Cybersecurity: A boardroom mainstay

By Jagdish Mahapatra How many of us today would dare defy a direct mail from our CEO? Safe to say, most would be startled by the direct attention given, even happy to know that we are noticed. The communications asks you to wire a sum to a third party under a pretext. You being the good soldier execute the order only to be questioned by the same CEO at the next meeting on your actions. Welcome to the trending social engineering hack targeting relationships between employees, known as Business email Compromise (BEC), CEO fraud or the popular term i.e. WHALING! Its more intense than earlier perceived, so much so that that its imparted damages worth over a $2.3 billion in losses, while being alive and well across 79 countries. This only goes to reinforce that today cyber criminals have developed a level of sophistication well beyond the hobby hackers of the past. Cyber threats today are more complex, more targeted, and even customized to attack a particular network’s vulnerabilities. The volume of new threats witnessed by McAfee labs is rising exponentially. Ten years ago, we saw about 25 new threats per day; today we see about 500,000 new threats per day. As a result, security has become a pivotal concern in the boardroom as CEOs and COOs seek to ensure that technology and data are used to drive growth securely. There are two types of companies today: 1) Companies that have been breached and know it and 2) Companies that have been breached and don’t know it. Threat Landscape From a trend perspective, IT companies and global finance as well as banking focused organizations, are asking for a verticalized approach for architecting their security story. IT & Security has to evolve from a support conversation to becoming a boardroom agenda. CTOs as well as CSOs are now expected to build a bigger role for IT within the business to demonstrate that technology can actually deliver what the business wants in a secure fashion. Overall, IT environments in large organizations are growing ever more complex and difficult to manage, making the role of security information and event management (SIEM) technology more important than ever. Today more than half of the addressable market in security is focused on services: implementation and integration services, managed security services, consulting services. Just one type of Ransomware, CryptoWall V.3, cost innocent users around the world $325 million last year. These trends increase the need in India for greater cross device security. Data indicates that Ransomware (a form of malware, where an attacker demands money in return for not wiping out a company’s entire data system) has been on the rise lately. According to findings from the McAfee Labs Quarter Threat Report: May 2015, the number of ransomware samples grew by 165% in Q1, 2015 largely due to the proliferation of the CTB-Locker family and its “affiliate” program, as against 155% in Q4 and Q3 of 2014. In the Indian context, a lot of new economy enterprises such as e-commerce as well as SMBs are mushrooming and adding a layer of complexity from a security perspective is the fact that mobile shopper penetration in India ranks 3rd among emerging markets. India implications The country is one of the largest sources for data processing (due to the rise of the IT & BPO sector), and thus has plenty to be valued. The security landscape in India is at par with the rest of the globe, with many reserving a chair for the CTO at boardroom meeting. That said there are holes in the armour. Despite standing on the cusp of a digital revolution, Indian organizations face a serious shortage of trained cyber security professionals. Numerous reports put India’s current shortage of qualified cyber security professionals near five lakh. The global talent deficit is expected to approach two million by 2020. The rise of mobile e-commerce in India adds additional complexity from a security perspective Mobile Wireless networks are today’s greatest security vulnerability. This is of special concern for a mobile-first economy like India, where a majority of consumers connect to the Internet through mobile devices. In a global survey, the Intel Security Mobile Threat Report for 2016 ranks India highest for total mobile malware infections. 38% of attacks on Indian mobile users come via mobile adware. Intel Security’s Mobile Threat Report for 2016 found malware from mobile app stores infected 37 million devices in the past six months; we saw a 24% rise in mobile malware in the last quarter of 2015. Consumers and businesses still do not protect wireless devices the way they protect conventional computers, making them the easiest targets of opportunity for attackers. The risk is expected to grow as more business users connect their own, often unsecured, devices to corporate networks – the so-called BYOD practice 2016 and beyond Companies are embracing services like cloud because they are convenient, flexible, easy to manage, and budget friendly. The emerging Internet of Things will depend on cloud infrastructure; more sensitive data will flow to and from IoT devices without touching corporate networks at all. That’s one reason why cloud computing is so disruptive a technology from a security standpoint, and why more organizations want greater transparency and security controls from cloud providers. It’s the integrated architecture strategy that anticipates the future. The author is Managing Director- India and SAARC at Intel Security