Notwithstanding the recent headwinds from Covid-19, India’s largely consistent economic growth for more than a decade has precipitated an unprecedented expansion of financial services in the country. With rising disposable incomes, more and more Indians are accessing banking, insurance and mutual funds, among others.
The advent and penetration of the internet has further simplified these daily financial tasks. However, in an era of inter-connected world of devices with cyber technology at its core, lack of awareness as well as the prevalence of ill-designed or inadequate security systems is always a challenge.
With 160 crore bank account holders, 32.8 crore life insurance and 47.2 crore health insurance policyholders, 2.78 crore registered investors with stock exchanges and 9.26 crore mutual fund accounts, India has a mammoth financial sector.
The sheer scale generating gigantic volumes of data on a continuous basis renders the sector vulnerable to frauds. As such, a large scale cyber security enlightenment drive is the need of the hour.
Global cybersecurity spending to rise to 2.5-5.6 pc in 2020: Canalys
Recent data breaches illustrate the risks
Although banks are considered as one of the world's most secure and sophisticated enterprises, banks are becoming a popular target for new-age hackers. Only last year, the RBI had to direct the banks to secure their customer data after reports of 1.3 million credit and debit card data of Indians found to be on sale on the dark net came out.
In another instance back in 2016, 32 lakh debit cards had to be recalled by several banks including State-run SBI on account of data breach. According to the latest RBI report, card and internet frauds, more than doubled to Rs 195 crore in 2019-20 from the previous year. Then last year, Aegon had to investigate a data breach involving 10,000 customers. Then this year, Religare is reported to have faced data leakage of 5 million customers and employees.
The modus operandi of a hacker
In recent times, unscrupulous hackers have evolved ingenious ways using unique and complex arrays of cyber-attacks to get past the ordinary security systems. The hackers are attempting to get hold of sensitive financial information of individuals, either from banking servers or an individual’s personal devices.
Infiltration of smartphonesOne of the ways of extracting a person’s financial information is by infiltrating his smartphone with malicious applications. When a user wishes to use an app requiring access credentials, a data-theft overlay mimicking the desired app user interface gets displayed tricking the user to think that he is clicking on the genuine app.
The unsuspecting user goes on to record the details of his access credentials which now get transferred to the hacker who now also has the app under his control.
Deploying banking Trojans
Going a step further, hackers also embed these fake applications with banking Trojans, such as bank bots’ cabarets pink slips intending to attack banks and stock brokerage firms with an eye on making hacking operations easier. These malware lock users using an Active Directory attack further bolting it up with many login attempts. These bots and Trojans are focused on stealing money from the bank accounts.
PhishingPhishing is another type of attack which involves the hacker sending an email to the victim claiming to be a trusted sender (like a bank or online shop), or by way of setting up fake websites claiming to be genuine.
A banking Trojan is attached to this email. Once the victim downloads it and opens it, the Trojan activates and steals information.
Retargeting real information from dark web using fake pages
Another method entails hackers first buying real account information in bulk quantities from the dark web and then retargeting those accounts using phishing emails. In such a phishing email, disguised hackers request victim to follow some simple procedures on a web page, which has been deliberately set up by hackers for stealing login information and other important credentials.
Hackers also employ what is known as macro malware which is developed using programs like VB Script programming language used for MS-Word and MS-Excel. Legitimate-looking files are usually sent via phishing email which comprises of malware-infected attachments such as CV by job seekers and cover letter reports in the form of MS Word files.
Even as several advanced antivirus programs claim to detect macro viruses, hackers are trying to stay ahead of the game. Now, malware can comfortably hide within a system for a long time that gives hackers ample time to infect the system of users.
5 Indian cybersecurity startups that offer high-quality security solutions
What is the way out?
First, financial institutions must identify micro malware during the initial phase itself with a view to pre-emptively block it. And for individuals, to protect your information and make India’s financial sector secure, some tips are as follows: never open or download any attachments on your device without knowing the context, Invest in a genuine and licensed antivirus software on all your devices, never click suspicious links within an email that claims to contain genuine intimation and abstain from sharing your personal details on social media.
Therefore, in order to mitigate financial risks and to rule out any breach, concerted steps are needed at both macro and micro levels. Banks and financial institutions must invest strategically towards improving cyber security with a view to protect customers as well secure the larger financial architecture of the country. More importantly, ordinary users need to be made aware of these risks.
(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)
India’s most prolific entrepreneurship conference TechSparks is back! With it comes an opportunity for early-stage startups to scale and succeed. Apply for Tech30 and get a chance to get funding of up to Rs 50 lakh and pitch to top investors live online.
Original Source: yourstory.com
In the past four months, organisations of all sizes and sectors have seen a tremendous shift in the business landscape, and have been adopting various remote working practices to ensure the continuity of their operations.
In this new dynamic, efficiency, speed, and cost-effectiveness are given top priority. Which is why organisations are implementing new technologies to work virtually, stay agile, automate workflows, and communicate and collaborate in real-time.
To gather perspective on the new dynamics that come with remote working and how technology is a key catalyst in this change, YourStory presented ‘The New Order of Work’ webinar powered by Lenovo on August 6, 2020. The panelists, which had a special focus on Small and Medium Businesses (SMBs), gave their insights on the adoption of collaborative tools, the importance of cybersecurity in the times of COVID-19 and much more.
The panel was moderated by Dipti Nair, Editor-at-Large, YourStory and consisted of industry leaders Ashish Sikka, Director – Channel and SMB, Lenovo India; Chung G Tham, Executive Director, GDS Assurance, EY; Udaya Bhaskar Vemulapati, CEO, Flujo; and Vivek Ramachandran, Founder, Pentester Academy.
The need to meet ever-evolving customer expectations
Ashish began the discussion by noting that it is important, more than ever, to be customer-centric given that customer expectations have changed since the onset of the pandemic.
”We must keep ever-evolving and tailor-make our solutions to meet customer and channel needs,” he said, citing an example.
Given the limited IT support in offices, Lenovo has been providing customers with devices that are pre-loaded with all the necessary tools to enable collaboration and productivity.
Lenovo has also been helping its channel partners and customers with cash flow challenges through financing provided by Lenovo Financial Services, its finance arm. It has also been providing one-year leases, renting, and buyback offers on its product for both its customers and channel partners.
Embracing the new order of work
Chung from EY said that the company has been working towards creating a flexible working environment since the past two years, and technology has been a key enabler. It has moved most of its tools to the cloud, and linked its systems with their clients to gather data. He also noted that there has been a significant rise in the adoption of digital tools, particularly in banking and insurance sectors where signing documents, meetings and other key functions are taking place virtually.
“In terms of a silver lining, it has turned the non-believers of outsourcing to believers, and also helped reduce the carbon footprint,” he said.The new challenges to security
Vivek from Pentester Academy said that the secrecy of conversations and that of data are two key challenges to security for organisations. He explained that the shift to collaboration tools also uncovered the uncertainty around the privacy of these conversations, “We are unable to extend that perimeter of trust of these tools to our homes,” he said.
Vivek also pointed out that since employees had been working from their home with their own devices, shoulder-surfing and exposure to malicious links had increased the threat of compromising data.
“Hackers are having a field day since the perimeter of the organisation has reached individual homes,” adding that they have been capitalising on the fear and uncertainty around the COVID-19 pandemic, as observed with the rise of spear-phishing emails centred around COVID-19 updates.A cultural change
Udaya from Flujo said that in their experience, the largest barrier to adoption of communication and collaboration tools like Flujo is not from a cost, but a cultural standpoint.
“Traditional SMBs find even communication to be a step up,” he said, adding that while top management and executive-level employees of SMBs are convinced in implementing tools like Flujo, it is middle management that often hesitates to adopt such tools.
Udaya also added that productivity from remote working also depended on an organisation’s culture, an individual’s culture, how self-driven each individual is, and the ability of a manager to properly measure and give feedback on the contribution of every individual. ”We need to find solutions that can fill gaps in these personnel, culture and HR-related issues before we can say a final goodbye to working out of offices,” he said.
Empowering SMBs with the right tools and devices
Ashish from Lenovo said that while SMBs must adopt technology to increase their productivity, they must also ensure that the devices they work on can be kept secure from data breaches and malicious attacks.
To that end, he mentioned that Lenovo’s devices are geared for this task. Its Thinkpad series come with camera shutter, port disablement features, hard disk and software encryption, and Lenovo ThinkShield, which secures the device with the help of third-party security providers, among others.
Best practices for enhancing remote working productivity
Chung mentioned that working with clients from countries that have strict data privacy laws like the US and those from the European Union meant that EY has always been keeping data privacy as a priority, particularly with personally identifiable information. It has been ensuring compliance with steps like double-factor authentication, end-to-end encryption, among other practices.
He also added that challenges such as system failures have been handled by using tools to access work systems remotely through home systems. On the people front, the company has been encouraging employees to be more physically active by exploring activities like chair yoga. “We are social beings, and so it is necessary for people to interact with each other,” he said, adding that to help employees cope with the mental stress from a lack of such interaction, the company has also set up hotlines for the same.
Vivek said that the main hurdle to securing operations is that security is always perceived as an overhead.
“The challenge has always been building security into the functionality of the product without having the user be aware of what he should do to secure the product,” he said, and he encourages his clients.to try to adopt tools and products where the security is seamless.
In cases where it is not possible, he suggests investing in educating employees about easy to implement best practices so that they should be reasonably secured while working from home.
Want to make your startup journey smooth? YS Education brings a comprehensive Funding Course, where you also get a chance to pitch your business plan to top investors. Click here to know more.
Original Source: yourstory.com
The sudden move to telework this year imbued the word “challenge” with new meaning for security executives. Within a matter of days and weeks, many of these leaders had to figure out how they could rework their employers’ security policies in such a way that supported a massive shift to working from home. This period required significant ingenuity and unprecedented forward thinking, not to mention a deep understanding of their employers’ overall security needs.
We at Cisco wanted to find out the types of adjustments that security executives made in the wake of this challenge, as well as how these changes ultimately panned out for them. To get an idea of all this, we spoke to more than a dozen security leaders about their individual experiences. Here’s what some of them had to say.
Mick Jenkins MBE | Chief Information Security Officer at Brunel University London | @FailsafeQuery | (LinkedIn)
Having dealt in risk management all my life, often in life and death situations, the mantras came at me like a flood over the last few months: ‘Never let a good crisis go to waste,’ ‘Act early, move fast, and stay low,’ ‘Improvise, adapt, overcome.’ But there was only one mantra
that I knew would stand the test of an enduring campaign – a mantra often cited by my long-time mentor: ‘Always keep a half pint of goodwill with your people, you’ll never know when you’ll need to call upon it in a crisis.’
Crises are all about people and how people can react smartly to reduce any potential damage and harm. That’s why ‘train hard, fight easy’ was always a core principle for me, throughout a career full of crises.
We needed to do three major things: 1) Equip staff and students with the appropriate work tools, 2) overlay sensible security measures, and 3) train the workforce on the threats, then message them again and again. Engagement was key – a gentle ‘drip, drip’ of solid and sensible advice to keep their homes cyber safe.
Our story wasn’t a story of petals and roses, there have been some serious difficulties and lots of frustration – but if you work that well, and ‘hog the pain,’ it eventually leads to the fog lifting and people making a critical difference.
With great teamwork, and great leadership, magnificent things can happen. Never let fear get in the way of your dreams.
Sandy Dunn | Chief Information Security Officer, Large Insurance Provider, Idaho | @subzer0girl | (LinkedIn)
The unknown for our organization working remotely was a cultural concern instead of a technical readiness concern. Our organization has had the technical ability to work remotely in place for a while, but since we are a smaller, single state entity, the culture was accustomed to having meetings and serious discussions in person.
Prior to 2020, it was very common for people outside of IT to not even sign into a messaging client. You were forced to call, email, or walk to their desk to get a simple answer to a simple question. Working remotely has encouraged people who weren’t as familiar or comfortable with messaging and group chats to grow their technical acumen and adopt different communication practices.
Looking back, I don’t really have anything I think we should have done differently, but I am trying to navigate ongoing concerns with not being able to be with people in person.
Individuals all process high stress / high uncertainty differently, and since I’m not able to connect with my team in person, I’m not able to really “see” how everyone is doing. To remediate being unable to observe people in person, the team is making an extra effort to do mental health check-ins with each other, watching each other for symptoms of burnout or high stress, and adding video to our online meetings.
Quentyn Taylor | Director of Information Security at Canon for EMEA | @quentynblog | (LinkedIn)
I think the main thing to remember is that whilst this way of working feels new, it is only the volume of “home work” that is new. Many companies have always had people working from home from different locations and from on the road, and so to believe that this “new” way is totally different to how you were working before is probably wrong.
With that being said, there are two kinds of companies at this moment in time: those that have their email and collaboration tools in the cloud and those that are frantically trying to get the email and collaboration tools in the cloud.
So, my practical advice would be to ensure that you focus on getting the basics right. That means making sure that you have multi-factor authentication implemented to control access to all of your cloud resources. Making sure that you understand what your perimeter looks like. With everyone now working from home, your perimeter just got a lot bigger. Ensure that you have a way of patching your client machines even though they’re not on your network anymore. Alternatively, design your working practices so that you don’t need to worry about machines at the other end and whether they are patched.
Angus Macrae | Head of Cyber Security | @AMACSIA | (LinkedIn)
From a technology perspective, whilst cloud services were pretty much born for this remote work world, most organizations are still in a hybrid way of doing things and will still run legacy, in-house services and systems traditionally accessed on-premise only. As few would have anticipated needing to grant large-scale remote access to such services at short notice, few would have had all the tools and capacity ready to do so both reliably and securely. This requires thinking on one’s feet and rapid, high-pressured upgrading and rearchitecting of various components and processes.
From a people perspective, not everyone has been fortunate enough to have optimal home environments to work from during the lockdown, and few companies will have had a chance to truly consider all of the mental and physical health implications of their dispersed and sometimes isolated workers. On a wider societal note, it further accentuates the digital divide often talked about between the digital ‘haves’ and ‘have nots’ and those whose work simply has to carry on in the physical world despite the health risks it currently entails.
Gabriel Gumbs | Chief Innovation Officer at Spirion | @GabrielGumbs | (LinkedIn)
We decided early on that having a well-defined collaboration and communication strategy was key for the transition to remote work. That also meant ensuring we had a process for communicating early and often with our people. Our employees and managers made a more conscious effort to clarify roles and expectations as well as discuss progress with remote employees. Additionally, allowing employees to use equipment that they had access to in the office allowed for a smoother transition.
Efforts to centralize all pertinent company knowledge in one accessible library is also key to work-from-home success. Spirion’s CEO has done an excellent job taking the time to update employees on what actions the company is taking on a regular basis. And then, there are the fun social activities to bring everyone together online and keep morale up, such as after-hours trivia and virtual hangouts.
Andy Rose | Chief Security Officer at Vocalink | @AndyRoseCISO | (LinkedIn)
The need for 24/7 support of services had already driven the enablement of remote working at Vocalink, which is a part of the critical national infrastructure of the United Kingdom. The crisis therefore did not represent a large technical challenge. Staff fell into new working practices quite easily, and productivity remained consistent. Our parent company, Mastercard, had invested in increased VPN capacity and bandwidth as the crisis developed, so connectivity was available and stable.
Like many firms, our expectations of collaboration had been too focused on ‘in the office, in the room,’ and this new remote working model undermined that somewhat. The traditional voice conferencing facilities and instant messaging only partially met the requirements, so we had to rush to adapt and develop our online collaboration capabilities, introducing improved video conferencing capabilities and virtual white-boarding.
The reality is that we will never go back to the way we worked before. This digital transformation has been forced on all industries, and it’s highlighted how different work patterns can be equally effective. Time spent commuting long distances, for instance, could be better used by the firm to further improve productivity.
Ian Thornton-Trump | Chief Information Security Officer at Cyjax Limited | @phat_hobbit | (LinkedIn)
Try to be at peace with yourself and balance realism, optimism, and the achievable in your thinking. Above all, be patient with yourself and others. Take some time – a break in the middle of the day – to distract from the chaos that is permeating nearly every aspect of our days and nights.
I’m into exercising and gardening, and I just finished a book on the Templar Knights in the UK. (I’m planning an epic trip to visit as many of these ancient Templar sites as possible.) Stay in touch with your close friends and family, and be compassionate about folks in rougher circumstances than your own.
Ultimately, treat these extraordinary times as an opportunity to reflect on your life choices and career. As I look back on 25+ years in the industry, I know what I need to do next. I need to turn my knowledge into wisdom and create as many opportunities for the next generation of IT professionals as I can.
Michael Ball | Virtual Chief Information Security Officer at TeamCISO | @Unix_Guru | (LinkedIn)
After COVID-19 hit, it took us a little bit of time to adjust to having our workforce not in the office and being able to work from home. This abrupt change in work policy meant configuring our VPN and adding licensing for a significant portion of our workforce that had never required VPN access in the past.
We quickly scrambled to get the VPN clients configured and pushed out to allow the employees to take their devices home with them. There were issues immediately in training end users to use the VPN client from home as well as an issue with excessive permissions allowed on the VPN groups from the beginning. (Convenience and speed trumps security yet again!)
Another issue that we found and hadn’t anticipated was that many of the employees were able to conduct their daily work without ever connecting their VPN back to the company. Things like Office 365, Salesforce and other SaaS applications allowed them to conduct their daily business (email, etc.) without connectivity to our office. That unfortunately put us in a position where we lost visibility to those devices. We had not considered forcing the VPN connectivity so that we could ensure that updates and endpoint protection were updated and appropriate, and that device monitoring wasn’t completely missing.
We had to send out an email and request that each individual send their device back into the office. We then scrambled to develop a procedure by which to accept the devices, refresh them, and send them back safely to allow us to reconfigure and force VPN connectivity at least periodically.
Shelly Blackburn | Vice President, Global Cyber Security Systems Engineering at Cisco | @shellyblackburn | (LinkedIn)
Cisco is a bit unique. Due to years of driving remote work internally, Cisco strategy is not solely driven from a small, homogenous, geographically centralized team. We have a truly global team and hire from a diverse candidate pool.
Strategic Take-Away #1: Get your leadership excited about the value to your organization. Remote work environments enable innovation, opportunity, and drive growth.
In response to the pandemic, we moved customers from 100% face-to-face work to remote work very quickly. Some moves were done in a matter of days, and this worked surprisingly well. Due to the shift to social online tools in our personal lives, colleges, government entities, and businesses adjusted to video calls and collaborative online tools fairly seamlessly.
Strategic Take-Away #2: Don’t be afraid to make the move to remote work quickly. With the right tools and a secure remote environment, the company and worker satisfaction with remote work can be extremely high.
Thom Langford | Founder of (TL)2 Security Ltd. | @ThomLangford | (LinkedIn)
What’s worked well for me remote working during lockdown? Well, actually, I’ve always been sort of a remote worker, even back during my full employment days. I was able to work wherever and whenever I wanted to mainly because the services that supported me (IT services) were based in the cloud and not fixed at one location.
I’ve carried on that model in my own business. So, it doesn’t matter where I am, although right now it’s obviously one single place. I can use whatever I need wherever I need it. That includes Office 365, Adobe, and even my pension and payroll services. They’re all managed through the cloud.
The one thing I wish I had done better actually was to prepare more for videoconferencing when it comes to face-to-face meetings. I’m someone who likes to travel to meet people, to have business lunches, and even better, business dinners with somebody, because that’s how I like to connect… That’s how we get to know and build a relationship with each other.
Now, of course, is very different. We have to use videoconferencing. It’s easy for me in a sense because the Office 365 package provides all of that for me. But I find it difficult to create an initial rapport. So, for me, the biggest change and the biggest thing that I wish I had done sooner was that cultural change, that one of actually being able to adopt to video conferencing quicker. I’m used to it now, and I’ve always liked video conferencing when there was no alternative, but it feels very forced, or at least it did when all of this first kicked off.
I’m spending the time, as much as I can, learning and picking up on things whilst I’m in lockdown. I’m trying not to waste any of the time whatsoever on superfluous activities.
Brad Arkin | SVP, Chief Security & Trust Officer at Cisco | @BradArkin | (LinkedIn)
Business has transformed virtually overnight to a greater emphasis on working remotely and collaborating virtually. We at Cisco are in a fortunate position to work effectively and securely in a remote environment, and have seamlessly transitioned 95 percent of our global workforce to work from home. Additionally, as the largest security company in the world, Cisco has protected millions of users since the roll-out of our free security offerings to support customers as they transitioned workforces to remote work.
This situation is a reminder that we need to be planful, agile, and constantly reinvent ourselves to keep pace with the needs of today and the future, as well as to anticipate the unexpected and unknown. The speed by which this situation arose and altered our approach to work, most likely forever, shows how important it is to be able to see around corners, to plan, prepare, and adjust for whatever may come.
We’ve all been forced to adapt these past months. Some of us found ourselves working from home for the first time. You can hear more about security leaders’ remote working experiences and advice in the clip below:
For additional perspectives on how employees can make the most of remote work, please download Cisco’s eBook, Adjusting to Extraordinary Times: Tips from Cybersecurity Leaders Around the World.
The post Experiences from Cybersecurity Leaders in Extraordinary Times: Adjustments and Outcomes appeared first on Cisco Blogs.
Original Source: blogs.cisco.com
A new report from email security and cyber resilience company Mimecast, released to coincide with this year’s virtual Black Hat conference, reveals that threat actors are motivated by monetary gain more than stealing data or intellectual property. It also finds that COVID-19 continues to be a major theme in current attacks, especially in certain sectors, and that opportunistic and malware-based campaigns are being launched at volumes never seen before, with manufacturing, retail/wholesale, finance/insurance, and media and publishing being the hardest hit. The volume of sender impersonation attacks increased by 24 percent between January and June to reach nearly 46 million… [Continue Reading]
Original Source: betanews.com