The wheels of progress is turning India into a digital nation. We’ve witnessed major changes this year since the launch of digital India campaign mid 2015. When campaigns like Startup India Standup India were setting the tone for startups to spearhead the digital transformation, the latest demonetization is accelerating the transformation. There were other notable moves such as the Aadhar Card system which that has been found impressive by tech leaders all over the world supported the digital transformation to a great extent.
All these though were developed with the right notion, it has also opened up the nation to new threats in terms of cybersecurity and privacy issues. Digital economy has changed the threat landscape for both consumers as well as companies, who are responsible for protecting consumer information. Attacks like, social media account breaches, bank or credit card account takeovers by sending a phishing URL via WhatsApp or Facebook message, ATM skimming, or identify theft via social engineering fall into the category of old, widespread, known, and unsophisticated cyber attacks.
Related Read: Cyber Security In India – To Breach Or Not To Breach !
“These are ‘new normals’ for consumers and companies in India until the next level of sophisticated cyber attacks like Advance Persistent Threat (APT), application-layer distributed denial of service (DDoS) attacks, ransomware, spearphishing, or state-sponsored attacks on critical financial infrastructure emerge” says Anuj Goel, cofounder of Cyware, a cybersecurity platform.
Since both consumers and companies are equally vulnerable, both have to act to protect their assets from fraudsters operating alone to organized criminal groups with advance capabilities. “Consumers of digital economy need to first educate themselves about the common threat methods and follow cyber hygiene such as, not clicking on attachments or links, using strong password, using two-factor authentication, downloading and applying software patches regularly, using anti-virus and personal firewall, and avoiding use of public computer or WiFi for logging onto financial accounts. Since new threat methods keep emerging every day, it’s important for consumers to stay up to date on the happenings and adapt cyber best practices to protect their online banking accounts” he adds.
Speaking his views on cyber security pertinent to the latest demonetization move and OurMine’s hacking spree, Rex Aantonny, founder of Rex Cyber Solutions states, “The government’s demonetization initiative pushed nearly a cashless economy and we are start running on it. This digital economy has enormous advantages at the same time it can RIP us off in a fraction of a second. Whatever we hold in the physical world is going to be identified in the digital world it could be identified in any form; starting from your Facebook, Twitter, LinkedIn and etc, all are containing tons of details about you. The Facebook contains your daily activity/info at the same time you LinkedIn contain your professional activity/info likewise Instagram and other social mediums help the hackers to get the crucial details starting from your birthday to your favorite bank.”
Cyber Situational Awareness is far more important for companies as their technical and non-technical employees must understand the cyber threats faced by the company and know how to report if they detect a suspicious incident. Anuj says, “security controls like vulnerability assessment, security architecture, network monitoring, incident detection, patching, secure coding, supplier security assessment, security forensics, and threat analytics are important but cannot replace situational awareness. A well designed Cyber Situational Awareness program not only notifies security team of new vulnerabilities and malware but also turns other employees into cyber sensors by sharing emerging threat scenarios.”
The year 2016 has proven that no-one, not even the best of the best like NSA, is secure. Based on the historical trend, it is clear that 2017 will see more DDoS (think Dyn), Ransomware attacks (victim list includes several hospitals), and state-backed attacks (DNC attack) causing geopolitical unrest. “On the technical side, 2017 will mark the beginning of a new relationship between DevOps and Security which will work in tandem but more importantly, cyber security will emerge as a prominent board room discussion topic and will enjoy more budgetary allocation. Spending will increase primarily in organizations belonging to critical infrastructures such as finance, energy and power, transportation, and telecommunication. Security will no longer remain as an afterthought or something that is delegated to SecOps, rather, it will enjoy prominence and have an impact on the decision-making by senior management” he adds.
Putting forward his views on ethical hacking and precautionary measures for 2017, Rex says “Ethical hacking the term itself having a lot of dilemma till now for most of the security people. In the coming years, the need for the cyber security professionals will be increase tremendously. The usage of gadgets and internet connectivity is increasing tremendously and at this rate, the cyber crime is also increasing side by side. Not only the top executives, but the recent ransomware attacks showed the middle and small level business also need to secure their cyberspace and need to learn a lot from that. The need for penetration testers and audits are required in all fields of the country.”
In his statement, Rex advises the public to follow these thumb rules of online safety.
- Keep long passwords – at the same time use different passwords for your all accounts
- Never ever click on the attachments/links/images that you were not expected to receive. If you doubt please verify with them that could save you from grave danger.
- Keep your system and your gadgets always updated.
- Don’t share your card details, Don’t save your card details, Don’t give your card to waiters or anyone else to pay the bills.
- Always remember everyone is a stranger in Online World.