An event that successfully delivered multiple perspectives to professionals dealing with the issue of cyber threat…
Mumbai: Trescon’s Big Cyber Security Show recently concluded in Mumbai spreading its clarion call for urgent shift in paradigm as far as tackling the emerging issues of the cyber security is concerned. Presence of several, renowned industry experts as panelists and speakers added a great value to the event. In the sessions conducted, delegates from different industries, like finance & banking, insurance, manufacturing, healthcare, media, logistics and others, gained multidimensional insights on the latest methodologies of cyber-attacks and ways to prevent them. Also, in the event, 50 cyber security professionals were honoured through Trescon’s CISO Award for their innovative implementation of security applications.
Government’s initiative
In a panel discussion titled ‘Law enforcement performs an essential role in enhancing cyber security in India’ Balsing Rajput, Superintendent of Police, Cyber, Mumbai has participated. He revealed, “We have adopted a very systematic and robust policy to protect government’s digital properties from cyber-attacks. However, one of the areas where vulnerability peeps in is when we update the security-audited applications.” He pointed at the government’s fund offerings to develop sound cyber security platforms and called entrepreneurs to come forward to develop the highest level of cyber security in the country.
Manoj Sarangi, Senior VP and Group CISO, National Securities Depository Ltd., said, “We started with layer-based security practice, but the paradigm is changing now. Most of the attacks are now from end points. Let us first look at the basics, spread awareness of the prime objectives and things will fall in place.” According to him, applications are supposed to be designed keeping security as the primary consideration. He advised to secure the design, fix the basics and educate the users for handling the applications.
Blockchain and vulnerability
Praneet Kumar, Co-founder, Global Blockchain Foundation, explained, “Bitcoin is just one of the applications of Blockchain. Centring on it, a very negative introduction has been spread about with Blockchain technology. Actually, this technology offers much bigger scope. So far most of the Blockchain companies are just embedding some crypto-economic aspects in the traditional technologies. Thus, when it comes to the question of security— right from the beginning that aspect should be looked at when architecting a project on Blockchain platform – and that is possible.”
Data protection and legislation
While commenting on the proposed changes to existing data protection legislation, Advocate NS Nappinai, from Nappinai & Co., and author of ‘Technology Laws Decoded’ pointed out, “Pursuant to the judgment in Justice Puttaswamy v. UOI privacy is now unequivocally a fundamental right. We are now on the threshold of probable data protection laws. The white paper of the Government Committee is now pending public inputs. It speaks of data localisation and of the need to enforce seven principles for protecting data. Whether it is a law on par with GDPR of the European Union, which will come into effect in May 2018 or something of lesser vigour, Indian regulatory processes have a long way to go to equip themselves to enforce the same.”
Threat trends
Apurva Jain, Cyber Security Account Manager, Darktrace, talked about the major trends that are being seen in the threat landscape today. While making alert about the fast rising incidents of ‘low and slow attacks,’ she said, “As the name suggests, ‘low and slow attack’ is a form of attack that happens slowly and steadily. The attacker uses all sophisticated techniques to avoid getting detected. They wait to understand the full network before attacking in a big way.” The second trend that she mentioned is from insiders like – employees, service providers etc., who already have access to the organisation’s information.
Role of encryption
James Cook, Sales Director, South Asia, Thales eSecurity, highlighted how by leveraging the encryption, access control or monitoring and key management technology, any organisation could ensure effective data protection in a variety of ways for its critical assets.
Cybersecurity strategy
In a panel discussion moderated by Puneet Bhasin, Founder and Proprietor, Cyberjure Legal Consulting, panelists A Shiju Rawther, Head – IT Infrastructure & Security Operations, TransUnion CIBIL; Keyur Desai, CIO – Essar Ports & Shipping, Head Info-Security, Network & Communications – Essar; Rajat Nigam, Group CTO, Network 18 Media & Investments; Ashwin Jaiswal, Global CIO, ECU Worldwide & All Cargo Logistics and Avez Sayed, Senior AVP Risk Management & CISO, ICICI Lombard General Insurance, discussed the need for bringing awareness and delivering a comprehensive cyber security strategy.
Inside threat programme
The event hosted yet another informative panel discussion on building an effective and integrated insider threat programme, which was moderated by Hemant Dusane, Digital Security Transformation Leader, Rage Frameworks. Panelists in the session included Hitesh Mulani, VP and CISO, Bennett Coleman & Co. Ltd.; Trishneet Arora, Founder and CEO, TAC Security; Rajesh Hemrajani, CISO, IDFC Bank, Mumbai; Amit Ghodekar, VP and CISO, Motilal Oswal Financial Services.
Need of the hour
Raghunath Iyer, CTO, Network Security, Qualys, drew attention on the importance of preventing spear-phishing. He explained, “It is a targeted attack on an individual or on an organisation. Increasingly the spear-phishing attacks are being spread by the adwares and trackers that all of us embed in our websites. When we build websites, we create pockets for advertisements to be posted there, we outsource the advertisements and so on – that lead to the trouble. Many of us protect traffics coming from outside – but mostly we are not caring for traffics going out. Full traffic data from key network locations need to be collected— to support large scale analytics— to prevent spear-phishing.”
“The event has been an eye-opener as far as the cyber security market dynamics is concerned. Trescon has a different kind of passion when it comes to cyber security. The selected topics were very good. They have done a good homework to select the panelists.” — Suresh A Shan, Head – Digital Innovation & Future Technology, M & M Financial Services Sector
“It was a good knowledge sharing session with the highly experienced panelists. I really feel honoured to be one of the award winners. I wish Trescon should continue this process across the world to find out and honour more talents who are continuously working on new challenges.” — Anuprita Daga, Chief Information Security Officer, Reliance Capital ltd
“I came here mainly for networking. The panel discussions were highly productive. Here I have received some good perspectives from my industry peers as well as from representatives from some other
industries. I came to know what kind of investments are being made by the other companies for ensuring their cyber security, which made me compare the worth of my decisions.“ — Berjes Shroff, CISO, Godrej & Boyce Manfacturing Co
“As cyber-security is going to be the next challenge in the work field— and our assets in the family, company and national level may be at risk, I came here to ascertain our preparation to scale down the challenge. My understanding is next generation solutions need to be built by 2030.” — Ashok Dhammani, Group CIO and Head IT, H-Energy
