By Vijay Bharti, General Manager, Cyber Security Practice, Happiest Minds Technologies
Happiest Minds Technologies is a 2011 founded Bangalore based IT company providing services on disruptive technologies.
With each passing day, the world is moving towards being more and more digital. Internet adoption has become seminal to the survival of organisations, with the achievability of business objectives becoming heavily reliant on the information systems. Cyber security is no longer a buzzword but has become a formidable threat that needs to be constantly monitored by organisations in this information age.
Cyber security refers to a broad range of website security concerns ranging from simple defacement of the company websites to service disruptions causing direct revenue loss and e-banking frauds. Some of the key types of cyber security risks becoming important today and in near future are outlined below.
1.Advanced Persistent Threats (APTs) - Sophisticated attacks designed to gain access to protected networks and steal information.
2.Internal threats - Insiders in an organisation using their own privileges to steal data and commit fraud.
3.Bring your own Device (BYOD) - A trend that has been catching up in the corporate world, enabling employees to use their mobile phones in many ways similar to their desktops. However, lack of an In-depth understanding of the threat vectors in mobile security makes this channel vulnerable to the attack of cyber criminals.
4.Cloud adoption - Organisations entrusting their data to public cloud service companies is increasing the threat of data theft. The data security in a cloud scenario continues to remain paramount and is the primary cause of concern for organisations adopting cloud platforms.
5.HTML 5 - Adoption of HTML5 can open up new avenues for cyber-attack as it supports cross platform support and integration of new technologies. The nuances arising out of this new technology will increase the threat of cyber-attacks.
6.Precision Targeted Malware - Malicious programs are highly sophisticated and do not allow anti-virus programs to perform automated analysis of the malware, a step essential for counter measures.
7.The Challenges faced -According to a report by cyber security firm MacAfee, the annual cost of cyber crime to the global economy is above $400 Billion. Any successful cyber-attack can totally disrupt business by jeopardizing critical business functions like supply chain and production. They can also severely dent the reputation of companies by compromising sensitive customer data and intellectual property.
Data breaches due to cyber attacks can also bring in other costs like legal liability and class action law suits which have the potential to bankrupt companies. It can also result in a permanent lack of faith in the company from its customers, driving the enterprise to the brink of bankruptcy, especially in industries like financial services. In today's world, with organisations depending to a large extent on customer goodwill and taking ages to establish itself as a reputed brand, a minor threat like defacement to the website is capable enough to cause irreparable damage to the organisation's reputation. The ill effects don't stop with this damage but ripple across to create dents in customer faith, leading to ultimately customer attrition and revenue loss.
Why is the Risk Mitigation Process Essential?
The risk mitigation for cyber security starts with identification and awareness of the possible threats that can be encountered. The most effective way is a top down approach with the executive leadership being made aware of the current levels and business impact of cyber crime. The company leaders like the CEO should be made a part of the cyber security discussions at frequent intervals. There should be buy in for cyber security measures across all levels of the organisation. Such threats should be made a part of the existing risk management and governance processes.
Compliance should not be treated as a standard for cyber security. It only establishes a baseline for addressing known vulnerabilities and does very little to address the newly evolving dynamic cyber security risks. Comprehensive cyber security programs should be designed using industry standards and best practices. They should be implemented to protect networks & systems, detect potential vulnerabilities and to ensure prompt recovery. More importantly, they should be reviewed and modified on an ongoing basis, aligned to changes that are happening in the global technology landscape.
The Future of Cyber Security
We envisage cyber attacks to be increasing in sophistication with the passage of time. The emergence of new age technologies like cloud, mobility and social networking not only opens up additional channels for cyber criminals to exploit vulnerabilities, but also enhances the scope of the damage caused through focused attacks. To circumvent breach related issues, organisations ensure increasing traffic on encrypted channels like SSL/ TLS to protect privacy, thereby making it difficult for traditional enterprise security platforms to work successfully. It will be impossibly difficult to find a potential threat in the river of encrypted data. Organisations will then move towards developing smarter security protocols and methodologies that will help obviate such issues.
Solutions to Tackle these Challenges
Complete protection against evolving cyber security risks requires a comprehensive and focused strategy including detective and preventing controls. Complete prevention still remains a dream but solutions aimed at achieving this are evolving with more focus on understanding suspicious behaviors and anomalies instead of relying on signature based capabilities. Some of these advanced solutions with the ability to identify suspicious activity, capability to read through encrypted data streams to identify anomalies, building better contextualisation and visibility of all the activities happening at the infrastructure, can provide some level of protection against these emerging threats. Apart from these, global regulations against cyber-crime, cross country/industry collaboration with intelligence sharing along with extradition treaties for cyber criminals and industry collaboration to research counter measures, are potential steps to ensure the future of cyber security.