded or have not been patched. But the WannaCry attack wasn’t a commercial success.”

What needs to be done apart from securing data centers

Goveas said “securing data at the data center level isn’t always enough. Each malicious IP trying to attack data centers once in a month. A data center approach is not enough, you need to complement it with a cloud security solution which extends the perimeter. The key is visibility—you (or your company) needs to know whether something is malicious or not, when these guys (hackers) are coming from all over the world, and are attacking you from 400,000 IPs, once in a month or once in a week, you will need this intelligence, recorded and saved in a platform and reviewed whenever required.”

“What people (or companies) don’t realize is that there is a need for added layer of security. In a VPN for enterprise network, one gets access through DNS resolver, to get access to company (private) content. Now hackers have started targeting DNS resolvers. So you need to protect the DNS as well. Some hackers use dynamically generated domains, using certain domain generation algorithms. They make a request with the command and control server with the short-lived domain to gain access to private content. How do you catch such an attack? Only if there is a global perspective (recorded history of malicious IPs), you can catch such an attack, you need intelligence to find it and block it, right at the source, because every (malicious) request is going to be a DNS request.”

Advertisement. Scroll to continue reading.

E-commerce and Fintech most targeted segments

Tiwari said that “for e-commerce companies, it’s important not only protect your own data and the IT infrastructure that holds the data, it is also important to protect the weakest link in the chain, and that is your customer. With the advent of wallets and payment banks, there is a silent revolution taking place, and the days of brick and mortar banks are over. It’s good for the customer, but at the end of the day, more and more transactions, particularly, micro transactions are gonna happen in the digital world, and a large number of probably not so IT literate people are going to be dependent on this in a big way. It’s important for us to spend time and effort to protect this weakest link… The financial sector is the most targeted industry, obviously, because there is a lot of money at stake.”

Are Indian users prepared?

Quoting a KPMG report, Manish Tiwari said that 74% of the organizations in this country have not done a risk assessment including cyber security. India is one of the most infected countries in the world, with respect to malware, and also unwanted (malicious) software. We also have a very high rate of prevalence of piracy.

“Increasingly what I see is cyber security incidents taking place, not because some very fancy and expensive cyber security solution has not been put into place. In most of the cases, it’s because basic fundamentals of cyber security have not been applied. C-level personnel like CFO, CXOs, CEOs, and the board of directors—they don’t understand Cyber Security…although this is changing. I think we have not done a great job in convincing the leadership of the organizations on what truly is wrong and what truly needs to be done from a secured digital transformation perspective.

“When we talk about securing online data, we should also think about securing any kind of data, no matter if the data is online or offline. And we are moving towards a mobile ecosystem—not cell phones—it’s about anywhere and anytime computing. Today data moves from platform to another, one product to another, and it’s important to secure data in all its forms. Your access to your data and the services that enable productive access to your data, should never be interrupted. Your data should only be accessible to those who are authorized to see it. These are the two fundamental principles that govern cyber security.”

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

News

By Anand Venkatanarayanan                         There has been enough commentary about the Indian IT...

News

By Rahul Rai and Shruti Aji Murali The Indian antitrust regulator, the Competition Commission of India (CCI) has a little more than a decade...

News

By Stella Joseph, Prakhil Mishra, and Surabhi Prabhudesai The recent difference of opinions between the Government and Twitter brings to fore the increasing scrutiny...

News

This article is being posted here courtesy of The Wire, where it was originally published on June 17.  By Saksham Singh The St Petersburg paradox,...

You May Also Like

News

Key takeaways: While the framework of the rules has created two categories of regulations – one for intermediaries and one for digital media organizations,...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ