CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA

Transcription

1 CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA

2 RECENT TRENDS IN CYBER ATTACKS

3 Cyber Security Threats From Requests to Ransom Notes Source: Source 3

4 Cyber Security Threats Alternate Crypto Currency Improvised money laundering technique for Cyber criminals 15 Aug Bitcoin = $ Aug Bitcoin = $

5 Cyber Security Threats Sophisticated Phishing Attacks Fake mails used to insert malware, extract sensitive pass-phases. Source Sophisticated mails crafted using AI based information utilizing specific company information such as billing, logistics, and more. 5

6 Cyber Security Threats Reverse Deception Tools for reverse deception like antianalysis code, fileless malware, steganography, and command-andcontrol servers are increasing in complexity Source cover of book available on www,amazon,in 6

7 Cyber Security Threats Mobile Application- App Design to demonstrate complexity Security a backseat affair User Approvals to App given without diligence 7 Source Gdata Security Blog Race to launch new versions of OS Approx 8400 malware detected daily.

8 Cyber Security Threats IOT Devices Security Continues to be on the backseat. Race to IOT enablement 25 billion devices by Source

9 Cyber Security Threats Strategic-Information Operations Criminals are evolving from Script Kiddes to State Sponsored / State Supported Actors Target is Political Disruption Source: 9

10 ADDRESSING THE CHALLENGE 10

11 Addressing the Cyber Security Challange National Level Vision IT Act-2000 Cyber Security as means for protecting information, equipment, devices, computer, computer resource, communication devices and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction. 11

12 Addressing the Cyber Security Challange National Level Vision Cyber Security Policy 2013 To build a secure and resilient cyberspace for citizens, businesses and Government. The stated Mission is To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology, and cooperation. 12

13 Addressing the Cyber Security Challange National Level Vision Some Actions under Cyber Security Policy 2013 create a framework for design of Security policies & strengthen the Regulatory framework. create 24 7 mechanisms for obtaining strategic information regarding ICT threats. mandating security practices, develop suitable indigenous security technologies. improve visibility of the integrity of ICT products and services. create a workforce of 500,000 professionals skilled in cyber security in the next 5 years. create a culture of cyber security and privacy. develop effective public private partnerships, enhance global cooperation. 13

14 Addressing the Cyber Security Challenge National Level Organisations National Information Board (NIB) Apex agency with representatives from relevant departments and agencies that form part of the critical minimum information infrastructure in the country. National Critical Information Infrastructure Protection Centre (NCIIPC) Designated agency to protect the critical information infrastructure in the country. National Cyber Response Centre Indian Computer Emergency Response Team (CERT-In) Monitors Indian cyberspace, coordinates alerts/ warning of imminent attacks and detection of malicious attacks among public and private cyber users and organizations in the country. 14

15 Addressing the Cyber Security Challenge National Critical Information Infrastructure Protection Centre NCIIPC Website has lots of information on procédure to formulate guidelines for CII Have a RVDP program 15

16 Addressing the Cyber Security Challenge Enterprise Level A model framework for establishing and evaluating information security Identifies the correct tool to secure system. Based on the interconnectedness and state of information one can employ technology, Process or Awareness to thwart attack Source: 16

17 Addressing the Cyber Security Challenge Enterprise Level PROACTIVE PREVENTION Properly training employees to recognize emerging threats can help an organization head off potential problems earlier and mitigate potential damage. Source: 17

18 Addressing the Cyber Security Challenge Enterprise Level Infrastructure Redesign Insulate your infrastructure The IT infrastructure many need to be reorganized creating multiple zones that can autonomously operate. Information sharing across zones should be regulated. Patch your apps and operating systems when necessary, make sure firewalls and virus scanners are configured, and check your admin rights Source: 19

19 Addressing the Cyber Security Challenge Enterprise Level Enhance Spam Filters Spam filters should be present and authentication should be robust to make sure is protected. Companies should also scan s for potential threats. Source: 18

20 Addressing the Cyber Security Challenge Enterprise Level Plan for Continuity A strong resilience plan that includes backups and it regularly updated can help hedge your bets against paying for ransomware Source: 20

21 CONCLUSION 21

22 Conclusion There s no silver bullet solution with cyber security, a layered defense is the only viable defense James Scott 22