Cyber Safety for Corporates

IT and other corporate sectors are completely dependent on internet and communication. All the company data and information are stored online and are shared among the employees. This increases the risk of data and information leaks in the outer world. You have invested time and money to bring your organization’s work to life. You buy insurance, put locks on the doors, and install fire alarms to protect your premises. Have you made cyber security the same priority to protect your information & company data from the competitors & traitors? Have you?

Perhaps the most critical foundational asset for successful businesses & organizations is trust. Employees need to trust that their employer is focused on securing both their physical person and their critical personal information, such as bank account numbers, passport details, credit card details or other important information. Customers need to trust that companies they do business with are keeping their personal and financial information out of the hands of unauthorized users. Companies & offices trust every other department & their internal employees with mutual trust, but they never crosscheck its worth.

Protection of organizational information is a daunting task. And so as to trust on everyone in the organization is. But departments & employees of any organization cannot survive without trusting, cooperating & sharing the information & data with each other. Be it Inter-Department or Intra-Department or to the various sub divisions. Despite increased spends on Information Security (InfoSec) programs, corporate lose crores of rupees each year because of information & data leakages

Expensive technology and elaborate processes solve only a small part of the problem—because ultimately—breaches are caused by people who continue to remain the weakest link! Organizations seeking to improve their InfoSec Risk Posture face the challenge of training hundreds and sometimes thousands of employees.

Why 'Cyber Security' or 'Information Security'?

Cyber Security or Information Security or IT Security is a term which is concerned with the protection of hardware, software and a network of an organization, from the perils of disaster and external attacks (through virus, hacking, etc.). It is more to do with the electronic data and is covered in the IT Policy of an organization, in other words, it looks at protecting / safeguarding information and information systems from anyone including employees, consultants, suppliers, customers and ofcourse malicious hackers.

Trends of Incidents

  • Sophisticated attacks are happening onto ITInfrastructure
  • Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity. Information stealing is the main objective rather than destruction
  • Rise of Cyber Spying and Targeted attacks. Continuousmapping of network, probing for weakness/vulnerabilities
  • Malware propagation through Website intrusion and large scale SQL Injection attacks
  • Malware propagation through Spam on the rise
  • Increase in phishing cases, particularly fast flux and domain Phishing
  • Website compromise through SQL injection, exploiting weak input validation (Asprox botnet)
  • Uploading malicious contents onto websites through stolen FTP credentials (Neosploit)
  • Rise in defacement of Govt. websites after 26/11 attack; websites hosted outside India on cheap hosting providers
  • Targeted attacks for stealing sensitive information through social engineering and malicious office documents (Ghostnet)
  • Compromise of popular websites and redirection of users to malicious websites for malware propagation (iFrame insertion)
  • Sale of phishing toolkits on underground websites (Metaphisher)
  • Large scale creation of botnets for launching DDoS attacks, Spam, Phishing, fast flux DNS attacks (conficker worm)
  • Objective of Regular Trainings for Executives: The purpose and objective of these trainings is to understand and discuss the concepts of data security and corporate liability in light of the newly amended Information Technology Act 2008.

More specifically to understand -

  • What is Information security, data protection & security and IPR protection in relation with the IT in your organization?
  • Data Security – Technical Perspective
  • Business Loss to your Organization & Its Image
  • Data Security – Legal Perspective
  • Corporate liability under cyber laws & IT Acts
  • Legal compliance under cyber law