Dealing With Emerging Threats

sundar

Technology has a major impact on the gathering, storage, retrieval and dissemination of information. However, its main ethical impact relates to accessibility/inaccessibility and the manipulation of information. It creates the possibility of wider as well as simultaneous access to information. By implication, it becomes easier to access a person’s private information.

Emerging threats such as Advance Persistency Threat, attack on IOT (Internet of Things) vulnerabilities, EMP (Electro Magnetic Pulse) attacks, DDOS (Distributed Denial of Services) attacks have posed a major challenge to Enterprises, to secure data.

Benjamin Kunz, CEO of the Vulnerability Lab discovered that sensitive data such as the bank’s main system branch usernames, serial numbers, network and firewall configurations, device IDs, ATM settings, and two system passwords were revealed during updates in the ATMs at the German savings bank Sparkasse.

The impact of the use of technology on the privacy of people manifests itself in a variety of areas such as.

Ø  The electronic monitoring of people in the workplace.

Ø  The interception and reading of E-mail messages.

Ø  The merging of databases which contains personal information.

Ø  Closely related to the merging of files is the increasing use of “buying cards” by retail stores.

However, even though the challenges are overwhelming, it is not very difficult for enterprises to be geared and ready to face the emerging threats. Adoption of best standards and framework such as COBIT 5 would ensure that the enterprises have the required processes, trained personnel and technological capabilities.

Hacking and Malware proliferation 

The key reason for increased number of hacks is due to tools in the net almost freely available to the younger population, to perpetrate attacks on Enterprise technological network. The number of malware that is getting uploaded in the net has gone up in geometric proportions. Hacking for funlike LulzSec has been around for decades. It’s where hacking started, before criminals discovered the Internet in the 1990s. However, criminal hacking data of enterprises for profit has replaced hacking of enterprises data for fun.

Cyber security skills gap

There is a shortage of 0.7 Million cybersecurity personnel in India and this is likely to rise up to 1.5 Million, in the event Government’s initiatives such as “Make in India” and “Digital India”were to succeed. Cyber Security risks and data breaches pose a huge threat to any digital revolution. Emerging initiatives of the Government of India such as “Digital India”, rely heavily on availability of a basic cyber security infrastructure, trained personnel and a well governed framework. Skilled cyber security professionals are an absolute must in the event initiatives of the government were to succeed. Therefore, gap in cyber security skills, could significantly hamper Government’s plans.

“On the Job” Training and acquisition of skills through simulated workshops and certifications such as CSX of ISACA would certainly bridge the skills gap. Formal Certifications such as ISO 27001, CISM, CISSP and the like could give the personnel basic knowledge. However, these efforts cannot achieve success unless these are backed by training, domain expertise and “Continuous Professional Education” through participation in workshops, seminars and other avenues. Perhaps, considering all these requirements, the CSX program of ISACA appears to be the best fit considering the specific Indian scenario.

Privacy and data security breaches

The greatest threat that enterprises face today is breach of data security and privacy of information. This poses a significant reputation risk and Organizations may lose credibility and confidence of the prospective customers. This may hamper the digital growth predictionssimilar to the dot com burst.

ISACA hopes to add at least 0.5 Million cyber security professionals through CSX Nexus. This is through advanced way of imparting skills. The CSX course is an innovative way of imparting Laboratory based skills. The best security professionals need broad range of skills including psychology and sociology, not typically associated with those who enroll for science/computing degrees.