5 Strategies for Cyber Security in Small Business Organizations

Oct 16, 2017 by infocon in  cyber security Security

If you’re a small business organization, there is absolutely no reason for you to neglect cyber security. Not spending on security or relying on outdated software to protect your data – both are equally bad ideas.

Here are a few ways you should undertake to prevent damage to the reputation of your business repute:

Backups: Cyber attackers and hackers never leave an opportunity to take your data “hostage” and demand a ransom before releasing that data. Hence, small organizations must practice backing up data in the cloud or a hybrid data centre.

Update IT Systems: As malicious attacks are evermore wreaking havoc in the cyber-verse, it is essential for organizations to protect their business data at all costs. A top to bottom evaluation with an emphasis on vulnerabilities is important. Key assets like information about property, confidential personal data, etc. must be guarded against.

   Cyber security education: In any data-security effort, any individual can intentionally or not become a “weak-link”. More often, an employee nursing grudge against the organization may compromise security. To avoid such incidences, smaller organizations can always undertake a rigorous cyber security education program.

Proper planning: Included in the data-security education program should be procedures teaching employees how to react in the event of unauthorized intrusions, example, phishing or malware attempts. A detailed incident response plan that redirects to helpdesks or IT teams can have a significant impact.

Mobile device security: A lot of times employees in small organizations use their mobile devices for work and work-related communication. The thought of data passage through unsecured channels is nightmarish enough for organizations to establish policies like – (i) Categorizing and restricting the types of information that can be shared or accessed through these devices, (ii) Enforcing network access control wherein employees can access your business’s VPN and email in a reliable manner, (iii) Determining whether mobile devices provided by the business can be taken off-site.

Govt discusses measures for safer digital transactions

Oct 18, 2017

To curb the rising cyber fraud in digital transactions, a high level meeting has proposed the imposition of a token ‘security fee’ on digital payments in India.

The meeting, focused on measures to make digital transactions safer, was held on 13 September. Chaired by Home Minister Rajnath Singh, it was attended by officers from the MeITY, Home Ministry, Department of Financial Services, Department of Telecom, Reserve Bank of India and Intelligence Bureau. All major stakeholders were present to discuss and propose ways for the same.

Prasanto K. Roy, Nasscom Internet Council Head, expressed that every digital transaction could be aimed at starting a fund for creating better infrastructure to secure digital transactions.

“A special fund could help develop security infrastructure, hire experts and secure online transactions, though a cess on digital transactions isn’t the best way of doing it,” he told ThePrint. He further said that there was a need for the Ministry of Finance and the Ministry of Electronics and Information Technology (MeitY) to make digital transactions cheaper and secure.

An official from the Ministry said on condition of anonymity, “It was also discussed that an Act needs to be in place for regularizing digital payments, which will be looked after by the Finance Ministry, and to how fix the responsibilities of agencies”.

The action came after the official figures were disclosed that indicate that cases related to e-wallets and e-payments (that were reported to banks) jumped from 13,083 cases in 2014-15 to 16,468 cases in 2015-16.

Mostly, online frauds occur when people share their passwords, 3 D secure pins, ATM pins, etc. Hence there is a need to educate people about it. “A standard procedure for all e-wallets needs to be in place as right now anyone can make a wallet just by downloading the app. The KYC norms need to be strengthened for safer transactions,” the official from the Home Ministry said.

Further, the Ministry recommended undertaking a digital transaction education campaign and creation of dedicated cyber-forensics lab. Also, training for police personnel and forensic officers needs to be in place so that they can tackle cyber fraud cases.

“As of now we do not have the manpower or expertise to deal with cyber fraud cases, which is going to be challenging…we need to be prepared,” the Home Ministry official said.

The Intelligence Bureau proposed the Indian Government ensure the introduction of necessary software that is able to detect attempts at cyber fraud. Accordingly, the software would be incorporated by payment gateways so that customers can be alerted about suspicious activity.

“There needs to be a machinery to detect out-of-bound transactions and the pattern of violations in cyber fraud cases. The machinery should be able to figure if the transaction is fraudulent by looking at its pattern and send alerts,” Nasscom’s Roy said to The Print.

 

Cloud Security and Compliance Issues

Oct 25, 2017

Cloud Security and Compliance Issues:

 

A new report by Threat Stack and ESG (Environmental, Social Governance) raises major security concerns about the increasing public cloud environments and containers. The report reveals a notable gap in security and compliance readiness across the rapidly growing cloud-container environs.

The report discloses some significant facts as:

  • 60 percent of organizations regard security and compliance a hindrance to winning new business associates.
  • 57 percent of those surveyed complained of significant delays in the sales cycle blaming troubles created to meet customer security requirements.
  • 31 percent of those surveyed said they were unable to cope with the growing cloud and container environments. As a result, 62 percent said they’re aiming for greater visibility into their public cloud workloads.
  • 40 percent of the respondents conveyed that in the next 12 months, they will have hybrid environments, which is an increase from the current 12 percent. Meanwhile, 45 percent of organizations plan on starting to test or deploy containerized environs, which is above the current 42 percent of those who already do.
  • 94 percent of respondents believe containers give negative security implications for their organizations.

As the market democratizes, companies are adopting more complex technical solutions that were earlier reserved for only software giants.

This, experts believe, has led to the creation of an opening for external as well internal threats as security teams catch up on the cloud, containers, etc.

Sam Bisbee, Threat Stack CSO feels, “Containers originally focused on resource isolation, offering system building blocks to address specific operational needs that could be coupled with security solutions – they were not supposed to be a replacement for VMs, which is how most teams treat them”.

India witnesses one cyber crime per 10 minutes: 2017

Oct 17, 2017

With increasing number of people in India going online every year, the risk of cybercrime hovers above. The rise of smaller organizations and their less or no protection of data also leads to maximum cases of security breach.

In the first six months of 2017, India saw one incident of cybercrime per 10 minutes. These include ransomware attacks to minor phishing rackets. The Indian Computer Emergency Response Team reported 27,482 cases between January and June.

Phishing, scanning, probing, viruses, defacements, site intrusions and denial-of-service were the most reported incidents. Ransomware attacks are gaining pace in India.

1.71L crimes have been reported in the last 3.5 years.

 

The RBI has also issued warnings about bitcoins, the preferred mode of payment for attackers.

Here is a list of the most remembered security breaches in India last year:

  • Mirai botnet malware: A botnet malware named Mirai took over the Internet targeting home router users and other IoT based devices. The malware affected 2.5 million IoT devices; it’s not clear how many systems were affected in India. CERT—In had also issued an advisory regarding the attack back in October 2016.

 

  • WannaCry: Ransomware WannaCry swept the world in May. CERT-In immediately put out an advisory notice. Few instances of the ransomware were reported to have hit banks in India, and some businesses in Tamil Nadu and Gujarat as well during the first wave of the attack. Railwaire users were also most affected by the ransomware.

 

  • Petya: India was also on the top 10 list of countries to be hit by Petya ransomware attacks, with the country faring worst among other Asia Pacific (APAC) countries, cyber security firm Symantec said in a blog postlast month. Globally, India took the 7th spot with less than 20 organisations being affected as per the Symantec’s analysis.

 

 

1 Comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Comment *