Thursday Sep 19, 2024
Thursday Sep 19, 2024
Monday, 11 August 2014 00:00 - - {{hitsCtrl.values.hits}}
Q:Moderator: What is the key message you’d give the audience?
Bavisi: Don’t take security for granted. Functionality is important but as you focus on it, you tend to have a lot of ease and then will have security issues. End-point security is a serious issue – the definition of end-point is changing. Mankind is evolving and is using technology daily. This means that the technology is going to be brought into organisations with its benefits and threats, and will have to be dealt with.
Rajagopal: Security is not a myth, it’s not something you cannot achieve – there is hope. As long as you have a systematic approach and have the right tools for the job, you can reach good security. Make sure security is proactive and cyclical – it should not be done once a year or when the auditors are coming, it should be part of the processes. You should treat security as part of your culture.
Dhakad: The message is we must be prepared. Cyber security requires us to stay in a constant state of preparedness. This is the time to go back and take an assessment of your IT ecosystems, of the products you are using, and what solutions and services you need to keep yourself secure. I think it’s exciting but we have to be really serious as well and need to do some homework. Put what you have learned to practice. Cyber security is growing at the speed of light and we need to keep up.
Sokurenko: In our age, we see the incredible growth of big data and an exponential number of transactions, so we must be protected from any threats, internal and external. In my opinion, use this technology in your industries and all of us in turn will help deliver this knowledge to you so that you can focus more on your businesses rather than focus so much on security.
Q:Participant: There are so many solutions but I think all these would be pointless if we don’t have the right law in place. For instance, if someone commits cybercrime somewhere and then hides in a non-sovereign state, what can be done? Edward Snowden being given asylum in Russia is an example – what other measures are you guys taking towards doing away with international jurisdictions and respective laws?
Rajagopal: There is saying which states that no matter how high a squirrel jumps, he must land on the ground. Most forensic guys wait for the day it lands on the ground. We have done many cases that way – for how long can you hide away in Panama? When you land in an airport, the law enforcement will be there to greet you. A lot of crime rings have exploited these jurisdiction issues but collaborations between countries are improving – the moment you are flagged in one country, every country knows about it. Give them some time and it will be solved. With a lot of cases, we have noticed that one day they will drop on the ground and the cops will be waiting.
Bavisi: I have a different view. EC-Council works with the defence community and if you go to Interpol to make a report, you don’t even know where to make a report and they finally ignore it because you aren’t big enough. You would be appalled by the live cases the EC-Council has dealt with – we are short of resources. The cases we had involved military records and it was still deemed too small. You’re right, lots of cases are now cross border. You have to go to all these multiple countries and file cases, and it is a nightmare to push cases through. I will agree with Krishna that when a case gets big enough, there is no escaping.
However, there is no organisation that pulls all the CERTs into one – when you get attacked there is no formal protocol connecting all the CERTs together. Forget about Sri Lanka, go to Singapore and file a case – they just do not have enough resources to deal with it. But in spite of all this negativity, just because justice is not served from time to time, it doesn’t mean that we stop protecting ourselves – don’t make yourself a victim. But the truth of the matter is that law enforcement is not there yet.
Q:Participant: We are after 30 years of civil war, so how do you think these new attack vectors will hit and penetrate our defence organisations?
Rajagopal: The biggest in-thing right now is APT simply because it is one of the most popular methods because it exploits your end-users, coming in through malware and unauthorised software. I’ve seen a lot of new variants of APTs, such as files that have two extensions and two behaviours simultaneously. But there is a lot of APT protection these days and they all work on virtualisation. They create a virtual victim and attack the virtual machine and if it flags an APT, it blocks you. That’s the easiest way of protection. The end-user needs to be aware as well to know what should and should not be done.
Participant: I’m interested in how you guys collect data about malware. How far do you guys collaborate with governments of countries? Isn’t it a vigilante approach?
Dhakad: The reason why we do it is because it’s our IP, platforms and customers. We all play a part in the IT ecosystem in fighting this. Laws, enforcement, detection… there is so much for governments to catch up with in terms of technology that it is really impossible – they are really trying to but it’s difficult. We really want ISPs and CERTs to look at the threats we discover but a lot of them receive the information and do nothing about it. We need to have discussions with governments to act on cybercrimes and strengthen laws around it. People feel embarrassed to say they’ve gotten hacked but there is nothing to be embarrassed about. It’s sophisticated crime. We ourselves have offered to share the intelligence we have so that governments could do a better job. We are looking for partners and they are coming on board to create some damage to these guys. We should not worry about laws, we need to first worry about protecting ourselves.
Q:Participant: We spoke about technical solutions – how can these be implemented?
Rajagopal: A framework is definitely needed and a strategy to implement it. That falls into IT governance
Dhakad: IT governance sits with corporate governance – policies and people all have to come together. Cyber security needs to be a boardroom discussion and a comprehensive framework needs to be built.
Q:Moderator: The IT security personnel have two issues – one is resources and the other is decision making power. What would be your advice to our participants?
Rajagopal: With the senior management, all this while security guys have been playing the fear card, by scaring the top management with the threat of cyber-attacks, but for how long are you going to do this? Move to the value card – what’s in it for them to implement cyber security and be safe? If corporate governance gets into trouble, you’re not going to jail, it’s the board, so it’s actually more important for them. You need to be realistic as well. There are always the right products for the right budget.
