Technology is evolving rapidly as is evident by the explosion of computers, smartphones, automation, big data, the internet, etc. Systems have become more complex and data is being generated at a scale that was once unimaginable. As a result, entities have adopted the cloud, which, although more efficient, comes with its own security challenges. Most importantly, while technology makes us more efficient and effective, it also makes cybercriminals more sophisticated and lowers their risk profile, making detection and prevention of cybercrimes even more difficult. There are special standards and tools for cyber-risk management. Institutional commitment, effective crisis management mechanism, risk communication with employees, customers and suppliers, and continuous monitoring tools are fundamental in managing a cyber-risk.
Cybercriminals today are mainly behind personally identifiable information and proprietary information of corporations, which they can monetise. These popularly include know your customer/customer demographic data, debit and credit card numbers, bank account numbers, login and passwords. However, while the majority of attacks are conducted for quick financial gains, they are also conducted for other reasons such as trying to raise the profile and draw direct attention to an ideology.
Hacking techniques
Hackers and cybercriminals use a variety of methods to infiltrate networks and gain access. A number of these techniques are deceptively simple and take advantage of the lack of user awareness and precautionary measures in place. Phishing, spear phishing and whaling attacks are the common methods used by hackers. Phishing is a method of attempting to gain private information using deceptive emails, disguised as if from a trustworthy source. Phishing attacks are targeted at a wide audience, with the hope of some falling into the trap. Spear phishing is a more sophisticated form of phishing, which targets specific company officials. Whaling goes one step further and targets high-level executives of a company. According to data, approximately 23 per cent of people worldwide respond to spear phishing attacks and around 70 per cent of people respond to direct phishing attacks. Further, in a survey, approximately 20 per cent of the companies surveyed said spear phishing is the top threat facing them.
Another popular technique employed by hackers is deploying ransomware. A ransomware attack involves deploying a malware, which infects the system, encrypts data or locks out the owner from the system, until a ransom is paid to regain access. Hacking a Wi-Fi network to get past a firewall and social engineering techniques, which involve posing as a trustworthy source to extract information, are also gaining popularity.
Typically, servers and network devices such as firewalls, routers and switches have thousands of ports and services running on them, many of which are insecure. Hackers first scan through the internet, looking for any insecure ports and services available. They pick one such insecure port or service, get past that layer, and determine the next step, often scanning again from that position. This cycle continues until they gain access to a network. Once they have successfully entered the network, they can copy, encrypt or delete data, install malware to record network traffic, keystrokes, etc. They can also install malware to turn systems into “slave” systems, which they can use to perform distributed denial-of- service (DDOs) attacks.
New technologies
The internet of things (IoT) has several applications in critical segments such as smart mobility, smart cities, smart manufacturing, etc. According to Ericsson, there will be 31.4 billion connected devices in 2023, up from around 17.5 billion in 2017. Further, approximately 23.3 billion of the total connected devices are expected to be related to IoT. This will result in a plethora of new entry points for hackers to compromise the security of networks. Ensuring the security of networks in such a scenario will be a challenge. However, on the other hand, organisations can adopt blockchain technology to mitigate cyber-risks. Blockchain can be leveraged for DDoS detection and prevention. Blockchain can also be used for cyber-risk rating and exposure, which can be anonymised. Therefore, being in sync with the latest technological developments and implementing new technologies to tackle cybersecurity challenges can prove extremely beneficial.
Protection from cybercrime
To tackle cybercrime, organisations first need to assess their challenges and requirements. This can be done by undertaking an IT security-focused risk assessment while keeping in view regulatory, contractual and any other requirements. Post the assessment, companies will need to design a network strategy, outline policies and procedures, and identify resources needed for the same, both human and non-human. Lastly, in order to ensure and evaluate the efficacy of procedures and measures put in place, self assessment and audits will have to be undertaken.
Encrypting data with the use of strong algorithms is another measure that organisations can adopt. Regularly reviewing and updating the user access of the company’s network and instating multiple factor authentications can also assist in safeguarding the network. Further, installing intrusion detection systems (IDSs), which monitor both inbound and outbound intrusion signatures and identify suspicious patterns of activity, and intrusion prevention systems, which expand on IDSs by taking corrective action when they detect suspicious activity, can be installed. A managed security service provider offers organisations a network security management plan, which may include virus blocking, spam blocking, intrusion detection, firewalls and virtual private network management.
Developing a good incident response time and learning from every cyberattack is crucial for companies to bolster their systems to make them impervious to malicious activity. Therefore, all alerts should be monitored, documented according to priority and addressed in a timely manner. Undertaking a trend analysis of threats will provide an insight into what to expect in the future and help in being prepared in advance. Organisations should undertake post-mortem analysis to understand the root cause of the problem after the situation has been contained and resolved.
The way forward
Increasing sophistication and rising incidence of large-scale attacks on organisations have made cybersecurity a board-level discussion. Companies should formulate a well-established framework for board-level reporting. This needs to be done in order to change the stance from a reactive to a proactive one.
In order to be prepared in the event of a cyberattack, companies will need to understand and approach cybersecurity as an enterprise-wide risk management issue, rather than just an IT issue. Reporting and monitoring of breaches and attacks should be undertaken as and when needed and not only when planned. Training and awareness programmes should be conducted for board-level employees as well. Adopting an integrated framework-based approach always helps in adequate coverage. All business transformation plans and reports to the board should have the technology risks covered. Companies can also build business resilience through either self-mitigation or through transfer of risk by opting for cyberinsurance. s
Based on presentations by Akshay Garkel, Partner, Grant Thornton India LLP; Shashank Bajpai, Chief Information Security Officer, ACKO General Insurance Limited; and Aditya Mathur, Manager, IT Security, EbixCash, at a conference on “Cyber Security for BFSI”, organised by tele.net
