Global pandemic has entirely changed the work culture of the organisation, while over 75 percentage  of the private sector employees are working from home and rest of the employees are working remotely at least once a week  percent of global employees work remotely at least once per week and willing to work from home more often if their job permits.

Presently, most of the organisations including start-ups ever are offering the option to work from home because of the serious health threats to the employees and to ensure the business continuity.Top managements and business leaders from all sorts of companies including the start-ups are recognising the benefits of permitting remote work for their companies

Previously, most of the organisation’s weren’t set up to work remotely, and most of the time prefers working on office premises only,but, the COVID-19 pandemic and resulting lockdown of many countries mean that many companies and their employees are now mostly full-time working from home (WFH).

Keeping business continuity in focus organisations allowed remote working, however the cyber security and information security has become a serious concern. One side work from home option has reduced commuting time for employees, more liberty for workers and even increased productivity, on the other side there are cyber security risks and challenges that come with allowing their employees to work from home or from any remote location.

What are the Risks of Work from Home/Remote Work?

Data security and cyber security is paramount, while work from home. Organisations need to have secure communication channels to access their Information systems hosted on premises, some organisations mainly start-ups may face operational risks such as not being able to support a huge number of simultaneous remote connections to their infrastructure and IT services. This could be troublesome for employees that need access to internal resources for business support and may even place additional burden on IT teams if they’re not properly prepared.

While this is a business disruption risk, and can cause unnecessary stress for an IT department that’s already overworked and overburdened trying to fix the issue on-the-go. Which could lead to the risk k of not properly implementing access, authorization and authentication policies which may result in employees accessing resources that they shouldn’t.

In order to reduce the risk of unapproved remote access to organisation’s Information Technology infrastructure, IT teams and information/ cyber security teams shall make it explicit which applications, services and VPN clients are supported by the organization IT infrastructure. Any unauthorised attempt to access internal Information Technology infrastructure with illegitimate and unknown tools should be treated as a cyber risk and blocked immediately.

Since many companies have a well-defined and strict IT and Information security policy for centrally managing and deploying software. Security patch updates to endpoints, gradual rollout procedures should be designed for deploying those updates. Delivering them all at once to remote devices connected with secured VPN technology, could create bandwidth traffic jam and affect inbound and outbound traffic. Data backups of individual laptops could be a tough task if backup servers are hosted inside the premises. Last but not least, enabling disk encryption for all endpoints should be a priority as it minimizes the risk of having sensitive data accessed or compromised due to unauthorised access or device theft.

Cyber Security Guidelines for Work from Home?

1. Having a Teleworking/Work from Home Policy

First and foremost, thing -Define “Remote,” “Work from Home” or “Teleworking” policy is a must if your organisation or start-up is allowing employees to work from home or locations outside of the office premise. This policy shall establish a set of procedures and guidelines that employees must follow in order to work from home. will reduce the inherent risks of working remotely since the organisation and employees are explicitly aware of the WFH responsibilities and its consequences.

Teleworking/ remote working policy shall include:

• Employee responsibilities
• Procedure of reporting of information security incident.
• Approval process from remote connections
• Workspace security mandates.
• System configuration/ hardening steps
• Use of encryption for data stored and in transit and Ensure encryption is used for all data that is stored and in transit
• Mandate use of a secured channel such as VPN for remote workers

2. Information security training’s to Top management and employees.

Conduct periodic monthly or quarterly training sessions to keep your employees and top management aware and educated on cyber security and information security risks and their responsibilities when it comes to organisation’s information security program and working from home.

Basic cyber security drills shall be conducted on regular basis and organisation’s information security awareness program shall be updated accordingly. Employees shall be aware of phishing attacks, spam mails as well as securing home Wi-Fi network.

Each and every employee shall be aware about the risk of using public Wi-Fi for organisation’s system. Employees should be aware whom to contact in case of any cyber security incidents.

Top management is more prone to cyber security attacks. They shall be adequately trained.

Organisation shall assess the Information Security awareness status of the employees and top management on timely basis.

3. Use of advance technology and tools for Data Protection

A well-defined policy in place will help employees know what they need to do and how to do it, but providing them with the right technology tools will also reduce the risks of working remotely. Depending on the organisations and the role of their employees, the technology could vary. Below are the few examples of some tools helpful in data protection during remote working:

• Enable built-in Firewalls: Firewalls are the defence for information security risks. Now a days every Operating Systems has inbuilt firewall which can prevent malicious inbound or outbound requests
• Enable built-in Encryption: Systems data will be encrypted by using built in encryption techniques, this is helpful in case the drive is lost or stolen. However, the passkeys shall be remembered by the IT administrator.
• Use Virtual Private Network (VPN): VPN provides a secured tunnel to the data travelling to the servers and make it difficult to crack for malicious users or hackers. Organisation shall only accept traffic coming through VPNs and employees shall always use VPN for connection to office network specially when they are in a shared network at home or outside
• Use of Password Managers:This will help employees to store their passwords and generate secure password.This reduces the risk of using the same password for all services and applications by employees.

4. Enablement of two-factor authentication

Use of two factor authentications to critical information assets is a must, since it provides a surety that the data request is coming from a genuine source. This method reduces the risk of phishing and malware attacks.

5. Monitor your third-party vendors and service providers

Many a times organisations outsource few services for them. In this case the vendors shall be regularly monitored as the Suppliers information security policy. Assess your vendors cyber security program on regular basis because a vendor can also be sometimes acting a risk for organisations information security

6. Use of access control

Organisation shall implement an access control policy in order to reduce the data breach or data leaks. Least privileged shall be given while granting permission to any user. Access should be based on the role of employees in the organisation, and these accesses shall be monitored on timely basis

7. Enforcement of strong passwords on Applications, servers and employee devices

Organisation shall ensure that strong password policy is enforced on employee devices applications and servers,

8. Use of web security protection

Last but not the least organizations should deploy security solution like antivirus, anti-phishing, anti-malware security solutions employee endpoints and technologies capable of preventing network vulnerabilities from exploitation. There are many solutions available in the market nowadays.

Only deploying these solutions is not sufficient, it shall be updated and monitored regularly and necessary actions shall be taken on it. Organisation shall deploy the solutions which can accurately detect the phishing attempts and any known malware attacks.

Work from home or remote working has given a golden opportunity to hackers and cyber criminals as well as it is a challenge for organisations IT Team and information security team. Managing Cyber Security during remote working is really tedious job for the organisations, however use of proper technology and monitoring can certainly mange this work. Organisations shall take cyber security as a risk and shall appropriately invest in safeguarding their Information assets. A vigilant and aware team can save organisation from cyber attacks and hence from financial, reputation and business operational loss.

# Keyword: Information security, cyber security, data protection, VPN, training and awareness VPN, strong password, business continuity, access control, remote working, work from home, cyber security risk.

In the current age where information technology has penetrated in almost every area of our lives, both personal and professional has huge impact of Information technology, in other words our live has been completely dependent on technology. Be it organizational or personal, the amount of data collected and processed by big-companies and start -ups is alarming. Human beings have become so much dependent on technology, be it hardware or software, holdable to wearables to insertable, technology is all but inseparable.

Be it office or daily household tasks, technology has invaded in every sector and make the work easier and more efficient to perform., however, all the technology gadgets and services have one thing in common, that is data processing. In order to process the data like PII(Personally Identifiable Information),PHI Protected health information about individuals, and critical financial, scientific, confidential  data of organizations and countries is  extremely lucrative  to competitors and cybercriminals, ranging  hackers to , script kiddies, the wannabes, elites, activists, crackers, and phreakers to punks ciphers

For an example you are start-up organization providing information technology services to any government or any other big organization which is processing critical data, then a vulnerability in your system can be a potential risk which could lead to data breach of your client. As per recent trends, at least one new zero-day vulnerability was found each week. As zero-day vulnerabilities are discovered, they just serve as a tool for cybercriminals/hackers to intensify attacks. Hence by enabling proactive measures such as incident management or cyber crisis management plan can be an effective way to limit or even prevent the propagation of a cyber security attack.

IMPACTS OF CYBER SECURITY BREACHES IN START-UPS

Cybersecurity breaches impacts   organizations and companies in different ways. Many of which cause serious damage to the organizations and start-ups, if not permanent. Some effects of cyber breaches are:

• Organizations leads to financial losses: An intense cyber security breach can damage critical servers and hardware which could lead to financial loss. In addition to it an organisation which is not capable to secure its information assets and prone to frequent cyber security attacks is liable for penalties imposed by client or government.
• Organizations do experience loss of confidential data. This is often the major consequence of a cybersecurity attack. Confidential Data, which could range from credit card numbers, Aadhar number, PAN number, phone numbers, social security numbers, health records, right up to software design, code, military confidential or classified information, medical formulas could be stolen.
• Loss in Reputation and value degradation in the business market have often been cited as a significant concern. Trust and value built from customers (service providers) to companies(clients) after a mishandled cybersecurity attack starts discrediting and is brought into question, especially when the company fails to respond promptly to a cybersecurity attack.
• Competitiveness between firms and organizations becomes compromised. This can cause disaster, from which small to medium organizations or start-ups might never recover.

 Cyber security breaches or incidents can sustain by opting different kind of strategies. Few of them is setting up preventive measures to avoid a potential attack, and the other being how to respond when a breach or attack occurs as a corrective measure in case of any Zero-day attack. However, both the methodologies require intense monitoring of the information systems.

STEPS TO AVOID A POTENTIAL CYBERSECURITY ATTACK

Cyber security attacks are of various kinds and natures, and there is an enormous number of resources out there stating how to prepare for the inevitability of a cyber-attack. Cyber risk can come from various points like open ports, unattended laptops, desktops, improper patch management etc and this activity requires involvement of top to lowest level of employees the organisation. There is no perfect methodology or solution available to handle cyber security incidents or attacks in any organisation, however the impact can be minimised if handled properly. Below are the points to strengthen cyber security:

• Perform Cyber Security Risk Assessment: Perform an intensive risk assessment for your business and identify all the possible weak points which could lead to cyber security attack and find out a risk mitigation plan for each risk, don’t leave any risk unattended
• Employees Training. In any organisation aware employees can be helpful to handle cyber security incidents. Any organisation or start-up should provide adequate training those handling sensitive data.
• Regularly backup sensitive data. Data is the core of every company. Unavailability of data can destabilize, disrupt, and even lead to shut down of start-ups, or organizations. Having data backup at an alternate location online/offline is the key of surviving a cybersecurity breach or incident. Remember, data availability is one of the key components of cybersecurity.
• Employee Screening prior to employment. A proper policy and SOP for employee screening shall be developed and followed with due diligence. Since employees are often the weakest link in a cyber-security plan, all the future employees should be screened to validate their cyber-security skill sets desired for their respective positions in the organisation or start-ups.
• Keep systems updated by regular patch updates. Most of the start -ups and small companies don’t have proper patch management programs for systems and software which could lead to a serious cyber threat because these vulnerabilities can be exploited by cybercriminals to access your systems. Applying timely security patches to software and hardware systems routinely can reduce cyber security threats, as most of the threats exploit known vulnerabilities(weaknesses).
• Adapt Security culture and take cyber threat seriously. As part of the organisation’s culture, cyber-security must be priority by the management. Negligence can lead to unrecoverable cyber-attacks. Management should provide adequate budget for enhancement of cyber-security in the organisation.
• Develop Cyber Crisis Management Plan. Since Cyber incidents comes unannounced organizations and start-ups should identify and classify different cyber -security attack scenarios and generate mitigation plan for it. Table top exercises are helpful to understand the readiness. A contingency plan shall be developed

A well skilled team for handling cyber security in any organisation is very important. Having the Data Privacy Officer (DPO), Chief Information Security Officer (CISO), and the Chief Information Officer (CIO), etc., with well-defined role are helpful for any organisation

HOW TO RESPOND TO SECURITY BREACHES?

1. Establish an Incident Response Team (IRT).

Create an IRT with skillsets and capable to handle Cyber security incidents. Define roles and responsibilities of each member which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Finance Compliance and Human Resources.

Your (IRT)Incident Response Team should include your Chief Information Security Officer (CISO), who will lead the team organisation’s security policy direction. In case of start-up Virtual CISO can be a guide.

2. Identify the type and extent of incident.

A impact matrix for incident should be clearly defined for damage assessment and determine the appropriate response. For example, an incident where a computer virus is easily detected and removed and which has not impacted any external or internal parties can be categorised as low and should not be escalated.

However, an incident which impacts clients and customers should be escalated to the IRT.

3. Escalate incidents as necessary.

Employees are the first one to observe the cyber security incidents, any kind of incidents including abnormal system behaviour, phishing mails, fraud mails etc shall be immediately escalated to IRT so that timely corrective action can be taken.to mitigate suspicious vulnerabilities and avoid unexpected downtime.

4. Notify affected parties, government bodies and outside organizations.

Identify and assign responsibility to one member of the IRT managing communication to affected parties (e.g.  government bodies, investors, third party vendors, etc.). Depending on the severity of the incident, the IRT member should inform the affected parties and law enforcement agencies

5. Gather and analyse evidence.

IRT is responsible for identifying, gathering and analysing both physical and electronic evidence as part of the investigation. These evidences shall be kept securely as a part of artefacts. Lesson learnt should be documented for future.

6. Mitigate risk and exposure.

Technical members of the IRT shall be responsible for monitoring the situation and ensuring any effects or damage created as a result of the incident are appropriately repaired and measures are taken to minimize future occurrences.

Since cyber security is the responsibility of everybody in the organisation the necessary disciplinary action shall be defined for the guilty. An adequate amount of penalty or action shall act as a deterrence and helpful in reducing the cyber-security incidents.

Keywords: Cyber-Security, Information Security, Cyber-Security incidents, CISO, Virtual-CISO, hacking, cybercriminal, start-ups,incident-response

]]> http://www.cyberlaws.org/virtual-chief-information-security-officer/ Sun, 21 Feb 2021 07:03:39 +0000 http://www.cyberlaws.org/?p=617 VIRTUAL CISO-A Logical method to manage Cyber security compliance in Start-ups

During the current era, both big companies and small start-ups, are using Information Technology for ease of doing business, however it makes them vulnerable for Cyber-attacks. So, it becomes necessary for them to use Cyber security professionals e.g. CISO (Chief Information Security Officer) in order to protect information assets. ,It goes without saying  that information security activities in any organization consume more resources than ever before. Cyber criminals (Hackers) are becoming better all the time, and staying ahead of them is getting tougher. However, it’s not just more zero-day attacks by sophisticated criminals; competitors, growth of the organization, elevated infrastructure complexity and new compliance requirements also desire more cyber defence staff, adequate time and right technology to avoid becoming a victim of a cybersecurity breach.

In earlier days security was primarily focused on physical access to facilities and resources, or adding layers of logical controls to protect business application and data. However, security concerns of the present era don’t fit into this old traditional way anymore. Security concerns impact every aspect of an organization’s operations and should be an integral driver of strategic planning, along with all decision for future expansions.

Since cyberattacks have become smarter and more sophisticated at exploiting vulnerabilities, with the availability of many open-source tools it is easier for hackers to launch new attacks every other day. For the organizations and start-ups cyber security shall be a proactive program rather than a reactive which is to be launched at the time of cyber-attack. Thus, information security is an integral part of organizational strategic growth. It is just as important as goodwill, financial turnovers and product quality.

What is Chief Information Security Officer(CISO) and Virtual Chief Information Security Officer(V-CISO) ?

Top management team should be aware of the impact of lack of information security on their organization’s profitability and durability. A shortage of information security in the organization could result in heavy fines for non-compliance, punitive rulings after finding liability or negligence, or a loss of customers and partners after a confidence-shattering breach. There is a big risk of underestimating information security and it is too big to ignore.

In order to address the growing awareness of information security’s importance to strategic planning, many larger organizations and start-ups include a Chief Information Security Officer (CISO) at the executive level. Chief Information Security Officer is the executive who is responsible of Information security and cyber security compliance in the organization.

Many a times companies cannot afford the cost of having own CISO because of the huge salary range. There are situations where the organizations including start-ups need a CISO , but the budget doesn’t allow for a full-time person in that position.

However, there is a cost effective alternative. Organizations specially start-ups that lack the budget for a full time CISO can opt for an outsourced solution: The Virtual CISO, or V-CISO.

A Virtual-CISO is a information and cyber security expert who uses the expertise  of his/her years of industry experience to help organizations and start-ups  by developing and managing the implementation of the organization’s information security program in order to attain various government and non-government compliances. At a high level, V-CISOs help to build the organization’s security strategy, implementation and its management as well.

Organization’s internal security staff may work and report to V-CISO in order to strengthen the information security and cyber security framework and make it more impactful. In addition to this, the V-CISO is usually expected to be able to present the organization’s state of information security to an organization’s board, management team, auditors, or regulators.

Benefits of having a V-CISO

A V-CISO is generally a cybersecurity professional who works part-time basis offering information security services to multiple organizations at a time, working for several throughout any year. This gives organizations a flexibility to hire part-time CISO on requirement basis.

The V-CISO fills several needs through different types of services, including:

• Information Security and Cybersecurity guidance to management executives in order to adhere compliance guidelines
• Information Security architecture guidance
• Incident management including response
• Governance plans
• Cyber Security readiness assessment
• Compliance alignment recommendations (for ISO 27001,RBI Guidelines for banks ,NBFC, HIPAA, GDPR, PCI-DSS, CCPA and may more)
• Remediation prioritization
• Business Continuity Planning and Disaster Recovery Plans and DR drills.
• Identification of scope and objective for the information security compliance
• Risk management (risk identification and treatment)
• Vendor risk management
• Coordination of audits by regulators or customers

Why you organization need a Virtual CISO?

If your organization needs more information security compliance -related guidance at the management level, consider whether a V-CISO would be a good potential option. If you are a a start-up and your budget won’t support a CISO, you might need a V-CISO .If any of the below mentioned scenarios  are similar to  your situation, your organization might need a Virtual -CISO.

• If you are start-up and are really unaware whether you’re vulnerable to cyber security breaches: If your organization hasn’t yet assessed its information security risk, you might need a V-CISO to initiate and support that process.
• Your organization has been breached and no one from your team was able to detect the attack: Post-breach investigations and recommendations often lead to organizational leadership remodelling. One of those remodelling includes information security member of the executive suite. If this is the case, you might need a V-CISO.
• If you are a start-up dealing with critical customer data: In this case if you don’t want to hire a full time CISO, you need to have a V-CISO in order to safeguard your information assets and avoid high penalties because of non-compliance of various regulations
• Important or major changes have occurred that could impact security: If your organization is having mergers or acquisition, security risk should be assessed. Any significant outside influences, such as a global pandemic or natural disaster, which could impact business continuity as well all information security. If your organization doesn’t have anyone who can guide during these times and ensure security is not compromised you might need a V-CISO.
• If your organization wanted to share the workload for the existing CISO: Changes to the organization scope or environment, including new regulatory compliance requirements, may increase the demands of a CISO beyond their current capability. If your existing CISO requires helping hand, you might need a V-CISO.

There could be multiple reasons to have a V-CISO for your organization. An experienced V-CISO will provide valuable guidance and customised solutions as per your organizational needs. As well as it will save you from the burden of paying salary of a full-time CISO.

How to find a right V-CISO?

If you are struggling in your day-to-day information security requirements V-CISO would be a beneficial to your organization, and decided to have one. The very next step is how find the right one. A good amount or research and investigation can help you. Online reviews and existing customers feedback can help you to find a good fit, knowledgeable V-CISO for your organization.

The general process for engaging a V-CISO generally flows like this:

• Set up an initial consultation meeting (commonly one hour at no charge)
• The V-CISO delivers a proposal of scope of work including high-level information security readiness, proposed services and costs
• You may accept or reject the proposal, and then moves forward

• If you decide to engage a V-CISO, then negotiate an agreement that meets your requirements. If you need periodic gap and risk assessment and remediate report, make sure that is explicitly mentioned in the agreement deliverables.
• An agreement with a V-CISO can be set up for a hourly, monthly or quarterly basis . Make sure that you are getting the services you are paying for.
• A V-CISO can be an affordable and flexible approach to adding extensive information security experience and wisdom to your management team. If a V-CISO is a good fit, it can help your organization to identify and safeguard the weak links which could lead to aggressive cyberattacks.

#Key words- CISO,Virtual CISO, VCISO,vCISO, ISO 27001,GDPR,RBI, cyber security, information security, compliance, hackers, cyberattacks.

CYBER SECURITY MUST KNOWS FOR CLOUD SERVICE PROVIDERS

WHAT IS CLOUD COMPUTING?

The Information Technology world is emerging and with fast pace, new innovative ideas are changing the scenarios constantly and cloud computing was one of those ideas which has changed the perspective of IT services.

Cloud Computing is a network of remote servers which are used to store, manage and process data via internet, instead of local servers or hard drives.

With ease of use and flexibility, it has become most usable IT services nowadays.

SECURITY RISKS ASSOCIATED WITH CLOUD COMPUTING?

Cloud computing transformed the way organizations store, use, and share data, applications, infrastructure and workloads. Cloud computing also provides a flexible model for simplified IT management, remote access, mobility, and cost-efficiency. With so much ease of access and flexibility most of the organisations are availing cloud services, however as more mission-critical applications migrate to the cloud, data privacy and software security are growing concerns. With so much data going into the cloud including critical data like PII and PHI —these resources become natural targets for hackers.

Availing IaaS or Moving web applications to the cloud does not make organisations inherently more secure.  Organization nowadays might be ready to adopt the benefits of the cloud infrastructure. But you must also ensure you address all the potential security risks in cloud computing, especially public clouds.

WHAT IS CLOUD COMPUTING SECURITY?

Cloud computing security is the combination of guidelines and technologies controls, which are helpful to manage information security compliance and provides instructions for securing data applications and infrastructure identify with cloud computing use.

Cloud computing has many advantages, such as Ease of use for customer, speed and efficiency. But there are also many potential threats in cloud computing. These threats include human errors, misconfigurations, data breaches, insider attacks, account hijacking, and DDoS attacks. According to studies, businesses which are using cloud computing services are more prone to data breach and cyber-attacks in comparison of others.

CLOUD SECURITY: CHALLENGES AND SOLUTIONS

Below is the list of most critical cyber security challenges faced by Cloud Service providers.

1.      DATA BREACHES:

A data breach is a result of infrastructure or application vulnerabilities, human error, poor security practices such as weak password, inadequate access control etc. Data breach is one of the top most security challenges, mostly public cloud because of different requirements by different customers. Solution to this problem is that organizations should always secure their databases which contains sensitive data like user credentials, by hashing and salting and implement proper logging and behavior anomaly analysis.

2.    HUMAN ERROR:

Human errors like clicking on malicious links, sharing data with unauthorised person, using weak passwords and not having maker checker procedures etc. are challenges in Cloud security. These errors are often at customer’s end. Training and awareness pertaining to Cyber Security, imposing strong password policy and segregation of duties can really resolve this issue. Proper monitoring is also necessary.

3.    INSUFFICIENT IDENTITY, ACCESS AND KEY MANAGEMENT:

Hackers can act as legitimate users, developers, or operators can read, manipulate, and delete data; snoop on data in transit or release malicious software that appears to originate from a genuine source. Any unwanted service running on the server can allow access without authentication. Solution to this problem is implementation of preventative controls across all perimeters, and that organizations scan managed, shared and public environments for vulnerabilities.

4.    DATA LOSS:

Data loss can be because of an accidental deletion by the cloud service provider, or a disaster like a fire or earthquake, can lead to the permanent loss of customer data unless the provider or cloud consumer .takes adequate measures to back up data, Solution to this problem is having a full proved Business Continuity and Disaster Recovery plan in place, performing data backups & testing regularly and conducting DR drills at regular intervals.

5.    INSECURE APPLICATION PROGRAMMING INTERFACES (APIS):

APIs are exposed to public and so too attackers, an API is likely to be the initial entry point for attackers. Hackers exploit vulnerabilities of insecure APIs to get access to servers. Performing security assessment prior to deployment and after any significant change can help to identify the existing weaknesses and patching it.

6.    ADVANCED PERSISTENT THREATS (APT):

APT uses sophisticated and continuous attack techniques to get access in Cloud infrastructure and monitor the Cloud provider’s activity and steal the data rather damaging the networks. In this the attacker gain access and remain undetected for long. Monitoring network on regular basis for abnormal behaviour, update latest antivirus signatures and scanning networks on regular basis can resolve this issue.

7.    INSIDER ATTACKS/ MALICIOUS INSIDER:

A malicious insider can be performed by any employee or any privileged user who has access to potentially sensitive information, and critical systems which contains critical data. Organisations which are doesn’t have their own IT security mechanism and solely dependent on cloud service providers are at higher risk. A Data Loss Prevention (DLP) solution along with event logging and monitoring is a solution for this challenge. A Confidentiality Agreement signed with employees will act as deterrence.

8.    DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS: 

DDOS attack is a crafted malicious attack to disrupt normal traffic and prevent users of a service from being able to access their data or applications. Attacker can cause a system slowdown and leave all legitimate service users without access to services by forcing the targeted cloud service to consume inordinate amounts of finite system resources such as network bandwidth, processor power, memory or disk space. Implementing adequate network security measures like IDS, IPS, and Load Balancers and monitoring networks for anomalies. Having a robust Business Continuity plan will definitely help.

9.    SYSTEM VULNERABILITIES:

System vulnerabilities are the weaknesses or loopholes in any application and network, which can be exploited by any malicious user to intrude into a system to steal or manipulate data, taking control of the system or disrupting service operations. Vulnerabilities within the components of the application and operating system put the security of all services and data at significant risk. In case of public cloud, application or systems from various organizations are sharing memory and resources, creating a new attack surface. Regular patch management, bug fixing and vulnerability management is the best solution for this issue.

10. SPECTRE AND MELTDOWN:

Last but not the least, Spectre and Meltdown which are considered as the most catastrophic vulnerabilities where hackers can exploit Meltdown to view data on virtual servers hosted on the same hardware, potentially disastrous for cloud service providers. Spectre is worse –it is hard to exploit and even harder to fix.

In a nutshell the security solution is very crucial for any Cloud Service provider for their business .Compliance related to cyber security protect the organisation from unauthorized access, data breaches and other threats and also provide assurance and confidence to clients.

LIST OF COMMON CYBER SECURITY THREATS WHICH EVERYONE SHOULD BE AWARE OF

In this era where every organisation like healthcare, financial, logistics and transportation, Construction ,government services ,real estate ,retail etc. are moving towards digitization and digitalization, also becoming prone to cyber threats.

While everyone is talking about new regulations and compliances like Data Privacy, Information Security, GDPR etc., organisations are still unable protect their network and data from cyber criminals. Personnel Data theft news is making headlines every other day.

What the Cyber Security threat is?

In a layman term it is a malicious act which can damage data, steal data or disrupt digital life and ultimately impact organisation’s business objectives. These threats Masters of disguise and manipulation, and contently evolve new ways to accomplish their task of stealing, harming and annoying organisations. Organisations shall adequately arm themselves with resources and information to safeguard against complex and growing computer security threats and stay safe online.

THESE ARE COMMON CYBER SECURITY THREATS

1. VIRUS

What a virus is? A computer virus is a malicious piece of program that may disturb the normal functioning .Virus are often sent as an attachment with email ,with an intention to infect your computer system as well as all other computers in your network. Sometimes virus are hosted on websites, whosoever visits malicious website gets infected.

Examples of Computer Virus are: Browser Hijacker, File Infector Virus, Boot Sector Virus, Web Scripting Virus, Polymorphic Virus etc

What virus can do? A computer virus can attach itself to email attachment, pdfs, doc files, USB, pen drives and hard drives .Any file which contains a virus is called infected file. If the infected file get copied to computer, virus also get copied

• A virus can damage software and data on a computer
• A virus can slow down the system processes
• A virus can destroy all data by formatting the hard drive
• A virus can steal critical information like password from your system
• It can display unwanted advertisements
• It can disable security setting and close your firewall
• It can hijack your web browser and slow down the speed and can steal critical data

2. MALWARE

What a malware is:

A malware is a malicious program or software that infects your computer, such as computer viruses, worms, Trojan horses, spyware, and adware.

What malware can do:

• A malware can intimidate you by a pop-up message that tells you your computer has a security problem or other false information.
• A malware can reformat the hard drive of your computer causing you to lose all your information.
• A malware can alter or delete critical files.
• A malware can steal sensitive information like username and passwords.
• A malware can send fake emails on your behalf.
• A malware can take control of your computer and all the software running on it

 3. TROJAN

What a trojan is?

A Trojan is malicious program that is disguised as, or embedded within, legitimate software. It is an executable file wrapped with some genuine program and software  that will install itself and run automatically once it’s downloaded.

Example:Trojan- Banker, Trojan-GameThief , Trojan-Dropper, Trojan Ransom, Trojan-SMS, Trojan- Spy etc

What trojan can do?

• A Trojan can delete your files.
• A Trojan is used to create your computer a zombie or a bot.
• A Trojan can watch you through your web cam.
• A Trojan log your keystrokes (such as a credit card number you entered in an online purchase).
• A Trojan record personal information like usernames, passwords

4. RANSOMWARE

What is a Ransomware ?

Ransomware is a type of malicious software that block the access to your computer system or your files, usually by encrypting it and displays a message that demands payment in order for the restriction to be removed. In many cases it comes with deadlines, if the victim doesn’t pay the ransom, the data is gone forever.

The two most common mode of spreading ransom ware are phishing emails that contain malicious attachments and website pop-up advertisements

Examples of ransom ware are: WannaCry, Crypto Locker, NonPetya, Bad Rabbitetc.

What Ransom ware can do?

There are two common types of ransomware:

• Locker Ransom ware: displays an image that prevents you from accessing your computer
• Encryption/Crypto  Ransom ware: encrypts files on your system’s hard drive and sometimes on shared network drives, USB drives, external hard drives, and even some cloud storage drives, preventing you from opening them

Ransom ware encrypts the computer or data files and display a ransom/payment notification for regaining access. Once the ransom is paid, victim will receive the decryption key and may attempt to decrypt the files. Sometimes the victims never receives the keys.

5. BOTNETS

What are botnets? Botnets -Botnet is a network of infected computers often known as zombies used for malicious purposes .This Botnet is combination of Robot and Network. So here the network of computer robots is used to perform cyber crime controlled by Cyber criminal known as bot masters.

Botnet is controlled by the originator and the infected computer might unaware of its being a zombie.

Example:IRC (Internet Relay Chat) botnet, P2P (Peer-to-Peer) botnet, HTTP (Hyper Text Transfer Protocol) botnet and the hybrid botnet

What Botnets can do?

• Botnet can be used to spread malicious emails.
• Botnet is used to spread malware.
• Botnet is used to perform Denial of Services attach

6. DDOS

What is DDOS?

This is an attack a network of zombie computers us used to sabotage specific website or server. These zombie computer are being controlled for performing specific task such as making the website and server unavailable .In DDOS the attacker use the vulnerability existing in user computer

What DOS/DDOS can do?

The purpose of DOS/ DDOS attack is to make essential services unavailable, which can sometimes leads to server crash.

• Loss of data
• Loss of revenue
• Impact on business reputation
• Disappointment to users, they may never return.
• Compensation of damage occurred by DDOS.

7. PHISHING

What is Phishing?

Phishing is a social engineering attack used by cyber criminals used for gathering personal information of including login credentials and credit card details using deceptive emails or website.

Attackers create fake emails, text messages and websites which look like they’re from authentic companies. This is also known as “spoofing”

What Phishing can do?

By phishing hackers/cyber criminals trick you into giving them information by asking you to update, validate or confirm your account. It is often presented in a manner than seems official and intimidating, to encourage you to take action.

Phishing provides hackers/cyber criminals with your username and passwords so that they can access your accounts (your online bank account, shopping accounts, etc.) and steal your credit card numbers

8.HACKING

What is Hacking? Hacking: Hacking is an attempt of unauthorised access to users computer by exploiting the existing vulnerabilities  for performing fraudulent activities like personal data stealing , invasion in privacy, financial fraud etc.

What Hacking can do?

Hackers find out weakness in your system and exploit it for different purpose

• Denial of service Attack
• Electronic Fund Transfer
• ATM Fraud
• Identity Theft
• Stealing intellectual information

Ways to prevent Cyber Security Threats

• Educate employees and individuals about cyber security and its countermeasure
• Use inbound and outbound firewalls on your network. Change the default passwords and customise it according to your business needs.
• Take backup of important business information and data on regular basis, in order to maintain business continuity after crisis.
• Install and regularly patch antivirus and antispyware on every server and computers on your network
• Have a controlled logical and physical access to all your computer and network components.
• Always use licenced software and update the patches for Operating Systems and Applications
• Impose a password policy, use a strong password and change them regularly. Remember, weak passwords are prone to hacking
• If you are using Wi Fi at work, use WPA2 and above security. You can hide the SSID and don’t forget to use strong password.
• Don’t give Admin privileges to every employees. Network and Computers shall be run on Principle of least Privilege.
• Segregate your data according to criticality and appropriate security shall be provided by using DLP, Endpoint protection etc.
• Never click on suspicious mails and, never ever download from P2P and file sharing system
• Regularly scan your application and network for vulnerabilities, also perform penetration testing at least once in every year.
• Regularly monitor your network for suspicious activities

Using common sense is the best protection .One shall never download free videos, files or songs from suspicious websites, never click on suspicious links .Never ever share your personal data online. Be aware of what is happening around.Cyber threats are effective if and only if you have weaknesses in your system. More vulnerabilities will expose the system to threats and hence more risky, however less loopholes means less risk.

Remember Precaution is better than Cure.

WHAT IS HIPAA?

HIPAA COMPLIANCE FOR HEALTHCARE SECTOR, HIPAA (Health Insurance Portability and Accountability Act) signed by US President Bill Clinton in 1996, provides data privacy and security provisions for safeguarding medical information.

HIPAA Act does the following:

• HIPAA reduces health care fraud and abuse.
• HIPAA acts mandates the storage, protection and handling of handling of medical data, ensuring healthcare data is kept secure.
• HIPAA Act provides provisions for storing patient’s healthcare information.
• HIPAA act is meant for protection and safeguarding unauthorised handling of PHI(Protected Health Information)

HIPAA COMPLIANCE FOR HEALTHCARE SECTOR is a must for healthcare solution providers. HIPAA compliance guidelines are meant to safeguard patient’s health information, ensuring that it is securely stored and correctly used.

All the sensitive data which can reveal patient identity must be kept as confidential in order to adhere HIPAA. There are set of rules of policies and privacy which the organisation need to adhere to achieve compliance.

WHAT INFORMATION IS PROTECTED UNDER HIPAA?

HIPPA Privacy Rule protects a patient’s health information and any identifying information, in any medium or format—files, email, audio, video or verbal communication. Any of the following is considered private health information:

• Name of patient
• Birth date, death date or treatment dates, and any other dates relating to a patient’s illness or care
• Finger and voice prints
• Social Security Number
• Photographs
• Medical records numbers
• Telephone numbers, addresses and other contact information
• Any other unique identifying number or account number

WHY HIPAA COMPLIANCE IS IMPORTANT?

 HIPPA compliance is a well thought of guidelines meant for safeguarding patient’s .Failure to this can put patient’s critical information at risk. Cyber Security breaches have catastrophic impacts on organisation’s reputation, also can leads to disciplinary actions and sometimes huge penalties and fines.

In past years ransom ware and malware attacks like WannaCry, Non Petya, have impacted millions of computers across the world, including healthcare organisation.

Hackers exploited vulnerabilities existing in the Network devices like weak passwords, outdated versions of Operating Systems which are commonly used in healthcare sector.

Since there is not adequate awareness and information security support in medical service providers, the attack was very easy to carry out.

Now a day’s everything is technology driven, so HIPAA also regulates some aspects of technology systems used to store, manage, and transfer healthcare information.

The organisations that fail to implement adequate system can suffer significant damage. If any data breach incident take place, the affected organisations has to submit disclosure documents for each and every breach individually.

WHO NEEDS TO BE HIPAA COMPLIANT?

Following is the list of the organisation which needs to be HIPAA compliant

• Healthcare providers, who stores data and process PHI in electronic form.
• Clinics,
• Hospitals,
• Regional health care services,
• Medical practitioners
• Healthcare clearinghouses
• Healthcare billing services
• Community health management information system).
• This also includes any organisation which collects PHI from healthcare organisations and process it into an industry standard format.
• Health plans
• Medicaid,
• HMO (Health Maintenance Organisation),
• Insurers,
• Public health authority,
• Medicare prescription drug card sponsors,
• Universities and schools which collects, store or transmit PHI)
• Business associates of all the above
• Any organisation which handles PHI in electronic format such as vendors, contractors and infrastructure service providers.
• This also includes organisations that store or destroy (shred) documents.
• Transcription services,
• Medical equipment companies,
• Auditors and
• Accountants

HIPAA PRIVACY, SECURITY AND BREACH NOTIFICATION RULES

PRIVACY RULE

HIPAA Privacy rules are Standards for privacy of PHI of individuals. The main goal of HIPAA rules is to protect medical reports and other PHI(Personally identifiable health information)

HIPAA privacy rules are applies to these types of organisations;

• Providers, supply chain (vendors, contractors) and service providers (data centre and cloud service providers). All healthcare Clearinghouses and health care providers shall be compliant.
• This rule also applies to healthcare service providers who conducts health related electronic transactions.

Accordingly to HIPAA privacy rule patients have legal rights over their health information.

Below are the fundamental rights of patients:

• To authorise disclosure of their health information and records.
• To request and examine a copy of their health records anytime
• To request correction to for the health records as needed

SECURITY RULE

HIPAA Security Rule are the Security Standards for the protection of ePHI and is a subset of privacy rule only. This rule is applicable to electronic personally identifiable health information (ePHI), which shall be protected if it is created, maintained, and received by any organisation. Covered entities shall maintain confidentiality, integrity and availability of ePHI.

 Covered entities shall adhere all safeguards to be compliant:

• Technical Safeguards:

Access Control, Audit control, integrity control, transmission security

• Physical Safeguards

Physical Access control, work station and device security, security of electronic media

• Administrative Safeguards:

Security Management process, Security Manager, Information Access Management System, training and awareness, evaluation system.

HIPAA BREACH NOTIFICATION RULES 

Even after having adequate security measures in place, there is a possibility of breach. For such cases Breach notification rules specifies how the organisations should deal with it.

First of all organisations should know how to define a breach. A breach is unauthorised use or disclosure of PHI forbidden by Privacy rule. The unauthorised use or disclosure of PHI is presumed to be a breach unless your organisation demonstrate there is a low probability the PHI has been compromised based on a risk and impact assessment of at least the following criteria:

• The extent and nature of the PHI involved, including the types of identifiers and the probability(likelihood )of re-identification
• The unauthorized individuals to whom the disclosure was made or who used the PHI
• Whether the PHI was actually acquired viewed or acquired
• The extent to which the risk associated with PHI has been mitigated

PHI breach notifications must be provided without unreasonable delay and no later than 60 days following the breach discovery. Notifications of smaller breaches which is affecting fewer than 500 individuals may be submitted to HHS (The United States Department of Health & Human Services) annually. The HIPPA Breach Notification Rule also requires business associates like vendors, suppliers, service providers of covered entities to notify the covered entity of breaches at or by the business associate.

HIPAA PENALTIES

As per HIPAA Privacy Rule, a healthcare data breach as well as failing to give patient’s access to their PHI, could result in a fine from OCR(Office for Civil Rights)

The minimum penalty for: HIPAA COMPLIANCE FOR HEALTHCARE SECTOR

• Unknowingly violating HIPAA is $100 per violation, with an annual maximum of $25,000 for repeat violations.
• Reasonable cause for violating HIPAA is $1,000 each violation, with an annual maximum of $100,000 for repeat violations.
• Wilful neglect of HIPAA, but when the violation is corrected within a given time period, is $10,000 per violation, with an annual maximum of $250,000 for repeat violations.
• Wilful neglect of HIPAA, and the violation remains uncorrected, is $50,000 per violation, with an annual maximum of $1.5 million for repeat violations.

The maximum penalty for all of these is $50,000 per violation, with an annual maximum of $1.5 million for repeat violations.

Covered entities, organisations and individuals who intentionally  disclose or obtain PHI in violation of the HIPAA Privacy Rule can be fined up to $50,000 and receive up to one year in prison. If the HIPAA Privacy Rule is violated under false act, the penalties can be increased to a $100,000 fine and up to 10 years in prison.

CYBER SECURITY WORKSHOPS: AN EFFECTIVE WAY TO UNDERSTAND CYBER RISKS FOR BEGINNERS AND PROFESSIONALS

Workshops has always been a great source of knowledge about the subject. Cyber Security being such a crucial issue nowadays, attending workshops on Cyber security will help the attendees about the Cyber world with respect to their working domain and help them to use the Cyber more effectively and efficiently.

People of all age group and occupation are associated with Cyber nowadays. Everyone in connected through web in their personnel and professional life, however most of the people still doesn’t know the about cyber crimes and risks.

There are certainly many benefits of Cyber Security Workshop’s to different categories:

Students:

Students are nowadays using multiple online platforms to enhance their skillsets. Students will have following benefits

Students can learn about cyber security in Workshops and can learn about various risk scenarios in the personal life and can educate their parents and elders.

Student can understand the career aspect of Cyber Security by leaning different technical concepts.

Young mind is an agile mind, by attending Workshops students can develop new ways of defending cyber-attacks.

Cyber Security is very demanding career nowadays, students can have a foundation of Cyber Security by attending workshops.

Fresher:

Cyber Security workshops can be very helpful in shaping up the career of Fresher’s in the field of Information Technology. If you are a Technology enthusiast and having degree or diploma in Technology, and looking for a job in Cyber security domain, these workshops are very good medium of networking.

There are many benefits of attending the workshop like

In workshops students can meet others with similar interests can, thus can understand the current market requirements and develop the skillsets accordingly.

Cyber Security workshop will give the technical as well as career aspect scenarios to the Fresher’s, wherein they can learn different ways to pursue career in Information and Cyber Security domains.Attending workshops will give you an opportunity to meet people an professionals in the industry and thus can have an opportunity to get a job by developing contacts.

Experienced Professionals:

If you are an experienced professional, then attending Cyber Security workshops will help you in various ways like:

These kind of workshop helps the professionals to understand their responsibility towards organisation’s cyber security. Once you are aware of Cyber Security, you would be able to understand the risk related to Cyber, and thus you will be able to safeguard your organisation from the different risks.

One who is willing to switch his or her career to Cyber Security can attend the workshops to understand the basics of Cyber Security and thus can gradually migrate to the domain if found interesting.

Professional who are already managing Information Technology Infrastructure and applications will learn the different kind scenarios which could be risk for them. Such workshops will help them to implement security in IT infrastructure and application development.

A working professional can inculcate learning of cyber security workshops in their existing job roles, and can mitigate many risk by doing this. In this way one can be helpful to safeguard organisation’s information assets from any kind of internal and external threats

Managers:

Professional who are working as managers have huge responsibilities of the organisation. A manager who is aware of Cyber Security will highlight and mitigate any such risk which could be harmful for the organisation. Cyber Security workshops can be helpful in multiple ways:

By attending these kind of workshops one would definitely understand the importance of cyber security and can implement the same thing within the team and the organisation.

Since awareness and trainings have become mandatory for maintaining Cyber Security and Information Security related compliance. One can show the attendance certification as a proof of attendance.

These kind of workshops would help the Managers to understand any kind of IT reports from any Vendor and one can understand the risk coming from vendors as well, if they are not adhere the Cyber Security principles.

Again, managers can network with other enthusiasts and experts through the workshop and can understand the current risk perspective of the market.

Businessman:

Every business is now a days dependent on Cyber. Everyone is using IT infrastructure and applications for running their business. Cyber Security workshops could be beneficial for Businessman’s because of following factors:

With the help of such workshops businessman will understand the Cyber Security risk which can harm their business and how they can mitigate those risk.

This is a very good medium to understand the Cyber Security and how to enhance the Security of IT infrastructure and application to make them hack proof.

Later on one can develop the Cyber Security framework for their own organisation.Cyber Security workshops helps the business persons to implement the Cyber Security related compliances more effectively because now they can understand the concepts and importance.

So in this way we can say that Workshops, seminars and training camps are very important and useful for any category like children, youth or any elderly man whosoever is using Information technology in their day to day or professional life. There are many free and paid trainings, workshops, seminars and webinars are available where one can either start their Cyber Security journey or any experienced person can enhance their skillsets by attending such events.

These are very good medium of interaction with other people and professionals who can share their knowledge base with you and can be helpful to shape up your career or business. This Information technology world is constantly changing and one needs to be updated all the times, so these workshops are very good medium to do so.

Progressive, Businesses and Educational Institutes   organise workshops for their employees and students time to time. In these events the participants will learn about different kind of attacks which could lead to data leakage. One would come to know about different kind of social engineering attacks like phishing, vishing(voice phishing) and thus will not be the victim of such situations.

# Tags: Freshers, managers, students, experienced professional, businessman,

#Keywords: Cyber Security workshops, seminars, training, information security, risk, compliance, cyber security,