SECURITY

Overview

Preparedness for future…

Have you felt Cyber Insecurity?

Can we fathom out of

the challenge?

Police IT

Ecosystem

How IT Systems work?

Who are the best adopters of technology?

One of its kind

Who will take a call?

​

Zero Day

at the heart of it all

​

​

12

May 16, 2018

Curiosity

Monetary Gain

National Security

Espionage,�Political Activism

The sophistication of cyber threats, attackers and motives are rapidly escalating.

Motive

1995 – 2005

1^st Decade of the Commercial Internet

Revenge

Script-kiddies or hackers using tools, web-based “how-to’s”

Insiders, using inside information

Organized Crime, Hackers and Crackers using sophisticated tools

Competitors, Hacktivists

Nation-state Actors; Targeted Attacks / Advanced Persistent Threat

2005 – 2015

2^nd Decade of the Commercial Internet

Adversary

*X-Force Research - 2013

Getting hacked in the new normal.

​

Sanjay Sahay

Data Manipulation

Digital Iron Dome

Massive attack on Israel’s National Electricity Grid

The World's First Digital Weapon

Precision is the key

Outstanding Coding and Testing

Absolute Game Changer

9/11

This recent undated satellite image provided by Space Imaging/Inta SpaceTurk shows the once-secret Natanz nuclear complex in Natanz, Iran, about 150 miles south of Tehran.

• WannaCry

​

• Petya

​

• Bad Rabbit

Baltimore

Encryption

�Fortune 500 companies��97% has been hacked!� �

Internet of things!

Global Information Grid

A very vulnerable one!

Cloud the most happening place

How secure are we?

Cloud Computing�

Results of IDC survey ranks Security 74.6% as the biggest challenge

Web of Profits

Global Cyber Crime is worth $1.5 trillion a year

​

• $ 860 bn from illicit / illegal online markets

• $ 500 bn from intellectual property thefts

• $ 160 bn from data trading

​

• $ 1.6 bn from crimeware - as - a – service

​

• $ 1bn from ransomware

​

​

Web of Profits

​

• Platform Criminality mirroring platform capitalism of the companies like Uber & Amazon where data is the commodity

​

• From business to economy

​

• Legitimate / illegitimate intertwined

​

• Money laundering, drugs, trafficking & terrorism

Web of Profits

​

Some services and products:

​

• Zero – day Adobe exploits ($30,000)

​

• Zero – day ios exploit ($250,000)

​

• Malware exploit kit ($200-$600 per exploit)

​

• Blackhole expoit kit ($700 a month or $1500 a year)

cyber is the world!

from pace maker to nuclear power plants

from text documents to the hybrid cloud

We live in a digitally porous world!

“If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.”

-Weinberg's Second Law

​

Weakest link

The human factor!

Insider Threat

The lone wolves of the Cyber Age!

I

N

S

I

D

E

R

S

Tough Challenge

39

May 16, 2018

End user didn’t think before clicking

Weak password/default password in use

Insecure configuration

Use of legacy or un-patched hardware or software

Lack of basic network security protection

The top 5 reasons why attacks are related to system hygiene or user knowledge.

1

2

3

4

5

Where should you start?

These three controls can help you address the top vulnerabilities and begin to reduce risk.

Build a �risk-aware culture

Protect the network & end-points

Automate security hygiene & manage incidents with intelligence

DATA

is at the center of our universe

Data Brokers

Resilience

What the System Ought to Provide

Ubiquitous Surveillance

​

Military - Internet Complex

Corporate

​

Surveillance

​

Govt / Business Corporations

​

​

​

​

• Covert

​

• Automatic

​

• Ubiquitous

​

​

FBI

VS

World at crossroads…

Internal Security

External Security

Counter Terrorism

Rogue States

Cyber War

Money Laundering

Underworld

Underground Economy

Naxalism

Data Brokers

Hacktivists

World at crossroads…

And the IT companies themselves!!!

​

Privacy has no meaning

​

More data, more money!

​

Everything for a price

​

​

I

N

S

I

D

E

R

H

A

C

K

T

I

V

I

S

T

S

​

​

​

​

​

​

I

S

I

S

VS

The Malware Story

• Criminals & Virus writers outinnovating and outmaneuvering the anti-virus industry

​

• First information

​

• Detection rate

​

• “time – to – detection lag”

​

• “out of their leagues in their own game”

Asymmetric Warfare – A new form

​

​

​

​

• 2009 Iraq-$45 billion drone and satellite surveillance system

​

• Skygrabber-$25.95

​

​

​

the costing

​

Attribution

​

​

MLAT

​

​

​

BUDAPEST COVENTION

The Dark Net

​

​

​

​

The Internet provides a delivery system for the pathological states of mind

Crime Inc.

Crime as a service!

Payment mechanism in place!

Information Sharing!

Where will the Cyber Security Professionals come from?

It’s a refrain being heard for the past 18 months the world over: “We need more skilled people for our security team.”

global cybersecurity workforce will have more than

​

​

• 1.5 million unfilled positions by 2020

​

​

• a $101 billion opportunity by 2020

NIST Special Publication 800-181

​

​

​

National Initiative for Cybersecurity Education (NICE)

Cybersecurity Workforce Framework

​

Federal Information Security Modernization Act (FISMA) of 2014

a partnership between government, academia, and the private sector working to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development.

cultivating an integrated cybersecurity workforce that is globally competitive from hire to retire

Cyber Security

​

How different?

in its simplest sense, allows each human being to be left alone in a core which is inviolable.

A WORLD HELD HOSTAGE !

D

A

T

A

White Paper of the Committee of Experts on a Data Protection Framework for India

• Technology agnosticism

​

• Holistic application

​

• Informed consent

​

• Data minimisation

​

• Controller accountability

​

• Structured enforcement

​

• Deterrent penalties

K

E

Y

​

P

R

I

N

C

I

P

L

E

S

Indicators

​

• Articulation & publication of a National Cyber Security Strategy

• Does the country have an operational Computer Emergency Response Team (CERT) or Cyber Security Incident Response Team (CSIRT)

​

• Has the country demonstrated commitment to protect against cyber crime

Indicators

​

​

• Does the country have an information sharing mechanism

​

• Is the country investing in cyber security basic & applied research & funding cyber security initiatives broadly

• What Cyber Security functions do we perform?

​

• What is role?

• Standards

​

• Uniformity

​

• Certification

​

• Audit

• Hardware

​

• Software

​

• Network

​

• Data Center

​

• Cloud

How much of cyber crime investigation we are equipped to handle?

Silk Road Investigation

​

San Bernardino Case

WannaCry

​

Petya

Talent

Only Hands On is On!

There’s no reason

that the good guys can’t be the same !!!.

The bad guys are smart, well equipped, and determined.

As Steve Job’s said we are at the crossroads of technology and humanities. Technology is racing to become the mankind’s DNA. Transformational changes demand transformational answers. Digital is the only way forward. What matters is grey matter in a knowledge driven world. Together we can and together we will find a method in the digital madness.

The way forward…

Thank you