Cyber security, cyber threats, cyber criminals… These are the words that are all over the
media today. But what is this buzz all about?
When reading headlines, it looks like cyber security is getting momentum as a topic of
interest. Now a days companies are paying much more attention to cyber threats and cyber
security than five years ago. They are also spending a lot more money on it. However, this
does not mean increased confidence in the investments making the infrastructure secure.
Let me start with discussing what is it about cyber security that makes the development,
agreement and implementation of an international set of standards, norms and practices so
difficult to achieve. Is it because the prize of doing this is not sufficient to warrant the effort?
Clearly, that cannot be true when you read about the alleged substantial losses due to
cybercrime. Is it because it has not reached the corporate agenda or political agenda? That
cannot be the case either given the number of international government conferences on
cybercrime and indeed the
Significant press reporting of data breaches, intellectual property loss and online service
disruption due to denial of service attacks. Maybe it is because the scale of the challenge is
too great and we do not know where to start, maybe it is because there are too many views on
“standards”, “best practices” and “guidance.
The increasing amounts and costs of cyber-attacks are evident all over the world.
- Human Factor in Cyber Security
- Every organization clicks & click happen fast
- Middle management is a bigger target.
- Attacks are occurring mostly during business hours.
- Users learn, but attackers adapt faster than users can learn
Cyber risks distinct areas:
Cyber crime Conducted by individuals working alone, or in organized groups, intent on
extracting money, data or causing disruption, cybercrime can take many forms, including the
acquisition of credit/debit card data and intellectual property, and impairing the operations of
a website or service.
Cyber war A nation state conducting sabotage and espionage against another nation in order
to cause disruption or to extract data. This could involve the use of targetted attacks.
Cyber terror An organization, working independently of a nation state, conducting terrorist
activities through the medium of cyberspace.
Stopping cyberattacks requires an integrated, multidisciplinary approach to detect malicious
traffic, correlate events, and respond accordingly in the enterprise network. Many
organizations have deployed various security solutions in addition to their legacy port-based
firewalls, including intrusion prevention systems (IPS), proxy servers, web content filtering,
antivirus gateways, and application-specific solutions i.e such as instant messaging or e-mail
security (anti-spam) appliances – in an effort to shore up their defenses against advanced
However, this cobbled-together approach to security infrastructure creates problems of its
own, such as:
✓ Policy management, access control rules, and inspection requirements are spread across
multiple devices and consoles, making it difficult to develop and enforce a consistent
enterprise security policy.
✓ Performance suffers due to relatively high aggregate latency because the same traffic is
scanned and analyzed on multiple devices.
Over the past few years, India has witnessed massive adoption of cyber technologies in all the
facets of life. This adoption on one hand is enabling nation to attain high economic growth,
welfare, empowerment and active participation of people in policy matters, but on the other it
is raising concerns and challenges from cyber security and privacy view point. These
challenges become more severe when affecting the national security and economic prospects
of the country. Moreover, India being a preferred outsourcing destination for IT and BPM
services requires a focused and continued attention on security and privacy. This attention is
essential to maintain confidence of the global clients, as security and privacy considerations
are key parameters in the outsourcing decisions. Therefore, a demand for adequate efforts and
investment in cyber security capability building and R&D activities has also been emerged in
the cyber ecosystem. Cyber security capability building is a rising phenomenon globally and
India is no exception in this and in the recent past country has witnessed significant
improvement in this domain.
It goes without saying that there is no such thing as a 100% guarantee when it comes to
security. Therefore, a company’s ability to respond effectively to issues and learn lessons
from what has gone wrong is critical to both the customer and the vendor.
Talk is cheap, words are easy, pictures are nice – but do you do what you said you would do,
in the way that you agreed it should be done, to the timescale, cost, quality and security
requirements you have agreed to? How would you know? Rigorous audits play a key role in
assuring your customers and stakeholders that the appropriate policies, procedures and
standards are being executed to deliver the required business outcomes.