Cyber Security Ecosystem

Cyber Security Ecosystem

In the last two decades, technology has undergone a paradigm shift. The new age technology has played the role of an enabler in improving the way business is performed. We all know that technology in all shape and size has its own set of advantages and challenges. On the one hand it enables businesses like health care, transportation, communication, education, entertainment, banking, etc that improves our living standards, and life expectancies of the end user; but on the other hand, it comes along with inherent challenges of cybersecurity. A compromised cybersecurity can cause major damage to business. It can affect the bottom line as well as your business’ standing and consumer trust.

According to one estimate, cybercrime damages are projected to exceed a staggering $6 trillion by 2021. It’s obvious that business – banks, tech companies, hospitals, government agencies are investing in cybersecurity infrastructure; but are they investing in the right product, resources, and strategy? Is their cyber security framework designed to protect their business practices and the millions of customers that trust them with their data? Do they understand that the impact of a security breach can be broadly divided into three categories: one, cyber-attacks often result in substantial financial loss arising mostly from the theft of corporate or financial information, loss of business or contract; two, cyber-attacks can damage your business’ reputation and erode the trust customers have for you; and three, data protection and privacy laws require you to manage the security of all personal data you hold. Furthermore, many of the cyber security issues are a function of three key elements – one, rapid growth in Internet user – government, businesses, individuals and societies; two, new age applications and tools in use; three, how these new users are using these new set of tools and applications.

Cybersecurity breaches can devastate even the most resilient of businesses. It is extremely important to manage the risks accordingly. This task is not easy as cyber criminals have mastered the art of driving cyber-crimes such as frauds and thefts by manipulating technology-controlled devices to their advantage. These cyber criminals are not only using the best of the technologies, and cyber infrastructures but have also developed a well-oiled cybercrime network. This dark network of cyber criminals works together and offer services on contract. This new form of collaborative, and cloud-based cybercrime ecosystem is not easy to counter. It needs a holistic approach to solve the unseen, unexplored and yet to encounter the cyber security problem. It is important to understand that any piecemeal efforts to address cybersecurity issues including the Internet’s inherent flaws, identity and data veracity, vulnerabilities from the Internet of Things (IoT), and increasing digital fragmentation have failed in past and may fail again.

It is the need of the hour to create a cyber security ecosystem that includes the culture of cyber security, and most importantly awareness around cyber security. The cyber security breach is not always by design but most of the time it is caused by the basic human error. IBM suggests that 27% of data breaches are caused by human error. It only means that more than a quarter of cyber security breaches could have been easily prevented with better education. Though cyber security education is important and critical element to prevent cyber thefts, but a robust cyber security framework is the need of the hour as anyone can be a victim of the weak link in their cyber security framework.

We all know that one of the most powerful and influential political leaders of our times Hillary Clinton was a victim of email phishing attack during her 2015 presidential election. This cyber breach helped hackers’ access to about 60,000 emails from John Podesta, chairman of Hillary Clinton’s campaign, private Gmail account. The information leak from the John Podesta email created an environment of confusion and distrust. This email phishing attack can be attributed as one of the major reasons why Hillary Clinton lost the US Election to Donald Trump. This was not a failure of technology or system but a classic case of human error.

This growth in cyber-attack is largely attributed to poor awareness level of the end users, increased reliance on technology, compromised skillset of the cyber security workforce, underdeveloped cyber security architecture, compromised software hardware and telecom infrastructure. The sumtotal of all these adds to company’s vulnerability. Verizon conducted a year-long investigation into the leading causes of data breaches, publishing its findings in its 2018 Data Breach Investigations Report. As per the report following are the key source of cyber-attacks and their contribution: Physical actions (11%), Privilege misuse (12%), Social engineering (17%), Human error (17%), Malware (30%), and Criminal hacking (48%). The cause of data breach may not change over time but their contribution percentage may change.

The overall cyber security ecosystem and cybercrime ecosystem is evolving and both side of participants are working hard to win their respective games. Hackers will continue to be more sophisticated, using new methods and tools to gain access to private information. To defend against such cyberattacks, companies will need to use more effective security solutions with innovative approaches. For instance, companies will assess their cybersecurity as seen from the hacker’s point of view. The goal will be to not only increase cyber resilience internally within their specific company, but also across the company’s supply chain.

Also published at http://infidirect.com/2018/05/01/the-subtle-art-that-differentiates-good-designers-from-great/

Cyber Security Landscape

Cyber Security Landscape

According to Mary Meeker’s 2019 Internet Trends Report, global internet users have touched 3.8 billion which is more than half of the world’s population. India, the second largest contributor, accounts to 12 percent of the global internet user base. Moreover, in India, the large internet user base is backed by proliferation of affordable smartphones, access of high-speed internet and low-cost data. As per a report by telecom equipment maker Ericsson, India has the world’s highest data usage per smartphone at an average of 9.8GB per month; this is set to double to 18GB by 2024. It will be only apt to say that mobile internet, is deeply embedded in every Indian’s daily lifestyle. In India, Internet is seen as extension of the basic infrastructure such as water supply, electricity, and public health systems, etc. In the preputial evolving digital infrastructure, the risks to the economy, government, and public information is very high. This risk is bound to increase in times to come as we are progressively maturing our Internet needs.

The impact of the risk and growing concern of the CEOs, and board members are reflecting in the cyber security trends. In last few years, CEOs have stepped up their spending on cybersecurity to protect their valuable data and other key business information. In its latest security forecast, Gartner projects that such spending was more than US$123 billion for 2018 and will grow by 10.8 percent per year to nearly US$170.5 billion by 2022. The rising Internet security market is also a hot area for venture capital investors, attracting almost US$33 billion to 2,479 security startups since 2009.

In India, the mobile internet has become a necessity for each Indian household, technology adaptation is increasing at an unprecedented rate, and we are fast evolving as a matured internet economy. It is also projected that the reach of the smart phones will increase significantly, and the number of IoT-connected devices is likely to reach 25 billion by 2021. It is also predicted that by 2024, 4G will cover an estimated 90 percent of the population, and 5G networks would cover about 40 percent. The rise in telephone connectivity and internet connected devices coupled with the affordable digital data is backed by a few million lines of additional code in the ecosystem. These new set of devices, new telephony backbone, and their additional program codes will create a new playground for the cyber criminals.

The question that needs to be answered by the government, businesses and individuals on priority include – One, are we ready to manage this situation? Two, are we ready with the cyber security framework? Three, have we developed cyber security policies to fight the emerging cyber threats? Four, are we developing the cyber security culture? Five, are we working towards becoming a cyber safe organization/nation?

It is critical for us to start thinking on these lines and most importantly start working on it to build cybersafe organizations, and government bodies. If we fail to build a resilient and trustworthy cyber security ecosystem, every single breach can have serious, cascading effects. For example, the 2017 NotPetya cyberattack cost Maersk more than US$300 million, and the damages to all other companies affected totaled more than US$10 billion. The concern of the cyber security is also reflected in the Accenture’s report “Securing the Digital Economy”, which suggests that as high as 68% of CEOs report that their businesses’ dependence on the Internet is increasing but the confidence in Internet security is going down. As per the report, in the next five years, the confidence level in the Internet is forecasted to drop to 25%, while dependence on it is assumed to remain at 100%.

Steven Gray, Head of Payments, Tax and Fraud, Radial says, “Fraud attacks continue to rise, and we can expect to see them increase in volume up to 2-3X in the coming year. In addition to an increase number of attacks, we anticipate cyber criminals will leverage new tactics to fool retailers and consumers. We will continue to see them utilizing compromised data obtained from data breaches but beyond that we can anticipate the use of account take over efforts like attacking small and medium-sized online merchants that don’t have proper eCommerce fraud risk technologies, and attacking online merchants with high speed velocity, identity takeover, and brute force high volume attempts.” The threat of the ever-increasing cyberattacks are cause of concern for everyone. Business leaders, political leaders, professionals anyone who is on the internet and deals in data can no longer afford to ignore cyber threats. It will be only apt to say that the very foundation of modern society increasingly depends on our ability to protect digital assets. Data is the key and safety of the data should be the priority of everyone – business, government, individual, or society.

As the Internet’s fault lines are becoming more apparent business leaders, political leaders and professionals are trying to build an ecosystem of trust. The task is not easy as the cyber criminals are actively working on the vulnerability that internet offers. In such a vulnerable environment, the data should be kept safe from the new age pirates. These new age pirates are sophisticated and frequently have resources and budgets that is more impressive than the best of cyber security departments managed by corporates, government, or individuals. We have also observed that some of these cybercriminals have well-developed cybercrime ecosystem that provides support as ‘cybercrime as a service’. Some of these mature cybercriminals, over period of time, have built a robust cybercrime ecosystem.

The challenge this cybercrime ecosystem has created in the Indian cybersecurity market also reflects in Internet security threat report (ISTR), Symantec 2018. As per this report, India ranked third in the list of countries where the highest number of cyber threats were detected, and second in terms of targeted attacks in 2017. The biggest challenge in Indian cyber security ecosystem is yet to evolved and challenge the cybercriminals at their turf. As of now the cyber security ecosystem is not even equipped to challenge the basic threat that comes from spam and phishing.

“Today CISOs are in defense mode and in many cases are far behind the attackers when it comes to creativity and sophistication. The future of cybersecurity will rely on the super skilled IT organizations, equipped with powerful tools that will allow them to better protect their organizations. The rise of machine learning and science will be at the core of this trend and vendors who will be able to truly deliver innovation in their respective areas will dominate.”  Shlomi Gian, Chief Executive Officer, CybeReady

According to Mary Meeker’s 2019 Internet Trends Report, global internet users have touched 3.8 billion which is more than half of the world’s population. India, the second largest contributor, accounts to 12 percent of the global internet user base. Moreover, in India, the large internet user base is backed by proliferation of affordable smartphones, access of high-speed internet and low-cost data. As per a report by telecom equipment maker Ericsson, India has the world’s highest data usage per smartphone at an average of 9.8GB per month; this is set to double to 18GB by 2024. It will be only apt to say that mobile internet, is deeply embedded in every Indian’s daily lifestyle. In India, Internet is seen as extension of the basic infrastructure such as water supply, electricity, and public health systems, etc. In the preputial evolving digital infrastructure, the risks to the economy, government, and public information is very high. This risk is bound to increase in times to come as we are progressively maturing our Internet needs.

The impact of the risk and growing concern of the CEOs, and board members are reflecting in the cyber security trends. In last few years, CEOs have stepped up their spending on cybersecurity to protect their valuable data and other key business information. In its latest security forecast, Gartner projects that such spending was more than US$123 billion for 2018 and will grow by 10.8 percent per year to nearly US$170.5 billion by 2022. The rising Internet security market is also a hot area for venture capital investors, attracting almost US$33 billion to 2,479 security startups since 2009.

In India, the mobile internet has become a necessity for each Indian household, technology adaptation is increasing at an unprecedented rate, and we are fast evolving as a matured internet economy. It is also projected that the reach of the smart phones will increase significantly, and the number of IoT-connected devices is likely to reach 25 billion by 2021. It is also predicted that by 2024, 4G will cover an estimated 90 percent of the population, and 5G networks would cover about 40 percent. The rise in telephone connectivity and internet connected devices coupled with the affordable digital data is backed by a few million lines of additional code in the ecosystem. These new set of devices, new telephony backbone, and their additional program codes will create a new playground for the cyber criminals.

The question that needs to be answered by the government, businesses and individuals on priority include – One, are we ready to manage this situation? Two, are we ready with the cyber security framework? Three, have we developed cyber security policies to fight the emerging cyber threats? Four, are we developing the cyber security culture? Five, are we working towards becoming a cyber safe organization/nation?

It is critical for us to start thinking on these lines and most importantly start working on it to build cybersafe organizations, and government bodies. If we fail to build a resilient and trustworthy cyber security ecosystem, every single breach can have serious, cascading effects. For example, the 2017 NotPetya cyberattack cost Maersk more than US$300 million, and the damages to all other companies affected totaled more than US$10 billion. The concern of the cyber security is also reflected in the Accenture’s report “Securing the Digital Economy”, which suggests that as high as 68% of CEOs report that their businesses’ dependence on the Internet is increasing but the confidence in Internet security is going down. As per the report, in the next five years, the confidence level in the Internet is forecasted to drop to 25%, while dependence on it is assumed to remain at 100%.

Steven Gray, Head of Payments, Tax and Fraud, Radial says, “Fraud attacks continue to rise, and we can expect to see them increase in volume up to 2-3X in the coming year. In addition to an increase number of attacks, we anticipate cyber criminals will leverage new tactics to fool retailers and consumers. We will continue to see them utilizing compromised data obtained from data breaches but beyond that we can anticipate the use of account take over efforts like attacking small and medium-sized online merchants that don’t have proper eCommerce fraud risk technologies, and attacking online merchants with high speed velocity, identity takeover, and brute force high volume attempts.” The threat of the ever-increasing cyberattacks are cause of concern for everyone. Business leaders, political leaders, professionals anyone who is on the internet and deals in data can no longer afford to ignore cyber threats. It will be only apt to say that the very foundation of modern society increasingly depends on our ability to protect digital assets. Data is the key and safety of the data should be the priority of everyone – business, government, individual, or society.

Today CISOs are in defense mode and in many cases are far behind the attackers when it comes to creativity and sophistication. The future of cybersecurity will rely on the super skilled IT organizations, equipped with powerful tools that will allow them to better protect their organizations. The rise of machine learning and science will be at the core of this trend and vendors who will be able to truly deliver innovation in their respective areas will dominate.”  Shlomi Gian, Chief Executive Officer, CybeReady

As the Internet’s fault lines are becoming more apparent business leaders, political leaders and professionals are trying to build an ecosystem of trust. The task is not easy as the cyber criminals are actively working on the vulnerability that internet offers. In such a vulnerable environment, the data should be kept safe from the new age pirates. These new age pirates are sophisticated and frequently have resources and budgets that is more impressive than the best of cyber security departments managed by corporates, government, or individuals. We have also observed that some of these cybercriminals have well-developed cybercrime ecosystem that provides support as ‘cybercrime as a service’. Some of these mature cybercriminals, over period of time, have built a robust cybercrime ecosystem.

The challenge this cybercrime ecosystem has created in the Indian cybersecurity market also reflects in Internet security threat report (ISTR), Symantec 2018. As per this report, India ranked third in the list of countries where the highest number of cyber threats were detected, and second in terms of targeted attacks in 2017. The biggest challenge in Indian cyber security ecosystem is yet to evolved and challenge the cybercriminals at their turf. As of now the cyber security ecosystem is not even equipped to challenge the basic threat that comes from spam and phishing.

Also Published at http://infidirect.com/2018/05/01/a-company-limited-by-guarantee/

Cyber Security: An Introduction

Cyber Security: An Introduction

Rabindranath Choubey, a Mathematics teacher in Ranchi called us a few days back and updated that for years Facebook was involved in a data breach. This data breach compromised at least 50 million users’ personal data. This vulnerability was exposed to Facebook in July 2017, but Facebook only became aware of it in September 2018 when they realized a spike in the unusual activity. In other words, Facebook was not ready to accept the vulnerability, or never acknowledge the seriousness of the vulnerability, or had no proper strategy to answer the vulnerability, or had no technology bandwidth to manage such vulnerability. Understanding the situation, we can only say that Facebook could have arrested the attack if they were prepared to understand the vulnerability. Facebook would have arrested the data breach, if vulnerability testing had been conducted on a frequent basis, The data breach would have been exposed much in advance, if Facebook had culture of cyber security.

We’ll continue to see the democratization of hacking. It used to belong only to those with specialized technical skills. With the growing communities on the dark web advanced hacking techniques have become productized, packaged, and sold. Hacking tools have supply chains as sophisticated as any industry. Now even people with basic skills can buy tools that employ advanced hacking techniques, greatly expanding the number of potential threats in the world. At the same time as more data moves to the web and more data gets monetized the incentive to hack continues to increase. Mark Herschberg, CTO of Averon

It will be wrong to blame Facebook or any other organization that has been a victim of cyber-attack. It is a known fact that governments, businesses, or individual irrespective of their cyber security preparedness may end up becoming a victim of cyber-attack at some point in their lifespan. The only good news is governments, businesses, and individuals are aware of the cyber-attack challenges and are exploring the avenues to overcome it. We know that it is not an easy task for any government, organization or individual to win all the battles at all the time, but it is important to be prepare for it. This task is not easy as technology is perpetually evolving, and with evolving technology, art and science of cybercrime is also evolving.

Also published at http://infidirect.com/2018/05/01/we-all-love-the-holidays-and-read-book-all-day/