CSR can help create awareness on Cyber Crimes: Cyber Security Conclave 2019
Cyber security is the growing concern of today. With the growing adoption of digitalization across the country and the latest technologies like Artificial Intelligence (AI), Machine Learning (ML), Internet of Things (IoT) etc. the concern of cyber attacks are also increasing. The CIOs and CISOs are concerned because of the growing threats, compliance pressures and complexity. Keeping the concerns in mind, the third edition of Cyber Security Conclave 2019 held at Shangri-La, New Delhi to dive deep into the topic of Growing concern on Cyber-Enabled Espionage and electronic evidence.
The event witnessed the presence of stalwarts of the industry and government bodies. The eminent dignitaries who graced the occasion were Shri. S N Tripathi, Secretary, Parliament Affairs, Govt. of India; Mr. Vipin Tyagi, Executive Director - C DOT; Mr. Vineet Goenka, Member Governing Council-CRIS, Ministry of Railway, GoI; Mr. Sudharkar V Yarigadda, Joint Director, Maharashtra Judicial Academy; Mr. Kunwarsingh R Singhel, Dy. Director Maharashtra Judicial Academy; Dr. Pavan Duggal, Cyber Expert-Supreme Court of India; Dr. Herald Dcosta, Director- Intelligent Quotient Security; Dr. Deepak Kumar Sahu, Publisher & Chief Editor -Kalinga Digital Media Mr. Anuj Agarwal, Trainer & Consultant on Cyber Investigation & Cyber Forensic; Bharat B Anand, CIO- NATGRID; Vineet Goenka, Member Governing Council-CRIS, Ministry of Railway, GoI; Rohit Srivastava, Cyber security expert; Avnesh Vats, IT head- EESL; Harish Jain, CISO- CNH Industrial; Kamal Dhamija, Cyber Security Officer- Apollo Tyres; Dr. Rajeev Papneja, COO- ESDS Software Solutions; Subroto Panda, CIO- Anand and Anand and S Mohini Ratna, Editor-VARINDIA.
The morning started with the welcome speech of Dr. Deepak Kumar Sahu, Publisher & Chief Editor, Kalinga Digital Media & VARINDIA on the topic of “Growing concern on Cyber-Enabled Espionage”, “With the growing Cyber attacks, virtually every sizable enterprise and government entity knows the critical importance of taking pains to protect their data. There is a widespread circulation of cyber security myths and partly because of the enormous volume and ever-changing nature of cyber-attacks, making it impossible to win all the battles all the time.
CISOs are under stress, due to mounting threats, compliance pressures and growing complexity. Most businesses are aware of the importance of cyber security and taking preventive measures to mitigate cyber security risks.”
Presenting the inaugural speech, Dr. Pawan Duggal, Advocate, Supreme Court of India and Chairman, International Commission on Cyber Security Law says, “Baltimore has been hit by cyber attack. $ 18 million is what the current cost that Baltimore is experiencing just to get back on wheels. The fact remains that when we talk about cyber security, it’s a different ballgame altogether. I am more interested with this particular robo of the Chinese news agency which is been launched in November. It is the world’s first Artificial Intelligence robo which is reading, analyzing news and simultaneously which is giving you perspective. If this kind of a robo while on live news tensed to get hacked and miss used, see the potential ramification that could exist. This tells us that human intelligence will be crossed by the artificial intelligence by 2062. I believe those figures are wrong. The actual tipping point is going to come much earlier. No wonder Artificial Intelligence today, apart from being an opportunity is one of the biggest challenges for cyber security because on the dark net you have abilities to actually start using AI services for breaching cyber security.”
While delivering a speech on how to protect and safeguard from cyber crime and cyber attack, Parikshit Gangaher, SE Manager – Major Accounts, Fortinet explains, “As the theme is espionage, there was a leak which happened from NSA, a security agency in USA, and this leak was called Internal Blue. NSA was already using this and they were spying against neighbouring countries and even the allies. Last year it got leaked by a group called Shadow Brokers, which basically sold this exploit and it was used by cyber criminals. Last year, $ 1.6 trillion were incurred as losses against cyber criminals. In India, 76% of the businesses were hit by cyber attacks last year. It is becoming a big issue for us. With the evolution of software-defined world, these attacks will grow. The fist evolution was virtualization of servers. The second evolution was the software-defined networks. Once the servers got virtualized you have to virtualize networks because you have to roll out your services faster. These two things combined to form the cloud computing. As the things have moved towards cloud, we need better connectivity and that is how software-defined WAN came into picture.”
The fourth speaker of the day, S.K Tripathi, Regional Head – ALIMCO upholds how they are working dedicatedly for CSR. He says, “For Corporate Social Responsibility (CSR) we have a major sector – disability, it is very challenging. In India there are 2.68 core people with disability and the major problem with this sector is most of them are from deprived sector. So it is our responsibility and duty to support them under our CSR activity to provide them devices, rehabilitation of these disabled people so that they can be brought into the main stream, can contribute to make their life easy. The states with highest disability are UP, Maharashtra, Bihar, Andhra Pradesh, Telengana and West Bengal. 70% are in rural areas and out of these 75% are unemployed. So the major problem with this sector is that they are not able to perform their livelihood, daily routine and also they are from deprived sector. Now, it is our role from corporate and government departments to contribute for them through our CSR activity.”
Dr. Vipin Tyagi, Executive Director – CDOT in his key note address to the audience says, “One of the things that we have realised that to have transparency in technology, one way is to have the standards and it needs to be built on the global scale. Second thing which is very important is that if you have built it in India, you have a better security then you got something from outside. Anybody who is doing research, development and all the design activities is well aware of the local context and also the laws whereas if you are importing something from outside, you do not know what you are getting, consequently the indigenous development of telecommunications is very important because all the data flows on the networks. So we have the telecommunication gears which are available in India and which you can trust. But then the issue is we are yet to recognize our own capabilities.”
Pannel Discussion I:
on the theme, Cyber Security – a growing CSR issue, the first panel discussion took place. The mandate of this panel discussion is cyber security in the context of CSR. Cyber security is still not part of the CSR, what do we need to do to get this up and about because we are actually wasting a lot of funds and India requires that, being moderated by Dr. Pavan Duggal, Advocate Supreme Court of India.
Rohit Srivastava, Cyber Security Expert
“As we all know that we have that 2% value to be used in CSR by every company and people are using it. I am not saying that any of the domains which are being used currently under CSR is of low importance but at the same time the need of cyber security awareness in the country is at very high demand. The large PSUs are spending money on cyber security space but they do not get quality output in this area. May be once CSR fund gets used for that, the overall health and hygiene of the security would be going up.”
Bharat B Anand, Chief of Technology, NATGRID
“Government has mandated 2% as the compliance and probably the security is not the compliance alone. We ought to look at beyond because this is going to be phenomenally change the way we integrate, interact with ourselves as well as with our devices. We have to look from a perspective that probably we have to have that kind of workforce to do that kind of job and a skilled manpower. We require some kind of thought process, may be more discussions between government and the corporate together.”
Vineet Goenka, Member Governing Council – CRIS, Ministry of Railway, Government of India
“The corporate or PSUs which has got huge funds of CSR can tie up with institutions which produces basic information which protect country’s interest so there we can put in money. A lot of our money goes in securing the data outside the premise of this country. So why not the corporate like Wipro, TCS etc come together and uses their CSR fund and put up a data firm somewhere in India. It will generate employment and also pass on at subsidise rate the data storage to Indian corporate. CSR funds are more than Rs 70 crore, we can do miracle through this. We can change it and make this country a better place to live in.”
Krunal Patel, Head of Business India and South Asia, TeamViewer
“People need to be made aware that there are security threats attached in the digital world and this has to be addressed. Corporate are very much willing to do this but under the current provisions, it is an expense. I focus on my product development, improving the security of the product and infrastructure which I serve to my customers and users. There has to be certain provisions available where I can use CSR as a vehicle to create that awareness. Security is everyone’s responsibility and as a corporate we will be more than willing not only to spend but go to a grass root level and make people aware but there should be certain provisions which would help us to ensure that the funds that we are spending are utilized properly and can be considered a CSR rather than an expense.”
Anuj Agarwal, Trainer & Consultant on Cyber Investigation & Cyber Forensic
“In India, in every hour a bank incurs a loss of Rs 90,000 and Rs 700 crore in a year which is a social engineering crime. In a year almost 15 lakh people is incurring loss. Second, for the security of corporate there are many tools and possibilities available. But what are the ways to save common man and it is awareness. The cyber crime that are happening with common people they are more in terms of social engineering. People are actually being duped every hour. Lack of awareness among the common people and law enforcement are there. According to me CSR is the only way to aware the common people and 90% of the cyber crime that are happening with them can be curbed.”
In the corporate presentation, Rahul Arora, Regional Business Manager, India (North & East) & SAARC, SonicWall Technologies says, “Security is very important for today and tomorrow as well and we got to be prepared for the threats that are coming from various vectors. Hence, it is very important that we understand that security is not just an anti-virus or a firewall, it is much beyond that. We all realise that people on the other side are much smarter than us. That is what we need to tackle with the various security solutions available and of course everybody is contributing to that war space which is becoming more and more relevant as well as critical across globe.”
Pannel Discussion II:
In the second panel, the discussion centred around “Electronics Evidence”. The theme of the discussion was Appreciation and admissibility of electronic evidence, being moderated by Dr. Herald D’costa, Director, Intelligent Communications highlights;
“One of the most important segments to be addressed is the legal perspective of cyber security. What happens when a FIR gets registered, when a cyber crime team processing the devices that are ceased and are sent to the forensic lab, the reports come from the lab as an admissible document and when the matter comes in court, how the court appreciate the evidence is one which is a very vital factor where most of you would be interested to know about it.”
Sudhakar V Yarigadda, Joint Director, Maharashtra Judicial Academy
“For appreciation of evidence, one need not to be a cyber law specialist. Evidence act simply defines that after examining the materials place before the judge, he as a man of ordinary prudence, if he believes in its existence, it is said to be proved. If he has any doubt and not satisfied then it is not proved. After examining all the materials if the judge opines that he has been falsified then it is called disproved. So this is what a judge is expected to do. But with the help of these cyber criminals even without the formal trainings, we judges are also being trained, so we are aware how these crimes take place. First, we should have knowledge and second is we are arranging trainings also because it is the knowledge which makes the judge to believe.”
Kunwarsingh R Singhel, Deputy Director, Maharashtra Judicial Academy
“Evidence can be broadly divided into oral and documentary. Oral evidence is what the witnesses deposit before the court. Documentary evidence are the documents produced for the inspection of court. So documents can be the primary evidence like mobile phone, micro-processor chip etc. When the original instrument is produced before the court it becomes the primary evidence and court can believe on its existence. But it becomes secondary evidence when a copy certified by a person is produced.”
Aslesha Barke, Consultant, Cyber Security Corporation
“In today’s scenario, the paradigm has started shifting from conventional crimes to more on cyber or digital crimes. But still the element of evidence remains critical. Also, the process of investigation and trials are purely dependent on evidence. So examining these evidence or extracting the evidence is very critical.”
Dr. Nishesh Sharma, Author of Cyber Security / Forensic In India
“The problem that our courts are facing today all over the world is the jurisdiction issue. The US courts are developing on this and they are going with the sliding scale test, purposeful availment test i.e, who is purposefully availing the website, minimum contact test etc. India goes by cause of action. So to solve this problem, as cyber crime is international in nature we have to follow the international protocol and international treaties. Unless we follow the international protocol we will not be able to address the question of admissibility of electronic evidence.”
Vivek Narayan Sharma, Joint Secretary, Supreme Advocates-on-Record Association
“When the evidence comes to councils, we need to verify through forensic. So we send the evidence for forensic but at the same time there are certain things which are not clear through the forensic way also. If the device has been routed then it will produce incorrect information. When you will send the device to forensic then the department will test it and say the device has not been touched but at the same time in case of routed device, the forensic report may escape it. In such a scenario, from the angle of a lawyer, whenever any evidence of the suet comes to us we always send it to forensic but now this new routing problem is there, so for that we of course require further discussion.”
Harish Jain, CISO, CNH Industrial
“From a corporate side, we implement a lot of technologies to safeguard our information, to understand what is most critical for us. But technology is a point in time security and it cannot guarantee the security over the period of time and we need to have the process in place to deal with the situation. We have specific procedures in place where we have knowledge of data firms, where the data is, how it is leaving the organization etc. We have a forensic process in place and how chain of custody process defined like how each device is getting transferred from one hand to another at what date and time along with the justification or reason. We try to keep COC limited so that it is admissible in the court of law. Corporate and awareness is something which is very important for the people who are actually dealing with the evidences rather than who are actually creating admissibility in the court of law. It has to go hand in hand and awareness is the key.”
Kamal Dhamija, Cyber Security Officer, Apollo Tyres
“We do have to build up the process in an organization to understand who exactly needs the data to perform the daily roles and responsibilities. We need to define the process and technology in place to understand, we have some meaningful data over there and it is required by somebody to perform his daily roles and responsibilities but not by everybody. So we have to define the process for each department.”
Avnesh Vats, IT- Head, EESL
“A lot of new technologies like 5G, IoT, AI, ML etc are coming up and more data will flow and we do not have a stable framework as of now, so issues like cyber crime will come up. So from both technology and law and enforcement perspective we need to strengthen our infrastructure.”
Morning session of the Cyber Security Conclave 2019 has witnessed the recognized the Digitally empowered PSUs and departments in India. The list below:
[Government E Marketplace(GeM) receives Digital Empowered PSU of India Award]
[Indian Computer Emergency Response Team receives Digital Empowered PSU of India Award]
[Telecommunications Consultants India Limited(TCIL) receives Digital Empowered PSU of India Award]
[Indian Oil Corporation Ltd receives Digital Empowered PSU of India Award ]
[Railtel Corporation Of India receives Digital Empowered PSU of India Award ]
[Artificial Limbs Manufacturing Corporation of India receives Digital Empowered PSU of India Award]
[Centre For Development of Telematics(C Dot) receives Digital Empowered PSU of India Award]
Key Takeaways:
Considering the criticality of services being delivered and the sensitivity of the data being involved, the severity & scope of the impact in case of any breach or attack in cyberspace could be immense. Strengthening the cybersecurity posture of the nation as a whole is certainly need of the hour. This includes building capabilities and capacities of individuals, industry and government. Considering the importance, there has to be serious steps taken to strengthen the cyber security posture of the nation and ensure protection of the sovereignty of the nation in the cyberspace and also protect the rights of the citizens. With the growing cyberattacks, virtually every sizable enterprise and government entity knows the critical importance of taking pains to protect their data. There is widespread circulation of cybersecurity myths and partly because of the enormous volume and ever-changing nature of cyber-attacks, making it impossible to win all the battles all the time.
There are various types of attacks including fraud, phishing, malware, adware, spam, blended threats and DDoS attacks. These are just some of the attacks individuals and organizations should guard watchfully. The growing sophistication and perseverance of cybercriminals, network firewalls are proving to be insufficient security measures. Organisations need to fortify their endpoints behind the firewall, network printers against the persistent threat of ransomware and more malicious forms of malware. While every industry, business, entity and organization is susceptible to cyber-attacks, 2018 has shown a radical shift in the industries experiencing the highest incident rates. The panelists have agreed on the types and volume of attacks are happening, almost all industries are most affected and the key factors enabling hackers to attack.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.