#3 Indian Cyber Security Gurus on Hacks to Fight an Attack
90% companies worldwide have acknowledged that they are insufficiently prepared to protect themselves against cyber attacks
We are living in an era of hyper-connectivity in which smart phones, tablets, computers, Internet, social media, online banking, e-commerce, third-party payment gateways, games, online utility payments, internet of things are bound to touch every aspect of our lives.
Increasingly people are becoming addicted to comfort and convenience with the inclusion of technology. With the emerging trend of staying connected in the past few years, the well-known rumour of ‘cyber-crime’ or ‘cyber security’ has turned into a frightening reality. Nowadays, we regularly read about data theft, loss of money, software and hardware malfunctions, data center outage etc.
Whether it is corporate or a government organization, all seems helpless to stop intrusion or incursion. Cyber attacks have become a continuous news in the media. Over 90 per cent of companies worldwide have acknowledged that they are insufficiently prepared to protect themselves against cyber attacks. Cyber-crime costs the global economy over US$400 billion per year.
What is Cyber Security?
Sushobhan Mukherjee, Chairman of Infosec Foundation and CEO of Prime Infoserv LLP, defined it as achieving the basic security criteria, including assuring confidentiality of all data, maintaining integrity of all data and infrastructure, assuring availability of services in desired quality parameters, assuring protection of privacy, non-repudiation of person and/or transaction, maintaining incident response with defined service level parameters and availability of customer protection functionalities in end-to-end IT infrastructure.
What are the Basic Requirements
Internet banking applications are kept un-tested for many customer-oriented risks and vulnerabilities, such as man-in-the-middle attack, malware, business intelligence, information leakage. “In some cases, it is observed that even very basic requirement is missing, for example SSL/TLS is not used; password storage in browser not blocked; auto-complete is enabled; cookie is not secured; security patches are not applied; to name a few from a long list,” said Mukherjee.
Security vulnerabilities such as SQL-Injection, Cross Site Scripting, CSRF, unsafe transport layer, session hijacking, etc. are other major concerns. These vulnerabilities are a hacker’s gateway to encroach on the user demographic and transaction data.
“Any compromise violates the basic cyber security criteria like confidentiality, integrity, privacy, etc. and exposes the citizen to the risk of various losses, including financial, regulatory, credibility, image, identity hijack, etc. Very limited web-portals are rigorously tested for cyber security vulnerabilities,” he rued.
What are the Internal Factors
Ankit Dudhwewala, Founder of Software Suggest, a software discovery platform, suggested that people generally look at cyber risk from external factors. “Small and medium business often face greater risk from internal factors, when it comes to cyber risks. Mismanagement of passwords and other important company information is one of the most important critical reasons for financial and IP loss,” he revealed.
How About a Password Management Tool
Dudhwewala works with a team of 50 members and to prevent such hacks he uses a password management tool called LastPass. “This tool is a password repository, which allows our team members to login to online accounts of the company like bank account, payment gateway account, etc without the actual password being shared. Whenever a team member leaves the organization we remove his/her access to the repository that stops access to our online corporate accounts. This software also ensures that the password repository is not accessible from outside our office premises,” he shared.
Data Hosted on the Cloud
Varun Biyani, Co-Founder of TruckHall, an IIM-C incubated start-up operating in the road transport and logistics domain, has been working with SMEs and large corporate houses for long and is always asked how safe is their data? Most of their applications are hosted on the cloud. As a start-up, he makes sure that no matter what, the clients’ data are protected by restricting the access rights. Proper encryption standards are also maintained while storing sensitive information.
“We make sure that proper access roles are defined for each user and user sessions on the application are managed properly. We also use features like re-captcha to make sure that users cannot auto log into our applications and have to authenticate themselves after periodic intervals. This also protects us from attacks as the site access is blocked unless the user authenticates oneself,” he disclosed.