Cyber security is of much importance when it comes to datacenters, The aim of physical data center security is largely the same worldwide; barring any local regulatory restrictions - keeping out the people unwanted in the building, and if they do make it in, then identify them as soon as possible (ideally also keeping them contained to a section of the building). The old adage of network security specialists, that “security is like an onion” applies just as much for the physical security of a data center.
The data center security market is expected to grow from USD 6.32 Billion in 2016 to USD 12.91 Billion by 2021, at a high Compound Annual Growth Rate (CAGR) of 15.36%. For the purpose of report, 2015 has been considered as the historical year and 2016 as the base year for performing market estimation and forecasting. The data center security market is witnessing a rapid growth due to the growing need for network virtualization and cloud computing that bring out higher work efficiency levels within the organization. Data center security solutions help in securing big data transfers and securing a network from any risk. Additionally, the growing adoption of Bring Your Own Device (BYOD) calls for advanced secured network solutions.
Ransomware – Era of Digital Extortion
Ransomware attacks have increased from a few hundred(s) in 2005 to 2.5 mn in 2016
Ransomware (the hot favourite in the world of cybercrime) is setting the new era of digital extortion. Ransomware is a class of malware that restricts access to the computer system it infects, and demands a ransom paid to the creator of the malware for the restriction to be removed (Wikipedia). It is nothing but a straightforward extortion software tool designed to encrypt your data/lock declaring that the system is locked, followed by a ransom demand. RSA-2048 encryption is used to perform the heinous act. The year 2015 marked the birth of ransomware. Since then, it has transformed (matured) from a fake antivirus tool to a leading tool in the hands of digital cybercriminals extorting anywhere between $500 and $20,000 to unlock data/systems from individuals, businesses and other organizations.
B. S. Rao
Ransomware is of two types. Type I is encryption ransomware which encrypts the files on the hard disk and one may find it quite difficult to decrypt without paying the ransom demanded. Type II is non-encryption ransomware where there is no encryption but instead locks up the systems with a message “Your computer is locked”.
The evolution and prominence of ransomware can be well imagined with the growth of ransomware attacks of just a few hundred(s) in 2005 to 2.5 million-plus in 2016.
The initial attempts to find an opportunity by performing a reconnaissance through a phishing email. Reportedly, 93 per cent of all phishing emails are said to be containing encryption ransomware. Phishing emails hit a new high of 6.3 million in the last year. The usual infection (Ex: CryptoWall) is through email attachments with enticing subject lines are sent attached with zip files containing ransomware executables or even a link to click on. Once the individual opens the files, the executable file locks up the system and in case the he/she clicks on the malicious link, a connection is established to the malicious website and immediately an exploit is launched and malware is shipped online – if the ransomware hacker manages to gain control of the system, the system is locked and a message such as “Your system is locked” is displayed.
When you visit a website a browser, hijacker locks up your browser with a message that “Your browser has been locked” – to indicate that the hijacker has taken over the browser does not allow the user to close the browser (window) or switch to another web page and demands a ransom to gain access to your system again.
World’s Most Dreaded Ransomwares
Cryptolocker, Cryptoware, Locky, Jigsaw, Teslacrypt, Fareit, Samsam, Peyta, Fantom, Crysis, Cerber, Shade, Powerware and Ransom32, among others are the digital extortionists ruling the world of cybercriminals.
Ransomware Demands Across Industry
A hospital in LA, USA was infected with ransomware and had to pay up ransom in bitcoin(s) after their system and network was locked up for more than a week. In some cases, MRI is locked until the ransom is paid, an X-ray machine is turned off and files are encrypted until the ransomware is paid. One other hospital ended up paying over $10,000 as ransom to restore its IT systems. Almost 80 per cent healthcare organizations have been affected by ransomware. In yet another case, the ransomware criminals gained control of heating, ventilation, and air conditioning (HVAC) of a data center and released only after the ransom was paid. In a recent case in India, an ERP system of a multinational was locked by ransomware criminals and they had to pay up the ransom in bitcoins. An educational institute too was hit by ransomware attack and had to cough up the ransom to restore their systems. India ranks number one on the ransomware radar, besides other countries from Europe and Americas.
To prevent ransomware attacks, it is critical that every organization deploys latest web and spam filters, IDS, antivirus, IP/Cloud reputation systems, DNS layer security (as per system deployment). Sandboxing is yet another way to prevent and secure your systems. This apart, it is important to take regular data backups, disable RDPs to thwart any ransomware attacks.
Lastly, it is important to avoid plugging in the USB sticks (usually received during trade shows) where information is circulated for business or academic purposes. It could contain ransomware (virus) infecting your initial system where it is inserted and then go on to infect all other systems on the network and then lock up the systems and demand a ransom. To avoid such occurrence, it is important to scan the USB stick/drive before using, encrypt data on USB drive. It would be best to avoid USB sticks in the first place as a policy in the organization.
Finally, as far as ransomware is concerned, prevention is better than cure.
Lacuna's in India’s Cyber Security
DT Act, 2000 Amended DT Act, 2000 will definitely help India
The amendment of 2008 has failed to define word “Hacking” or “Hacker”, surprisingly the act of hacking with the very word “hacking” finds a mention in section 66 of the original Act.
Section 79 of the amended IT Act, 2000 is not a penal section under the Act. Penalty under the Act would arise on any person or a body corporate. When an incident has occurred on account of other sections such as Sec 43, 43-A, 65, 66, 66A, 66B, 66C, 66D, 66E, 66F, 67, 67A, 67B, 69, 69A, 69B, 70, 71, 72, 72A, 73, 74, 84B, 84C etc. which can be brought under any of these sections and the person who is accused is otherwise an “Intermediary” as defined under the Act, then the provisions of Section 79 apply. These provisions give him an opportunity to escape his liability. To use these provisions he needs to act such in a manner which can be considered as “Exercising Due Diligence”.
Prashant Mali, Advocate Practicing lawyer from Bombay High Court.
(Specialist in cyber and electronic evidence related matters)
The amended IT Act, 2000 has not specifically dealt with the issues pertaining to Ediscovery. Today, increasingly organizations are relying upon digital evidence like email etc. and media as a means of communicating with each other and conducting business. IT Act, 2000 remains silent on this issue and also leaves scope for business exploitation of Ediscovery by large consulting firms at their own interpretation.
The IT Act, 2000 have not dealt with spam issue in a comprehensive manner. The definitions section does not define the word spam nor is even mentioned anywhere in the Act. The practice of sending unsolicited emails is getting rampant in India which also amounts to breach of individuals right to privacy on the net. While India already features in the top ten nations from where spam originates, the legislature did not think of taking exclusive cognizance to this huge menace, which jams our new national resource “the bandwidth”.
A Cyber Cafe is also an “Intermediary” hence the obligations under Section 79 and the rules framed there in for “Intermediaries” already apply to Cyber Cafes. The rules for Cyber Cafes are incomplete rules requiring further rule making at the State Government level. The rules also infringe on the powers of the State Government for maintaining law and order in the State.
Cyber Squatting which relates to stealing or assuming a domain name of a established brand by a new or less known brand or a company or an individual, is not exclusively covered in the IT Act.
The crime of pornography by foreign websites is let loose and is not discussed nor being penalized. This flaw also makes Indian cyber criminals to host their pornography related website’s on foreign shores without being accounted for in Indian territory.
Taxation of ecommerce transactions when a transaction is committed from Indian jurisdiction is not explicitly discussed nor are any passing references made in a view to bind it with Indian tax laws.
Jurisdiction of electronic contracts is not clearly defined in the Act. Cross border contracts since “Click-Wrap” contracts are not legally recognized as equivalent to digitally signed contract, body corporates relying on “Click-Wrap Contracts” (Where the user clicks on a button or checkbox I agree”) need to take such additional measures as may be required to provide a supplementary evidentiary base for validating the contracts.
A clear section with regards to Jurisdiction of courts over parties staying or operating in different jurisdictions or countries is not covered. Even though having a complete separate legal jurisdiction for the cyber world, is not an expectation but certain clear guidelines necessary help lower courts and humble netizens.
• Law remains silent for stamp duty on electronic contracts. eStamp duty if permitted can yield lot of revenue to the government.
• Internet hour theft being completely intangible and different type of theft other than theft of tangible items, Internet hours or bandwidth theft is not taken care of in The IT Act, 2000.Recourse to section 379 of The IPC may not result in justice for reasons of interpretation.
• There is no power given to police for entering and searching private places .Many cyber criminals operate from homes where police cannot search. Also major penal sections though cognizable are also bailable, this option allows the accessed to seek and get anticipatory bail before even action begins.
• Major offences covered under this Act are bailable. Thus interim reliefs, anticipatory bails etc. would be in vogue with cyber criminals.
• The IT Act, 2000 does not explicitly consider Intellectual Property Rights in the Internet domain.
• There is no clause under section 43 which describes cyber/online defamation, thus has no provision for compensation for cyber/online defamation.
• The definition of data includes sound stored, sent or received, that makes even a person speaking on microphone liable under The IT Act, 2000 as what he says is a Data.
• This law does not talk explicitly of forming cyber crime courts for criminal trials. The law is silent on authorized cyber forensics tools to be used in investigation.
Create Awareness to Protect Cyber Threats
Mobile networks are inherently secure and data is protected, but the lack of awareness around risks lurking in the cyberspace is posing new challenges
Internet is undoubtedly one of the greatest technological blessings of our time but we cannot overlook the possible threats such as hacking, cyber stalking, fraud, bullying and abuse. They are making headlines every day, and the incidence has only increased in the recent past. It is easier to identify such harms and mitigate the risks in real life, but in the virtual world very few understand how to identify and resolve these issues.
Telenor India Communications
As service providers, the onus is on telecom operators to ensure that users not only benefit from being connected to the information superhighway, but they are also adequately equipped to protect themselves from falling prey to online harms. The emphasis is not only to bring the new but old mobile users too within the folds of a connected world and also educate the next generation of users on safe Internet practices. As digitization touches every aspect of our life, it is important for all of us to acknowledge and understand the nature of threats we are exposed to and how to avoid them.
Digital Transformation through GSK
As users migrate from voice and feature phones to data and Internet-enabled phones, the transition should be without fear and hesitation. To make this happen and to answer any question on the new way of connected life, Telenor Grahak Shiksha Kendras (GSK) or customer education hubs are playing an important role. There are nearly 400 GSKs across nine states where trained customer relation executives are educating customers on how to use an Internet-enabled mobile device and telling them about the benefits of being connected by taking precautions such as strong passwords and getting the privacy settings right.
Initiatives like Internet on Wheels, where the retail store comes to the doorsteps of customers. These are the first steps towards acquiring digital skills and also help customers understand Internet to use it more meaningfully.
Cyber Safety for Children
In 2012, when everyone was discussing faster Internet speeds and improving customer experience, a survey commissioned by the Telenor Group revealed that over 134 million children will come online by 2017 in India alone. However, given the pace of Internet growth in the last five years, this number will be far higher than any estimate. While this is an indication of how fast our younger generation is becoming part of the technology changes happening across the world, the survey also highlighted the low resilience among them when it came to online threats.
Proliferation of affordable mobile devices and easy access to Internet has exposed our kids to good as well as harmful content and practices. The survey indicated that in India every second child, who is using Internet, has faced some form of cyberbullying. In fact, cyberbullying has emerged as one of the major issues online and often it goes undetected as children do not discuss the issue with parents or teachers.
Realizing these vulnerabilities, in 2014 Telenor started a programme called WebWise in schools. These interactive workshops focus on creating awareness among students, teachers as well as parents. The interactive sessions include case-studies and practical information on how to surf the Internet safely, minimize potential harm on social media, be resilient to cyberbullying and even tips on how to set smart passwords. Till now, WebWise has reached to over 55,000 students in 102 schools across 14 cities.
Most of these efforts are voluntary in nature and not mandated by policy or regulation. If the industry is talking about an Internet-driven lifestyle, then we should create an environment where there is no hesitation or fear in embracing digitization. For example, as part of a global initiative, Telenor Group collaborated with the European Commission’s CEO Coalition to make Internet a better place for kids and worked with Interpol to become the first mobile operator in the world to introduce Child Sexual Abuse filters for mobile phones. In India too, Telenor has worked closely with the authorities to implement CSA filters to block any content related to child pornography and today these websites, as per the Interpol’s list, cannot be accessed on mobile networks in the country.
Telenor has been able to successfully drive cyber safety awareness amongst various sections of the society, while ensuring an enriching customer experience. These are small steps towards the larger goal that needs support from all stakeholders in the digital ecosystem.
Regulations Should Protect Citizen's Data
Protecting files and enabling ‘safe sharing’ of information will help improve digital adoption
India, in its 71st year of Independence, is witnessing enormous digital advances. While we continue to plug into the digital realm, there are huge risks lurking around the corner especially in terms of protecting the important privacy documents of the larger population in general. Robust data integrity, both inside and outside the perimeter of Public Sector Enterprises and Government institutions, including but not limited to third party affiliates and vendor organisations, will ensure long terms benefits for all stakeholders.
How safe are your ID proofs & KYC Documents?
While the government has made the right move with demonetisation, there is still much to achieve when it comes to the digital world. The government’s digital momentum initiative needs to address the rising security and privacy concerns of citizens. Large private organizations pull out all stops to ensure their information assets are protected both within their boundaries as well as from the risks outside their perimeter. In the same way, government files, documents, citizen details stored should also be right protected. The all-important question is, how safe is your important data like ID proofs and KYC Documents etc? We live and work in an always-on digital economy. Free movement of data, oils the wheels of today’s enterprise – as well as the modern-day government by making information flow seamlessly across enterprise borders.
VP, Sales India,
Middle East & Africa, Seclore
While digitization helps improve information-sharing and collaboration amongst your different stakeholders, right protection is mission-critical to avoid any misuse of data. Protecting sensitive files and enabling ‘safe sharing’ of information will help improve digital adoption. In particular, soft copies of customers’ KYC documents and identification proofs needs to be protected, ideally with persistent data-centric security that travels with the files. It is equally important in cases of tax & land records, transaction files, court documents etc. that can be accessed and utilized by only authorized users. This will help build the citizen’s full trust in our digital march.
Should third party outsourcing vendors be regulated?
Hence there has to be a parallel initiative taken by Government wherein, security of digital data needs go hand in hand with digitization of data. It cannot be left aside in this fast-paced world. We also hope to see Government organizations placing stricter compliance regulations on their third-party outsource vendors and other external collaboration partners. Third-parties such as advisors, vendors, sub-contractors and business partners pose a huge risk to organizations because they require access to systems and data to conduct business, yet there is no accountability in the way they handle a company’s data. Besides unsecured systems, there is also the issue of sub-contractors stealing intellectual property.
What’s in store in the immediate future?
2017 will be a Historic Year for Cybersecurity Legislation. High-profile incidents such as the breaches at the Democratic National Committee and Yahoo, and the Apple encryption debate have increased public awareness around the importance of data security and privacy. In India too several Indian banks blocked and recalled more than 3.2 million debit cards, fearing fraud due to data leakage caused by a malware infection at a third-party ATM switch used by one of the banks. The growing awareness, coupled with the government’s willingness to acknowledge the national security risks posed by cyberattacks, makes us hopeful we’ll see meaningful progress made in the fight to create effective cyber-legislation.
Many countries such as the US and Israel have their own cyber security frameworks. Europe is leading the way with the General Data Protection Regulation (GDPR) act and we expect countries to follow with similar legislation. There is an urgent need for India also to have a robust cybersecurity framework in place to set up the backbone of stringent IT security measures in the country. This legislation may start with mandatory breach notifications, which initially eliminate undisclosed (or slowly disclosed) cyber incidents, but will eventually take the form of specific guidelines for how citizens’ data must be protected, wherever it travels or is stored.
Stepping into a Secure World
A strong mobile security regime undoubtedly has significant benefits, but, due to inaccurate end-user preconceptions, it is challenging to implement it
In 2015, a British insurance company, Lloyd's, estimated that, due to cyber-attacks, the industry incurs a staggering loss of $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. However, other forecasts, over the past year, have put the cybercrime figure at a frightening $500 billion and beyond. In fact, as the world increasingly becomes digital, cybercrime has the potential to be one of the greatest threats to organizations around the world.
According to the BlackBerry’s mobile security research conducted by BlackBerry Limited, a leader in secure mobile communications, while 73 per cent of organizations have a mobile security strategy in place, just 3 per cent have implemented the highest levels of security possible. This is due in part to user’s attitude – 82% of executives say their existing mobile security practices cause frustration among their employees, while 44 per cent fear that too much security will prevent staff from doing their jobs. These attitudes have led to a risky environment, one in which nearly nine out of ten executives (86 per cent) are nervous that their company’s security won’t be enough to keep out hackers or malware. Part of the reason organizations are opening themselves up to these risks is because of the growing trend of BYOD – where despite the popularity, almost half believe that supporting a BYOD policy is a risk. So what can be done about this volatile business environment?
Security is an enabler, not an inconvenience
Time and again, we hear people speak about information security as a hindrance or an inconvenience. However, when implemented properly, security works with the employees, not against them. Security is, in fact, an enabler. It can connect people to their required resources with ease, allowing them to work seamlessly with tools they are comfortable using. Security focusses on meeting the needs of the end-user, helping them become more productive, alongside the needs of IT. But, for that, an active approach is required by IT departments, especially for BYOD.
Half of executives surveyed by BlackBerry predict that their employees’ mobile devices will inevitably result in security breaches at their organization. Therefore, a critical element to a successful BYOD or COPE (corporate-owned, personally-enabled) mobile environment is ensuring the isolation and separation of personal and business mobile data, also known as containerization. However, nearly 45 per cent have no containerization technology in place. And no one is sure how to address this challenge, whether on corporate-owned or BYOD devices – despite half of respondents agreeing that support of BYOD creates risks at their company. A strong mobile security regime undoubtedly has significant benefits. However, due to inaccurate end-user’s preconceptions, it is challenging to implement it. To address this, it is advisable to regularly evaluate the controls and policies in place to protect the organization.
Security is not a luxury
The predicted losses of billions of dollars clearly underline the paramount importance of security in today’s world. A world where data is on the move – on smartphones, tablets, wearables and laptops – with travelling executives, sales people, field workers, contractors, clients and partners. All this access comes at a price: security. Companies and IT departments are working hard to balance the benefits of mobility – greater productivity, happier workers, decreased costs and increased flexibility – with the risk that a lost or stolen device, malicious app, insider threat or other vulnerability may threaten the safety of corporate data and assets. In line with this, BlackBerry has recently unveiled its mobile-native approach to security with the launch of a comprehensive platform designed for the Enterprise of Things. The BlackBerry Enterprise Mobility Suite enables a consistent approach to endpoint management across multiple OS platforms. It completes the integration of the company's prior acquisitions of security software companies, including Good Technology, WatchDox, AtHoc and Encription. With over 80 security certifications, BlackBerry recently ranked the highest in all six use-cases of Gartner's "Critical Capabilities for High-Security Mobility Management" report.
According to various industry reports, cybercrime costs have quadrupled from 2013 to 2015. This is expected to quadruple again from 2015 to 2019. Juniper research predicts that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. Therefore, now is the time to act and secure (our) one of the most valuable assets – data!
Managing Cyber Security Risk
Digital technology and cashless economy has given rise to many cybersecurity threats
Every organization with digital information assets should have a well laid-out plan to support its security and be compliant to the laws of the land. To achieve this goal, major stakeholders in the company should come together and build a remedial plan in case of any cyber incident. Every company’s approach to mitigating privacy, security risk, complexity and viability of these programmes differs from company to company, depending on its size, space and industry.
Organization that has a limited clientele and revenue, and which handles a small amount of non-public financial data might develop a brief charter points for a privacy and security plan, or perhaps a written standard or policy setting forth the entities regulatory and legal obligations from a privacy perspective. On the other hand, a large and more complex corporation that handles sensitive information is likely to have a number of governance documents that outline and implement appropriate privacy, security policies, processes, procedures and measures. The key factors to be taken into consideration while taking stock of your risk are:
Legal and regulatory risk: What sets of compliance, regulations and principles are required to be followed?
How could a data privacy breach or security incident do to your reputation among your customer base?
What would happen if you are required to notify the media, regulators, shareholders, stakeholders of the organization and how this shall impact your business and image in the corporate world?
What are the financial risks of an external threat and attack to your information system? Could this downtime affect the revenue of your organization?
Could the external and internal threats hamper your operations? What losses directly or indirectly your business would incur caused by a security incident or unforeseen disaster?
Could your business partner take you to court for laxity in implementing proper security practices and causing huge monetary loss?
What could happen if the law-enforcement agency would register offence for keeping the information system unattended and making a gateway for criminals to commit crime at your expense?
What could happen if your data is encrypted and demanding ransomware? Would you like to be caught at ransom for your negligence?
Dr Harold D’Costa
Intelligent Quotient Security System
Once you have identified your risks, start thinking about programmes and procedures that address the risks that could have the largest and the most immediate impact on your business. A third-party assessment of your system, vulnerability assessment and penetration testing and implementation of proper cybersecurity practices are recommended for data protection, privacy governance, security framework and compliance.
An inventory of your physical and data assets should be performed to help shape your security programs. Conduct a sensitive information inventory and data diagramming exercise to identity the systems and applications on your network that need highest level of physical and technical security.
Monitoring and Compliance
Any organization handling information should have dedicated cybersecurity personnel, conduct regular audit, monitor network for vulnerabilities, threats and security events. Organization should ensure that their staff is aware of security and privacy rules and remains vigilant against policy violations. Make sure that your security professional has an up-to-date understanding of privacy and security laws, rules, regulations and industry best practices by monitoring developments and periodically updating policies to reflect any significant changes.
Changing organizational culture and successfully implementing a set of standards might encourage business leaders to expand and implement organizational privacy and security programmes. An effective cybersecurity plan should have:
Training programme for employees
• Use of licensed softwares
• Building, deploying effective hardware and software firewalls
• Establishing a collateral server
• Keeping the backup option on while configuring the OS. This shall ensure that no data be lost.
• Choose a vendor giving you complete solutions under one roof
Balancing Cloud with Data Protection
Encryption and tokenization are becoming accepted best practices to support compliance
India’s National Cyber Security Policy was adopted in 2013 and includes both high-level principles and targeted objectives and proposals. However, the plan has not been fully implemented and the legal framework supporting cybersecurity remains weak. India has been no exception to the devastating cybersecurity breaches that hit multiple industries across the world in 2016. These attacks have proved, time and again, that no one is immune to sophisticated cyber-attacks.
MD - India & SAARC Check Point Software Technologies
In this sophisticated threat environment, where traditional security tactics are failing, it is high time we revisit our security posture to build a strong cyber-resilient framework. As businesses lean on technology for business advantage, newer threat vectors are emerging.
Substantial growth in the online and digital data, smart city initiatives by the Indian Government have pushed the Internet of Things (IoT) market and indirectly the cybersecurity space in India by leaps and bounds. Cyber-attacks have increased year over year making Indian business and government sites more vulnerable. It is now important for Indian enterprises to look at methods to prevent attacks and not just detect attacks. For protection against today’s attacks, the emphasis should be on speed and prevention. Organizations need to take a more proactive approach to cybersecurity.
As businesses and government managed citizen services go increasingly digital, cyber threats are only going to become even more difficult to track, predict and manage. Tackling or preparing for cybercrime is perhaps going to become the most important task for any enterprise. Without a proactive, people-centred cybersecurity strategy in place, businesses run the risk of alienating customers even before they engage with the brand.
Components of Cyber Security Framework
• Right Security Architecture
The right architecture creates a framework for a stable security platform. By implementing the correct architecture, you eliminate single points of failure providing the necessary strength and resiliency to maintain operations and security under any circumstances. Improper architecture is the most common cause for catastrophic failure that leads to unavailability and security issues.
• Human Element
You are only as strong as your weakest link.
If people are improperly trained or (worse) disgruntled, they can misconfigure technology, which can cause catastrophic and unrecoverable disaster. Companies need to educate employees about security – teaching them about the dangers of phishing, unencrypted data and lax reactions, etc.
• Choosing Right Security Technology
Security products should prevent the enemy from getting inside the network. Detecting and blocking the threat only after it has penetrated the network does not really make any sense, especially when you can prevent it.
A robust security framework that seeks to prevent and not just detect security threats is an absolute must. In addition, the framework should evolve with the growing business needs. Periodic optimization of security infrastructure will also help enterprises detect and prevent more threats and lower the total cost of ownership on previous security investments.
Peak into the future
As we look into 2017, we expect to see mobility, Industrial IoT, critical infrastructure and the cloud being the key areas of focus for hackers, besides the traditional threat vectors that exist today.
As attacks on mobile devices continue to grow in the world of mobility, we can expect to see enterprise breaches that originate on mobile devices becoming a more significant corporate security concern. The recent nation-state sponsored attacks on journalists’ mobile phones mean that these attack methods are now in the wild and we should expect to see organized crime actors use them.
Critical infrastructure is highly vulnerable to cyber-attack. Nearly all critical infrastructures, including nuclear power plants and telecommunications towers, were designed and built before the threat of cyber-attacks. In early 2016, the first blackout caused intentionally by a cyber-attack was reported. Security planners in critical infrastructure need to plan for the possibility that their networks and systems will see attack methods consistent with multiple potential threat actors, including nation-states, terrorism and organized crime.
There will also be a rise in ransomware attacks impacting cloud-based data centers. As more organizations embrace the cloud, both public and private, these types of attacks will start finding their way into this new infrastructure, through either encrypted files spreading cloud to cloud or by hackers using the cloud as a volume multiplier.
No sector is immune to vulnerabilities today. Threat researchers say the number, sophistication and virulence of cyber threats continue to grow day by day. Our core focus needs to shift to threat prevention space across endpoint, network and mobile, besides detection solutions.
Cybersecurity is no longer an option, it is an absolute necessity.
Protecting root cause of insecurity must for securing a datacenter
The world has been always vulnerable and unsecure. The primary reason of insecurity of the world is greed of human being. The greed of power and money is the primary source of security problem. This is arising due to non-adoptability of complete spirituality.
Human is still finding the reason of its being and understanding what is best for him to do in life to fulfill the purpose of life. Till the time answer is accepted and followed, mankind is following certain rules of development defined by mankind. The rule of development i.e. win against another human is really dangerous which is followed by the world. The entire world is in race to be better against other human who has created competition, hate across the humanity. This race of becoming powerful or successful has created insecurity across humanity. Unless we come out of this race, there is no real security.
When we talk about datacenter security, there are three types of threats and challenges.
• Protecting data lost
• Protecting system from unavailability
• Protecting data from theft.
Chief Innovation Officer - ESDS Software Solution Pvt. Ltd.
First two kind of problems focuses on overall data lost and system availability. For example, if there is fire, flood or any accident, it can create data lost and unavailability of services. If this act is done purposely it is called as DoS (Denial of Service). The best method to address both of these first two problems is distributed system architecture. The application and database should be distributed across multiple datacenters. The traffic of application should be handled by multiple datacenter simultaneously. If data is spread across multiple datacenter then even if anything goes wrong at one place or at one datacenter, data and system is available at other places. Backup using Object storage methodology at multiple datacenter also keeps data safe. CDN service is one of the best examples of this kind of solution.
The threat of data theft is always from two entities. One is from known sources and second is from unknown sources. The threat from known sources is always major as compare to unknown sources. Unknown sources are really not familiar with you or your data therefore threat from them can be protected using various tools. However the threat from known sources is always bigger as known sources always have full information about yourself, your data, and importance of that data and objective to damage. It is always important to identity the potential known sources who can damage. Known sources are generally our employees, vendors, competitors and so on. The best way to protect from known sources is to make them ‘yours’ in real manner. Although it is not always possible to make everyone happy but efforts in that directions should be made consciously to tackle such human threat.
The problem from known sources is primarily of two types. One is physical theft of data and second is remotely theft of data. The probability of physical theft of data in cloud era or distributed system is really very less and would not be preferable way for any intruder. Therefore the remaining focused should be on mitigating virtual/remote data theft way. Remote data theft is done using tools. Although the rival is between humans however tools fight for human being. In Early years of the world, human used to fight with own organs directly however over the period of tools/weapons fights for human. Therefore to protect from tool attack, better tools are require. Certainly there are many tools available in market to protect various threats from other tools. The available tools like antivirus, anti-malware, anti-spamming, end point protections, application control change system and encryption and so on.
The problem of data theft happens at two places - either in-transit or on stored data. The solutions can be different for different size of company. For example for small size of organizations, adopting available tools in market is best solution however for large and medium size organizations whose yearly expenditure is above 100 crore Rupees should be different. For mitigating the in-transit problems, the organization must adopt encryption. End to end encryption right from end user to data storage is good option. For stored data, the mid and large organization should really get their own protocol of storing data or database system developed. When there is complete enclosed system and others don’t have information about data representation, data value meaning, it would be difficult to theft data. Therefore own closed system is always better solutions for large and mid-size organization. We all know there are countries in the world who develop weapons, creates fear in the world and then sale weapons to others to protect. If this is possible with countries, there is possibility it can happen with security organizations as well.
Tools which can be used to mitigate against tools depend upon type of threat. However datacenter should start adopting system which are ‘inter communicable’ and based on deep learning, artificial intelligence. For example, if someone has deployed system of anti-virus, database activity monitoring, NDIS, IPS, end point protection, application control system, SIEM then all these system should have intelligence to talk to each other and pass-on threat messages to each other so that every protection system can act itself to protect all doors for intruder. Continuous monitoring of all activities using SIEM and application behavior monitoring system is important which can identify unusual activity and notify. Based on these unusual activities, security engineers should start investigating and protecting it. As conclusion of this, tools don’t require data, data is useful for mankind and therefore along with tools protections system, the focus should be how to protect root cause of insecurity.