‘Next frontier is battle of privacy’

Girish Ajoomal is the director of RoundRobin Tech Services, Mumbai. The firm comprises a team of professionals with more than 20 years of experience in the Internet Security and Network Infrastructure sector.
Excerpts of an interview with Ajoomal:

dscf0039

What are the main changes cyber security has gone through over the years?
Cyber security as a business started approximately 30 years ago, even before the widespread adoption of the Internet. Originally AntiVirus vendors, were the first to form as a response to viruses being transmitted via floppy disks.
People dedicated to attacking and “hacking” PC’s and networks were non-professionals, who did “hacking” as a past time. Over the years, attacking networks and all types of computing assets has become a “business”, as criminal gangs realised that there was easy money to be made from exploiting “holes” in cyber security.
Even state sponsored hacks are prevalent today, basically to “attack” enemies “virtually” – for example the Struxnet virus. There is a huge effort being made by several state sponsored actors, basically for the theft of Intellectual Property (IP).
Lately, one of the main targets has been mobile devices, a trend which will continue to grow exponentially, due to their widespread adoption.
Evidently, the industry has tried and responded to these new threat vectors, with the development of new types of products and solutions – firewalls, anti-spam, anti ransomware and many others.
However, this is an extremely dynamic sector and we will see many more mutations and attacks by the “bad” guys and breakneck development by the security industry to try and prevent these.

How can we as ordinary users of internet know the trust factor of others?
Start by being paranoid. Do not give your personal data away easily. Think before “joining” web sites, mailing lists and other “free” services. Ask yourself – do I really need to be on this or that service? Is it really necessary?
The next frontier will be the battle of privacy; we should try and reach an equilibrium with the amount of private data we give up and what we really need to give up.
So to answer your question more specifically, you cannot trust anybody, nobody is 100% safe. Even large companies and organisations are regularly hacked, so be selective, before giving up a huge asset like your personal data to organisations. And hence, reduce your risks to a minimum.

What is the difference between threat, vulnerability, and risk?
Threat is any threat which uses the Internet to facilitate cybercrime or attacks.

3001

Vulnerability is a weakness, bug or flaw which allows a hacker to exploit the same and “attack” the computer or network on which the vulnerability exists.
And so far as risk, in the case of the internet these are the possible ways / exposure in which a user or organisation is vulnerable to being exploited by others for their benefit, both economic or for theft of data or IP.

What is the goal of information security in an organisation?
To ensure business continuity and protect IP and other confidential data from leaving the organisation.

What are the risks associated with using public Wi-Fi?
Wi-Fi has proliferated everywhere and the risks of using public Wi-Fi without adequate protection are immense. They can map the MAC address of your device, put cookies and other more virulent forms of malware onto your device, track what you do and even “sniff” your traffic data in great detail.
You also have “Rogue” AP’s (Access Points) trying to push the user into using them and they “infect” the device for all sorts of nefarious purposes.
Try not to use public WiFi’s as data plans for mobile devices are cheap and their speed is reasonable nowadays. If you do use public Wi-Fi please try and use a VPN service (several free and paid ones are available) to “mask” your identity.

What are your tips for protecting yourself against identity theft?
There is no “magical” solution for this. I suggest a layered approach to security. Everyone should try and use a “mix” of the following technologies:
a) VPN for browsing
b) Use a firewall both at work and home
c) Adequate End Point Anti Malware protection
d) 2 Factor Authentication

imagearchtwo
44918-o48gvc

What are the most challenging aspects of software security impacting businesses today?
Insider threats are the biggest threat impacting business. More than 70% of threats emanate from inside an organisation. These could be malicious or simply done by “mistake”.
Theft of IP and confidential data is the second one. Data breaches – usually detected far too late for the response to have been effective – is the third one.
Ransomware, another challenge, will increase as time goes by, as there is too much easy money to be made.

What does a company have to do to ensure IT security?
It has to enforce a multi layered approach to security composed of different solutions – UTM firewall with layered security, end point security, use VPN’s, secure Wi-Fi, two factor authentication, and ensure visibility into insider threats.
It also has to ensure systems are patched with the latest updates from manufacturers. Backup your data and then backup again.
Secure your data in the cloud and appoint a person/team responsible for cyber security and ensure that they are empowered with direct access to management.

What is the future of cyber security and what are the changes which are to be bought in?
There is a lot to be done in India as the general perception is that cyber security is usually not given it’s due importance. However, with the widespread advent of Internet adoption and Internet of Things, this will be more critical. The country needs to protect its critical assets, infrastructure and IP better.
Changes that are necessary include:
1) Increased awareness
2) Increased transparency
3) Accountability and appropriate fines for organisations who suffer breaches.
India should take the new legislation coming into play in Europe next year – GDPR – as a pioneering example of how legislation can force companies to protect their consumer’s data.
A national privacy authority should be set up with the ability to “fine” people who are not up-to-date with protection.

RoundRobin Tech Services
Unit #226, Kewal Ind. Estate,
S.B. Marg, Lower Parel, Mumbai-400013
www.roundrobintech.com
Tel: +91-22-30458000

archthree