Professional Documents
Culture Documents
Presented by
Supported by
GLOBAL CYBER
SECURITY OUTLOOK
A.K.Vishwanathan, Senior Director Enterprise Risk Services, Deloitte India
A.K.Vishwanathan
2
Presented by
In association with
Supported by
Agenda
3
Presented by
Current state
Case study
Solutions
Way forward
In association with
Supported by
Current state
Presented by
In association with
Supported by
Over 35 % of the
Indian organizations
across various sectors
have engaged in
corporate espionage
Nearly14,000 websites were
hacked by cyber criminals till
October 2012, an increase of
nearly 57% from 2009.
Presented by
2009
2010
2011
2012
2013
In association with
Supported by
The following are they key information security challenges being major organizations in India
Presented by
CIA
Cyber Spying
02
CIA
03
CIA
Data Theft
04
CIA
Cyber Terrorism
05
CIA
01
In association with
Supported by
Modern Cyber Threat landscape have evolved over the years. Applications and IT
infrastructures are core pillars in todays business. Security of core shall ensure security of
the business.
Presented by
In association with
Supported by
Hotels
Sensitive
information
handled:
Internal strategic
&
Customer
Confidential
Airlines
Vendors/Supplier details,
contract details, outstanding
payment details
Presented by
In association with
Supported by
Hotels
Concerns
Security initiatives
in HATT sector
Absence of security
compliance for information
related controls
Compliance controls on
basis of the quality controls
only
Airlines
Travels &Tourism
Regulatory compliances
in terms of financial or
business controls
Absence of security
compliance for
information related
controls
Presented by
Absence of security
compliance for information
related controls
Compliance controls on
basis of the quality controls
only
In association with
Supported by
Presented by
Strategically
Do you have a cyber security strategy including a clear cyber governance framework ?
How are you evaluating and managing cyber risk?
Is the existing risk framework adequate to address changing threat landscape?
How structured and well-tested are you existing incident response and crisis management
capabilities?
In association with
And tactically
What is leaving our network and where is it going?
Who is really logging into our network and from where?
What information are we making available to a cyber adversary?
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Supported by
11
Case study
Presented by
In association with
Supported by
Operation hangover
12
Recently attackers of unknown origin conducted a large hacking operation on multiple companies from
servers hosted in India.
Presented by
In association with
3 All data stolen from the company are stored in a server hosted in India
with domain names similar to large ecommerce sites in India. These form
of operational security measures indicate an attempt by the attackers to
hide the operation in plain sight
Supported by
A leading US hotel chain was breached by hackers from 2009 2010 resulting in stealing
of 700,000 customer information.They were breached 3 times in the period during
which these information was siphoned out.
Presented by
Implications
1 Absence of Firewalls
In association with
Supported by
Hospitality industry
14
Hospitality, Airlines and Tourism industries depend on exhaustive branding and marketing efforts for sale
of their services. Any impact on their IT infrastructure, websites or data that gets published in the media
leads to direct effect on their revenue and core business sales.
Leading Airlines in US
Incident
Airways vendors got breached by hackers leading to
disclosure of internal employee information and customer
information.
Data breach was investigated however with no conclusive
root cause analysis
Impact
Presented by
Supported by
Source :Media Reports
15
Way Forward
Presented by
In association with
Supported by
Presented by
In association with
Supported by
nce
Presented by
Situational Awareness of
Cyber Threats
Online Brand &
Social Media Policing
Automated Malware
Forensics & Manual
Electronic Discovery
Automated Electronic
Discovery & Forensics
Ad-hoc Threat
Intelligence Sharing
with Peers
Criminal / Hacker
Surveillance
Workforce / Customer
Behaviour Profiling
Behavioural
Analytics
Acceptable
Usage Policy
Targeted Intelligence-Based
Cyber Security Awareness
Training &
Awareness
IT BC & DR
Exercises
IT Cyber Attack
Simulations
Business-Wide
Cyber Attack Exercises
Enterprise-Wide Infrastructure
& Application Protection
Identity-Aware
Information Protection
Asset
Protection
IT Service Desk
& Whistleblowing
Cross-Channel Malicious
Activity Detection
Security Event
Monitoring
Traditional Signature-Based
Security Controls
Periodic IT Asset
Vulnerability Assessments
Automated IT Asset
Vulnerability Monitoring
Targeted Cross-Platform
User Activity Monitoring
Internal Threat
Intelligence
ns
fo
rm
Tr
a
at
io
n
Basic Online
Brand Monitoring
Bliss
nc
nora
ful Ig
Ad Hoc System /
Malware Forensics
Brand
Monitoring
E-Discovery &
Forensics
Intelligence
Collaboration
External Threat
Intelligence
In association with
Cyber Attack
Preparation
Supported by
Level 2
Level 3
Level 4
Level 5
Presented by
In association with
Supported by
About us
19
Presented by
In association with
www.hattforum.com
FB/hattforum
Supported by
Presented by
In association with
Supported by
Presented by
1. Latest threats in digital security (Worms, attacks, viruses, flaws) -Santosh Satam,
CEO, SecurBay Services.
2. The immediate action needed to tighten up (Priority list, cost, internal policies)
-Ambarish Deshpande, MD - India & SAARC, Blue Coat
3. Information loss prevention (Principles & practices)-Geet Lulla,VP - India & ME,
Seclore
4. How to build a business case &get the management's attention-Dhananjay
Rokde, CISO, Cox & Kings Group.
5. Global cyber security outlook -A. K.Viswanathan, Senior Director - Enterprise Risk
Services, Deloitte India.
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
In association with
Supported by
Presented by
Thank You
In association with
Supported by
In association with
Presented by
Supported by
www.x-events.in