You are Exposed!

The most interesting, educative and valuable presentation!

A presentation on Cyber Security delivered by Ashoke Baddage was held on 16th August at Galadari Hotel. It was a very informative and interactive session where an insight in to the global cyber crimes and the devastating outcome were given to the inquisitive audience.

The ground was set discussing about the major security breaches that has taken place recently in some of the large organizations and the impact caused to them and their consumers. He said the cyber crimes could make financial losses up to US$ 6-8 trillion by 2021. According to him the enterprises may face severe consequences if the Boards and the management teams are not aware of the cyber threats that could throw them out of business. Few years back the information security was entrusted to the IT team but things have changed drastically. Today the business owners and stake holders are more concerned about it for the simple reason that they could go out of business if one bad guy can bring the business down. It is the role of the IT and the Security teams of organizations to implement proper cyber defense networks but the Board members should be aware of the seriousness and lay down policies necessary to facilitate this. Ashoke mentioned that unfortunately many Boards today are not aware of this and often they see the investment in threat prevention systems as an additional financial burden. He went on to elaborate the reputational damage that may occur if there is a breach. Ashoke took some examples where large retail chains were hacked recently and the subsequent surveys have shown that 19% of their customers have clearly said they that will not shop with them again. 33% of their customers have said they will take a 3-6 months break from shopping with them. This clearly shows the mindset of the consumers when they see a cyber attack and data leakage on these organizations. It is not only a reputational damage but a huge financial loss to them.

Ashoke shared his experience in working with many financial institutions and governments in the Asian region and the contrasting views of the stake holders when it comes to security. Some are very lethargic and lackluster or ignorant in their approach until something serious happened to them. He said, every organization should think proactively and take active measures to avoid heavy damages to them. Similarly, the responsible teams for designing and implementing cyber security solutions also look at preventive solutions rather than follow a detect and remedy approach. He said every effort should be taken to raise the bar high so that the hackers may find it difficult to penetrate. This will divert their attention to much easier targets.

Responding to questions he mentioned that traditional approach to cyber security has changed at a rapid pace due to the technology adoption to deliver consumer demands much faster and conveniently. This means every business is looking at introducing IT as the platform for delivery of products and services and use of cloud services for computing and storage. And that increase the attack surface for the bad guys giving easy option for them to penetrate. Ashoke also mentioned that there are many ways to protect the different entry point in to a company’s network and a single solution is not the answer given the complex IT infrastructure we have today. Due this complexity, he said, unlike afew years back where we had to protect the internet and server farm, today internet is everywhere and you just cannot have a single defense system. He further said today there is a new trend where much attention is given to the end points such as mobile devices, POS terminal, Laptops etc. This is the entry and exit point where hackers can have a connectivity with their command and control center to take your data out, modify or wipe it off. Up to now we used Virus Guards and its fading away fast in enterprise environment since these are based on signatures and can only prevent known threats. Ashoke Baddage said that today most sophisticated targeted attacks happened through unknown malware. This means it is a new malware created and no signature is available yet to block these. He said to address this, most of the security vendors have come up with various techniques to identify these un known threats which is also called Zero day malware. This type of solution is needed if one considers a proper security posture for their organizations where it can be protected from known as well as unknown threats.

Answering to another question, he mentioned that even if you have the best of the breed products in place with the right security architecture in place, but if you ignore the human factor still huge investment made cannot prevent you from breaches. He explained the role of employees of an organization and creating awareness and their responsibilities related to cyber security is critical to implement effective defense mechanism. Every employee has a role to play using the IT infrastructure and creating awareness amongst them will help organizations to implement effective security solutions.

Moving on to the personal use of internet and mobile devices he said nothing can be done if we don’t follow basic rules. Ashoke elaborated these basic rules that helped the audience to understand the best practices and what to avoid. He mentioned that today 91% attacks happen through Phishing attacks and went on to explain what is a phishing attack and how we can identify it. He explained this through real life scenarios, opening few emails and showing how a normal user can identify and avoid getting hooked on these baits.

Ashoke further explained some of the common attacks and went to elaborate on Ransomware and how we can minimize the threats from these attacks. Ashoke also explained the best practices on password keeping, email handling without getting caught in phishing attacks, how to identify good and the bad of internet etc.

All in all, it was an interesting , educative and thought provoking session with lots of questions being answered . Ashoke can be contacted through ashokebaddage@gmail.com if you want more insight in to cyber security.

Ashoke Baddage is the Chief Marketing Officer of Paraqum Technologies, a local start company specializing in network traffic analzyers and traffic shaping. Prior to this he was with the global cyber security leader Palo Alt Networks Inc and networking giant Cisco Systems Inc.