Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Similar documents
TAN Jenny Partner PwC Singapore

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Governance Ideas Exchange

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Cyber Threat Landscape April 2013

Emerging Technologies The risks they pose to your organisations

CYBER SOLUTIONS & THREAT INTELLIGENCE

Cybersecurity Protecting your crown jewels

Cyber Security and Cyber Fraud

Angela McKay Director, Government Security Policy and Strategy Microsoft

Cyber Security: Are digital doors still open?

Cyber Risk Having better conversations on cyber

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

ISAO SO Product Outline

About Issues in Building the National Strategy for Cybersecurity in Vietnam

New Zealand National Cyber Security Centre Incident Summary

Cybersecurity in Higher Ed

Moving from Prevention to Detection March 2017

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Cybersecurity and Data Protection Developments

Cybersecurity Session IIA Conference 2018

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

IT risks and controls

Physical security advisory services Securing your organisation s future

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

ForeScout Extended Module for Splunk

How Secure is Blockchain? June 6 th, 2017

National Policy and Guiding Principles

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Presented by: Njei Check Head, Audit Security Division, ANTIC

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

2017 THALES DATA THREAT REPORT

European Union Agency for Network and Information Security

Why you should adopt the NIST Cybersecurity Framework

Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017

CipherCloud CASB+ Connector for ServiceNow

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

How technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011

The Honest Advantage

SWIFT Customer Security Programme

with Advanced Protection

Building a Threat Intelligence Program

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Cyber Security: Threat and Prevention

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

A new approach to Cyber Security

EMERGING TRENDS IN WHITE COLLAR CRIMES

Combating Cyber Risk in the Supply Chain

DHS Cybersecurity: Services for State and Local Officials. February 2017

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

INTELLIGENCE DRIVEN GRC FOR SECURITY

Introduction to Device Trust Architecture

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Cybersecurity. Securely enabling transformation and change

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

Modern Database Architectures Demand Modern Data Security Measures

What It Takes to be a CISO in 2017

2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM

Office 365 Buyers Guide: Best Practices for Securing Office 365

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Security by Default: Enabling Transformation Through Cyber Resilience

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

Express Monitoring 2019

align security instill confidence

Changing the Game: An HPR Approach to Cyber CRM007

The NIS Directive and Cybersecurity in

Altitude Software. Data Protection Heading 2018

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Information Security Controls Policy

Security and resilience in Information Society: the European approach

Cybersecurity, safety and resilience - Airline perspective

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Run the business. Not the risks.

Bradford J. Willke. 19 September 2007

Intelligent Building and Cybersecurity 2016

NIPPON VALUE INVESTORS DATA PROTECTION POLICY

Checklist: Credit Union Information Security and Privacy Policies

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

Securing Office 365 with SecureCloud

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Cyber Insurance: What is your bank doing to manage risk? presented by

The New Era of Cognitive Security

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

locuz.com SOC Services

FOR FINANCIAL SERVICES ORGANIZATIONS

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Kaspersky Security. The Power to Protect Your Organization

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Cybersecurity Fundamentals Paul Jones CIO Clerk & Comptroller Palm Beach County CISSP, ITIL Expert, Security+, Project+

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

2017 Annual Meeting of Members and Board of Directors Meeting

Cyber Security Technologies

Transcription:

www.pwc.com Safeguarding company from cyber-crimes and other technology scams ASSOCHAM Rahul Aggarwal - Director

The new digital business ecosystem is complex and highly interconnected The new business ecosystem 1 An always on, Always connected world Industry 2 Data explosion Customer Consumer Enterprise Suppliers Service providers 3 4 Infrastructure revolution Future finance Together will define future security models JV/ Partners 5 Tougher regulations and standards 6 New identity and trust models 1

Evolving business ecosystem.. Advancements in technology Adoption of cloud-enabled services; Internet of Things ( IoT ) security implications; BYOD usage Value chain collaboration and information sharing Persistent third party integration; tiered partner access requirements; usage and storage of critical assets throughout ecosystem Operational fragility Real-time operations; product manufacturing; service delivery; customer experience Business objectives and initiatives M&A transactions; emerging market expansion; sensitive activities of interest to adversaries Unmanaged risks with potential long-term, strategic implications Historical headlines have primarily been driven by compliance and disclosure requirements However, the real impact is often not recognized, appreciated, or reported Cybersecurity must be viewed as a strategic business imperative in order to protect brand, competitive advantage, and shareholder value 2

Information Security Incidents rising Globally Red October BlackEnergy Regin Shamoon 3

Cyber crime ranks as one of the top economic crimes perceived by the businesses across the world Cyber crime the second most important crime across the world Types of Economic Crime Experienced Money Laundering Human Resources Fraud Accounting Fraud Procurment Fraud 11% 11% 15% 12% 22% 18% 23% 29% Bribery & Corruption Cybercrime 27% 24% 24% 32% Asset Misappropriation 69% 64% 0% 10% 20% 30% 40% 50% 60% 70% 80% 2014 2016 global economic crime survey 4

Security incidents have increased multi-fold in last couple of years.. 150000 SECURITY INCIDENTS HANDLED 130338 100000 71780 50000 10315 13301 22060 0 2 010 2 011 2 012 2 013 2 014 # Security Incidents in 2014 No. of incidents 1. Phishing 1,122 2. Network Scanning/ Probing 3,317 3. Virus/ Malicious Code 4,307 4. Website defacements 25,037 5. Spam 85,659 6. Website intrusion and malware propagation 7,286 7. Others 3,610 Total 1,30,338 Security Incidents handled by CERT-In, CERT-In Annual Report 2014 Source : -http://www.cert-in.org.in/ 5

Number of registered cases of cyber crime registered under IT Act in India are increasing at an alarming rate Cyber crime has been increasing at an alarming rate in India. The number of cyber crime cases registered under the IT Act in 2011 were 1791, an 85% increase since 2010. This has increased to 2876 in 2012, 4356 in 2013 and 7201 in 2014. Number of cyber crime cases registered under the IT Act 8000 7000 6000 5000 4000 3000 2000 1000 0 CYBER CRIME CASES IN INDIA 7201 4356 2876 1791 966 288 420 2008 2009 2010 2011 2012 2013 2014 Significant increase in the number of registered cases Crime in India report 2011-2014, (National Crime Record Bureau), Analysis 6

Financial losses increase two-fold: Losses increased by 135% over the previous year Impact of security incidents on business and data Data Employee records compromised Customer records compromised Loss or damage of internal records 38% 44% 40% Business Unknown Other Legal exposure/lawsuit Loss of customers Brand/reputation compromised Theft of 'hard' intellectual property Theft of 'soft' intellectual property Financial losses 10% 8% 17% 31% 32% 25% 38% 36% 0% 10% 20% 30% 40% 50% global state of information security survey 7

Security incidents caused by insiders have dominated those caused by external actors. 2.5 Ratio of security incidents caused by insiders as compared to external actors 2.2 2 1.5 1 1.1 0.9 1.5 0.5 0 2012 2013 2014 2015 global state of information security survey 8

Third party security focus should be top priority In today s interconnected ecosystem, the compliance of third parties to relevant security policies and procedures is important to maintain the overall security posture of the organization 24% of respondents cited former business partners and suppliers as causes of incidents. Surprisingly, we noted that 50% of companies do not ensure that third parties comply with their privacy policies, and around 40% of total organisations do not have established baseline standards for third parties. Compliance with privacy policies Compliance audit to check PII safeguards Established security baselines/standards 50% 55% 62% 9 global state of information security survey

Technological Investments required to fight the cyber crimes Vulnerability scanning tools have seen an increase in adoption and are up from 57% to 62% Intrusion detection tools have increased from 55% to 62% 53% of organizations have listed implementation of newer technologies as their top priority in the next 12 months Organizations adopting various security technologies Use of virtual desktop interface (VDI) 53% 56% Malware or virus protection software 68% 71% Vulnerability scanning tools 57% 62% Intrusion detection tools 55% 62% 2014 2015 Tools to discover unauthorised devices 53% 59% Malicious code detection tools 56% 61% Biometrics 52% 58% 0% 10% 20% 30% 40% 50% 60% 70% 80% 10 global state of information security survey

Organizations collaborate and the involvement of executives and the board evolves As more businesses share more data with an expanding roster of partners and customers, it makes sense for them to swap intelligence on cyber security threats and responses. Indeed, over the past three years, the number of organisations embracing external collaboration has steadily increased. Benefits of external collaboration Share and receive information from industry peers 63% Improved threat intelligence and awareness 58% Share and receive information from government 46% Share and receive more information from law enforcement 46% Receive more timely threat intelligence alerts 49% Benefits of board participation 51% Identification and communication of key risks 50% Encouragement of organisational culture of information security 51% Information security programme funding 38% Internal and external collaboration and communications 11 global state of information security survey

Taking measures to address the risks due to emerging technologies... Internet of things (IoT) IoT has come a long way from being a futuristic concept just a few years ago to transforming into real products, services, and applications; this offers miscreants an enlarged surface area to attack leading to highly publicized consequences. Going mobile with payments With the increase in sales of smartphones and access to the Internet, m-commerce, m-payment is set to grow rapidly. However, it also brings with it cyber, privacy and compliance risks that organisations need to address. Steps taken to secure mobile payment services Work with issuing banks Strong authentication Tokenisation and encryption Protection of customer personal information End-user risks and vulnerabilities Verification/provisioning processes Risks related to hardware/device platforms Risks related to malware/malicious apps 46% 59% 41% 57% 51% 62% 52% 64% 0% 10% 20% 30% 40% 50% 60% 70% global state of information security survey 12

The big impact of Big Data In a world where data is gaining importance, and companies are leveraging big data analytics for business decision, a growing number of organizations are also employing big data analytics to monitor security threats, quickly respond to incidents and audit and review data to understand how it is used, by whom and when. 13 global state of information security survey

Overview Maturity Objective The legal framework in India for privacy and data security... IT Act Amendment, IT Act, 2000 IT Act, 2000 2008 IT Act Rules, 2011 Legal recognition for transactions carried out by means of electronic data interchange Other means of electronic, communication Penal actions for violations Specific provisions on data protection Provisions on cyber security, national security, encryption policy, cyber crimes Strengthen the data protection regime in the country. Strengthen the data protection regime in India thereby providing legal assurance to the clients, governments, regulators and end customers abroad that India is a secure destination for outsourcing. Legal Recognition for E- Commerce Digital Signatures and Regulatory Regime for Digital Signatures Electronic Documents are now Treated at Par with Paper Document E-Governance Electronic Filing of Documents Defines Civil wrongs, Offences, Punishments Appellate Regime Right of Investigation and Adjudication Section 43 A Personal Data Protection Section 66 Computer related offences Section 69B Cyber Security Section 67C Intermediary responsibilities Section 70A & B CERT-IN Powers Various Provisions Inspections, interceptions and disclosures Defines Sensitive personal data or information Body corporate to provide policy for privacy and disclosure of information Collection of information Disclosure of information Transfer of information Reasonable Security Practices and Procedures 9 th June 2000 23 rd December 2008 11 th April 2011 14

Keeping pace with the new reality Key considerations Identify, prioritize, and protect the assets most essential to the business Understand the threats to your industry and your business Evaluate and improve effectiveness of existing processes and technologies Critical Asset Identification and Protection Threat Intelligence Process and Technology Fundamentals Monitoring and Detection Incident and Crisis Management Security Culture and Mindset Enhance situational awareness to detect and respond to security events Develop a crossfunctional incident response plan for effective crisis management Establish values and behaviours to create and promote security effectiveness 15

Thank you 2016 PricewaterhouseCoopers Private Limited. All rights reserved. In this document, refers to PricewaterhouseCoopers Private Limited (a limited liability company in India), which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback