Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept19'14)

15.496 visualizaciones

Publicado el

By A.K. Vishwanathan, Senior Director – Enterprise Risk Services, Deloitte India
Vis is a Chartered Accountant, has a Certified in Risk and Information System Control (CRISC) and a member of the Information Systems Audit and Controls Association (ISACA).
He has advised large organisations in their endeavour in information security and controls, and led risk consulting in complex environments and regulated industries; specifically banking and financial services, telecom, manufacturing, oil and gas, pharma and life sciences and government sector.

Publicado en: Tecnología

Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept19'14)

  1. 1. In association with Presented by Supported by GLOBAL CYBER SECURITY OUTLOOK A.K. Vishwanathan, Senior Director – Enterprise Risk Services, Deloitte India SEPT 19, 2014 Hotel Digital Security Seminar
  2. 2. Presented by In association with Supported by A.K. Vishwanathan Vis is a Chartered Accountant, has a Certified in Risk and Information System Control (CRISC) and a member of the Information Systems Audit and Controls Association (ISACA). He has advised large organisations in their endeavour in information security and controls, and led risk consulting in complex environments and regulated industries; specifically banking and financial services, telecom, manufacturing, oil and gas, pharma and life sciences and government sector. By X Events Hospitality (www.x-events.in) 2 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
  3. 3. Presented by In association with Supported by Agenda By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 3 ¨ Current state ¨ Case study ¨ Solutions ¨ Way forward
  4. 4. Presented by In association with Supported by Current state By X Events Hospitality (www.x-events.in) 4 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
  5. 5. Presented by In association with Supported by Recent trends in India Over 35 % of the Indian organizations across various sectors have engaged in corporate espionage Nearly14,000 websites were 5000 hacked by cyber criminals till October 2012, an increase of nearly 57% from 2009. 81% of the CXO in this sectors depicts an increase in information security spending over the coming few years Website of Indian Embassy in Tunisia hacked in retaliation to the terrorism attack on Karachi Airport in June 2014. The embassy website was hacked by a group called “Hunt3R Source : NCRB (National Crime Number of Cyber Crimes under IT Act Records Bureau By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 5 0 2008 2009 2010 2011 2012 2013
  6. 6. Presented by In association with Supported by Key information security challenges – Pain areas The following are they key information security challenges being major organizations in India By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 6 01 02 03 04 05 Cyber Spying Virus and Trojans Data Theft Cyber Terrorism Phishing & Identity Theft Illegal interception of government data by foreign countries. NSA has been alleged to plant bugs in Indian embassy in Washington DC Infection of government IT systems with malwares that allow gives control to the hackers. Government of India IT systems infected by Conficker worm in 2008 causing multiple crashes and downtime. Insecure storage of GOI data leading to unauthorized access by hackers and spies. Alleged Chinese hackers in 2010 hacked in GOI systems to access National Security Council data Hacktivism attacks on GOI websites leading to reputational damage. Multiple foreign country hackers were responsible for hacking of websites of GOI Phishing attacks targeted towards GOI employees to steal identities and data. GhostNet attacks on Indian Government employees was conducted through spear phishing attacks CIA CIA CIA CIA CIA Confidentiality : Sensitive content and privacy of data Integrity : Unauthorized modification of data Availability : Multiple points in the IT infra preventing single point of failure Source : Times of India
  7. 7. Presented by In association with Supported by Understanding cyber threats Modern Cyber Threat landscape have evolved over the years. Applications and IT infrastructures are core pillars in today’s business. Security of core shall ensure security of the business. 1 Actors with differing motives and sophistication – often colluding with each other 4 Data is money – criminal underground makes for easy monetization Criminals pilferage on the PII data for identity theft leading to potential damages to customers By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 7 2 Organizational boundaries have disappeared – anytime, anyhow, anywhere computing 3 Attacks exploit weakest link in the value / supply chain 5 Traditional controls are necessary but not adequate 6 Regulators and government are key stakeholders with ever increasing focus Loss of PII data, customer data, sensitive and confidential company data. Availability of organization’s information is crucial and loss of such could result in impacting critical business functions. Breach of integrity could result in complete breakdown of trust of the organization. Brand reputation gets affected majorly leading to loss in revenue Losses resulting from leakage of backend customer data will impact customer’s trust on the brand National Cyber Security Policy formulated with focus on capability building at Nation level
  8. 8. Presented by In association with Supported by Industry view – Indian sector view By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 8 Hotels Airlines Travels & Tourism Sensitive information handled: Internal strategic & Customer Confidential • Visitor name, address, contact details, unique identification numbers or documents – Passport, PAN card, Driving License, Credit card etc. • Hotel billing details such as billing and payments , outstanding bills etc. • List of No. of Rooms occupied/vacant, pre-booked rooms, etc. • Vendors/Supplier details, contract details, outstanding payment details • Passenger Name, contact details, passport, visa details etc. • Flight details such as no of passengers and crew, passenger and crew personal details, city and time of departure and arrival etc. • Flight details such as details of flight status, flight maintenance details, etc. • Tourists’ Name, Address, Contact Details and unique identification numbers or documents • Tourist travel details such as mode of travel, destination city, duration of stay and accommodation details. • List of strategic tie-ups and related financial records with the organization
  9. 9. Presented by In association with Supported by Industry view – Indian sector view By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 9 Hotels Airlines Travels &Tourism Concerns • Absence of security compliance for information related controls • Compliance controls on basis of the quality controls only • Regulatory compliances in terms of financial or business controls • Absence of security compliance for information related controls • Absence of security compliance for information related controls • Compliance controls on basis of the quality controls only Security initiatives in HATT sector • Regulatory Implications drive security approach. Initiatives are taken by management to drive security in the organizations • Absence of regulatory requirements provides ground for laxity in security initiatives within organization
  10. 10. Presented by In association with Supported by Paradigm shift: Info security mgt. By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 10 Key questions to consider: ¨ Strategically … • Do you have a cyber security strategy including a clear cyber governance framework ? • How are you evaluating and managing cyber risk? • Is the existing risk framework adequate to address changing threat landscape? • How structured and well-tested are you existing incident response and crisis management capabilities? ¨ And tactically … • What is leaving our network and where is it going? • Who is really logging into our network and from where? • What information are we making available to a cyber adversary?
  11. 11. Presented by In association with Supported by Case study By X Events Hospitality (www.x-events.in) 11 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
  12. 12. Presented by In association with Supported by Operation hangover By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 12 Recently attackers of unknown origin conducted a large hacking operation on multiple companies from servers hosted in India. Target Employee in the Victim Company Attacker creates a malicious attachment in PDF file and sends to an unsuspecting and unaware foreign government employee. The malware is signed using certificates purchased by a company in New Delhi, India 1 The users gets infected with malware that acts as a backdoor to his system. The attacker is able to pivot his system to conduct further attacks in the network. 2 Server hosted in India. All data stolen from the company are stored in a server hosted in India with domain names similar to large ecommerce sites in India. These form of operational security measures indicate an attempt by the attackers to hide the operation in plain sight 3 Source : Norman ASA
  13. 13. Presented by In association with Supported by Leading hotel chain in the USA Key Security Flaws (as per FTC report) Absence of Firewalls Default username and passwords Weak access controls for remote sites 4 Failure to conduct regular reviews Implications By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 13 A leading US hotel chain was breached by hackers from 2009 – 2010 resulting in stealing of 700,000 customer information. They were breached 3 times in the period during which these information was siphoned out. 1 2 3 • FTC sued the organization for loss of customer information • Organization has failed to dismiss the case • Investigations proved major non compliance to PCI DSS requirements by organization locations • 10.6 mil USD was estimated cost of data breach Source :Media Reports
  14. 14. Presented by In association with Supported by Hospitality industry Leading Airlines in US It takes an average of 156 days for By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 14 Hospitality, Airlines and Tourism industries depend on exhaustive branding and marketing efforts for sale of their services. Any impact on their IT infrastructure, websites or data that gets published in the media leads to direct effect on their revenue and core business sales. Incident • Airways vendors got breached by hackers leading to disclosure of internal employee information and customer information. • Data breach was investigated however with no conclusive root cause analysis Impact • Multiple news reports on the data breach got published leading to branding and reputational risks for the airlines. businesses to realize that the a breach has occurred (Trustwave) 43% of CXO officers report that negligent insiders are source of majority of the breaches (IBM) Source :Media Reports
  15. 15. Presented by In association with Supported by Way Forward By X Events Hospitality (www.x-events.in) 15 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
  16. 16. Presented by In association with Supported by Cyber security mgt: Methodology By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 16
  17. 17. Presented by In association with Supported by Cyber security: Maturity model Situational Awareness of Cyber Threats Automated Electronic Discovery & Forensics Basic Online Brand Monitoring Automated Malware Forensics & Manual Electronic Discovery Government / Sector Threat Intelligence Collaboration Ad-hoc Threat Intelligence Sharing with Peers Baiting & Counter-Threat Intelligence Criminal / Hacker Surveillance Commercial & Open Source Threat Intelligence Feeds Real-time Business Risk Analytics & Decision Support Workforce / Customer Behaviour Profiling Network & System Centric Activity Profiling Business Partner Cyber Security Awareness Targeted Intelligence-Based Cyber Security Awareness General Information Security Training & Awareness Brand Monitoring E-Discovery & Forensics Intelligence Collaboration External Threat Intelligence Behavioural Analytics Training & Awareness Cyber Attack Preparation Asset Protection Security Event Monitoring Transformation By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 17 IT Cyber Attack Simulations Business-Wide Cyber Attack Exercises Sector-Wide & Supply Chain Cyber Attack Exercises Enterprise-Wide Infrastructure & Application Protection Global Cross-Sector Threat Intelligence Sharing Identity-Aware Information Protection IT BC & DR Exercises Ad Hoc Infrastructure & Application Protection Adaptive & Automated Security Control Updates IT Service Desk & Whistleblowing Security Log Collection & Ad Hoc Reporting External & Internal Threat Intelligence Correlation Cross-Channel Malicious Activity Detection 24x7 Technology Centric Security Event Reporting Automated IT Asset Vulnerability Monitoring Targeted Cross-Platform User Activity Monitoring Tailored & Integrated Business Process Monitoring Traditional Signature-Based Security Controls Periodic IT Asset Vulnerability Assessments Proactive Threat Management Level 1 Level 2 Level 3 Level 4 Level 5 Internal Threat Intelligence Cyber Security Maturity Levels Basic Network Protection Acceptable Usage Policy Operational Excellence Blissful Ignorance Online Brand & Social Media Policing Ad Hoc System / Malware Forensics
  18. 18. Presented by In association with Supported by Way forward: Cyber security v2.0 By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 18 A forward-looking approach to developing your organization’s cyber security capabilities is needed to ensure on-going cyber threat mitigation and incident response.
  19. 19. Presented by In association with Supported by About us HATT is India's young and premium community for CXOs from the Hospitality, Healthcare, Aviation, Travel and Tourism industries. o With over 1,000 members across India, we are now poised to expand globally with a presence in South East Asia and the Middle East by 2016. www.hattforum.com Hotel Digital Security Seminar & Webinar, Sept 19, 2014 19 X Events manages & supports events exclusively for the hospitality & travel industries. o Our USP is that we are hoteliers by training. We focus on the two most important aspects of an event; content quality and impact. o We do it because we believe in it. www.x-events.in By X Events Hospitality (www.x-events.in) FB/hattforum
  20. 20. Presented by In association with Supported by Our host – Brian Pereira Brian is a veteran technology journalist with two decades of experience. He has served as editor for two magazines: CHIP and InformationWeek India. He is a respected speaker & host at conferences worldwide. In his current role at Hannover Milano Fairs India, Brian serves as project head for CeBIT Global Conferences, the world's largest ICT fair that will debut in India this November, in Bangalore. By X Events Hospitality (www.x-events.in) 20 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
  21. 21. Presented by In association with Supported by Hotel Digital Security Seminar & Webinar, Sept 19, 2014 21 Five expert speakers 1. Latest threats in digital security (Worms, attacks, viruses, flaws) - Santosh Satam, CEO, SecurBay Services. 2. The immediate action needed to tighten up (Priority list, cost, internal policies) - Ambarish Deshpande, MD - India & SAARC, Blue Coat 3. Information loss prevention (Principles & practices) - Geet Lulla, VP - India & ME, Seclore 4. How to build a business case & get the management's attention - Dhananjay Rokde, CISO, Cox & Kings Group. 5. Global cyber security outlook - A. K. Viswanathan, Senior Director - Enterprise Risk Services, Deloitte India. By X Events Hospitality (www.x-events.in) The seminar schedule
  22. 22. Presented by In association with Supported by Our sponsors & supporters By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 22 Thank You
  23. 23. In association with Presented by Supported by HOTEL DIGITAL SECURITY SEMINAR SEPT 19, 2014 www.x-events.in

×