Mobiles To Get More Vulnerable After 3G

Kartik Shahani was elected Country Manager for India and SAARC, RSA in April 2010. In an email interaction with Biztech2.com he provides his views on the emerging threat landscape in India and how enterprises are tackling them.

According to the recent CERT In report, phishing is the most used cyber intrusion tool in India. Will this prevail or are there any other trends that you see coming?

Indian consumers expressed a higher level of concern about the threat of trojans. Amongst the types of security threats, trojan is growing most dangerously globally as well as in the APEJ region where India was listed as the second biggest region under threat. However, the bad news is that in worm and virus, India leads.

Also, with the launch of 3G service in India, phishers will now be able to reach out to a larger number of internet users. The scale of these web-based attacks originating from India and other countries makes security in the virtual world a major challenge, requiring global cooperation between vendors, intermediaries and users.

Viruses like trojans can corrupt the mobile as well since advanced mobile phones run the same kind of applications as desktop and laptop computers.

Majority of smartphone users store confidential, personal, business or client data on their devices. Many use their PDAs and mobiles to send and receive e-mails that include confidential personal data; they also use mobile phones to access bank accounts. While this is great convenience, it also makes mobiles susceptible to trojans and other spyware to be installed.
What should be the enterprise strategy to counter threats like phishing?

Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Banks and other online transaction sites today have notices on their websites trying to create awareness amongst their users. They also send regular mailers to educate their users on phishing and other online threats and precautions that they need to take while doing online transactions.

There are quite a few anti-phishing solutions available in the market. RSA FraudAction is a proven service that provides real-time protection against phishing, pharming, Trojans and other online attacks that target organisations and their customers.
Which are the top IT security challenges today and what are companies doing to neutralise them?

For years companies have focused only on external threats. It’s only now that internal threats have become a concern for organisations as they realise its severity.

Additionally, most organisations face the mammoth challenge of finding sensitive data spread across the organisation. The data could be lying within the data centre or desktops and laptops and also in transit over the network.

With increasing sophistication of cyber attacks and complexity of infrastructure, organisations would have to look beyond the traditional security solutions to ensure a robust IT infrastructure that could propel the business machinery. Furthermore, organisations are now adopting a holistic approach towards security. They are also aware that data needs to be protected while it is in transit, as well as when it is residing in a data centre. Hence, an information centric approach is high on priority.

Trends that we feel are catching up in the Indian market are - Managed Security Services, Log Management to have a comprehensive view of the data movement and Risk Based Authentication or Adaptive Authentication to have a fraud detection platform that monitors and authenticates customer activity based on risk levels, institutional policies, and customer segmentation.

What are your views on the overall threat landscape and the defensive strategy against it?

The threat landscape has increased multifold. One of the main concerns around threats and attacks is that they are for a short span of time and dynamically metamorphosing.

Enterprises should look at where they are on the maturity lifecycle of tackling threats and vulnerabilities, based on which they should invest in technologies that can become business enablers.