36emergency response team-India) is thenodal agency, but still depends on CBIand local police for feet on the street. Anodal agency needs to be created.The Banking Industry is facing internalfrauds time and again like credit / debitcard fraud, phishing & identity theft. TheImplication of such crimes is financialloss, impact to reputation, legal ®ulatory implications.Initiatives should be taken tocounter cyber threats like two factorauthentication (hardware tokens,dynamically generated passwords etc.,)SMS alerts to customers as additionalvalidation, digitally signed emails, onlinefraud detection system etc.Technology can certainly play a key rolein online fraud prevention, but nothingcan substitute better customer awareness/ education when it comes to ensuringOn-line transaction security.Cyber Crimes:Digital Evidenceand Cyber ForensicsThe 5 “P” process in investigationand end to end discovery – Plan,Preserve, Pave, Process and Produceshould be looked into. Almost 75%of respondents, as compared to 60%in 2008 survey - fraud in CorporateIndia had risen in the last two years. Intoday’s technology pervasive businesses- employees are colluding with outsidersto commit financial embezzlement.Fraudulent financial reporting increasedonline presence results in far greatervulnerabilities at the network level.There is a need to share the best practicesfor cooperation in empowering lawenforcement by creating cyber forensictools.The anatomy of a data breach wherethe root cause of data breaches are wellmeaning insiders, malicious Insider andtargeted attacks, network access control.end point protection platforms; securityInformation and event management.Cyber Act :Policies & LawCompanies must adhere to the IT Act.The awareness levels of the Companieson the IT Act are a cause of concern. Thecompanies need to take notice of therelevant provision of the IT Act. Suitablepolicy initiatives are to be undertakenby the government to ensure that cybercrime risk awareness is substantiallyimproved. To achieve this private sectorcompanies need to be encouraged toeither directly or indirectly undertakepublic awareness programs as a part ofthe CSR initiatives. For this purpose,Ministry of Information Technology,through CERT-IN should send anadvisory to all companies throughthe Institute of Company Secretaries,Institute of Chartered Accountants, <strong>CII</strong>and other industry bodies to undertakemandatory public CSR initiativestowards building awareness of cybercrimes in the community.Companies should be mandated toundertake employee training on CyberLaw Awareness. Improving the CyberLaw Compliance in the industry ismandatory. Schools and colleges need tobe encouraged to include some aspect ofcyber crime awareness in the curriculumand other activities of the School. ISPsmust be mandated to ensure that everyinternet account holder takes up a CyberLaw Awareness quiz passing of whichshould be mandatory for obtaining anInternet account. Every bank shouldensure that banking facilities are givencomplete suitable awareness quiz tothe customers before the accounts areactivated. All Banks should be mandatedto introduce digital signatures forauthentication of internet bankingtransactions. Companies should bemandated to take such due diligence stepsas are mandated in ITA 2008 to preventoccurrence of cyber crimes using thefacilities of the company by the employeesor third parties. The improvement ofcyber policing capabilities as Interstatecooperation of cyber crime policeshould be ensured through setting up ofa “National Cyber Crime CoordinationCenter” and an “Inter State CooperationArrangement” to be endorsed by all StateGovernments. The coordination centreneed not have investigation powers andhence may not require any legal changes.It should also provide an online cybercrime complaints receiving mechanismwhich may be forwarded to the DGPs ofeach state for further action.Private sector industry organizationsshould initiate setting up of an “IncidentReporting Mechanism” including“Whistle Blowing”, to capture thecyber crime incidents that go unnoticedbecause of non reporting of the incidentsdue to fear of bad publicity. Appropriatede-identification of the entitiesinvolved may be managed to assureconfidentiality through a system of“National Ombudsman for InformationSecurity breach Incident Reports”.Cyber Threats:Military, Industrial,Commercial and SocietalCommunications technology whichincludes platforms like the internet,mobile and satellite telephone networks isanother potential field for many countriesand especially developing nations. InIndia alone there are an estimated 400million mobile phone users. Moderncommunications technologies, thatmerge mobile and satellite telephoneswith the internet, heighten the quantumof disruption that could be caused by ahostile ‘attack’.India is a potential target for Chinesecyber attacks. With India and its armedforces getting increasingly ‘wired’ anda number of Indian companies goinghi-tech and global, enhancing cybersecurity must be a priority. This hasto include indigenisation of criticalcommunications networks along with thecapability to trace, disable and counterattackthe source of cyber attacks.Cyber Terrorism is referred as the WorldWide Weaponisation. The criminalstarget the critical infrastructure like
Banking, Military, Telecom, Transport,Nuclear Fuel, Health etc. The IT Actwhere cyber terrorism is explained in Sec66 F (1) of IT Act 2009 which mentionsabout the punishment for cyber terrorismis life imprisonment under Section 66 F(2) of the same Act.The tools of the cyber terrorism are:Hacking; War Dialing; IP spoofing;Viruses; Worms; DOS; DDOS; Trojans;Phreaking; Phishing. China based cyberterrorists have recently attacked Indiandefence and security establishments;Indian diplomatic missions; railwaynetwork, media houses, Times of India &commercial organisations.Individuals and firms MUST adopt safecyber practices – education & awareness.Greater co-operation and Intelligencesharing amongst nations are needed.Greater Govt-Private Sector co-operation,deterrent laws, cyber security audit ofcritical Infrastructure, creation of nodalagency in each country for monitoringand responding to cyber terrorism, R & Din technology to prevent anonymity andincrease Security, co-ordination betweenhardware & software firms should betaken into consideration.Top management of industries mustconsider cyber security as an integraland critical part of their job profile. Theyhave to develop, deploy and enforcecyber security policy to prevent damageto its critical systems. Managementshould conduct periodic cyber securityrisk evaluation. Management shouldacquire and deploy enterprise widesecurity architecture. They should investin acquiring, training and retaining inhouse talent for safe guarding criticalsystems. Management should establishenterprise wide access control systemswith varying user privileges and logs.Management should also developand deploy contingency planning anddisaster recovery.The future of cyber security is in termsof future hackers will be specialized,smart, intelligent and above all wellfunded.The hacking is provided asservice - money will be the motive forcyber attacks, future cyber attacks willbe highly targeted, well planned andfocused and people element will beexploited more and more. There must bea mechanism of monitoring hackers. Theindustries must follow the principles likeSecurity as a ‘forethought out’ process.Cyber War : The EmergingSecurity Challengesin the 21st CenturyIntelligence agencies must share dataand processed information with otheragencies. Regular Cyber Warfarecovers low intensity attacks on keyinstallations; virus & worm attacks needto be monitored.Guerilla warfare covers using specificvulnerability on target to cause damageto target. Use of attack from one countryto hit at another country, the result istraced back not to the actual attacker butto the country specific.The cyber crime threats, particularlyin phishing and identity online fraudsare increasing. Cyber challenges arecommon to all countries in the world butit is the readiness to protect and preventthat makes the difference.The stakes in security are reputation -negative public attention; loss of futurebusiness, intellectual property - exposureof company secrets, loss of productivity;decrease in stock value, customers’ andpartners’ privacy.CYBER SECURITY - RECOMMENDATIONSThis Article on cyber security seeks to crystallize the essence of discussions recorded duringthe Conference on Cyber Security to develop a set of recommendations that would need to beimplemented among industry, government, other agencies & citizens.I. RECOMMENDATIONSTO THEGOVERNMENTGovernment levelinitiatives / policy changes• The government has to take initiativesto create awareness about cybercrimes through policy initiatives.• The government should direct theprivate sector companies to undertakepublic awareness programs as a partof the CSR initiatives.• Companies should be mandatedto undertake employee training oncyber law awareness.• The coverage and definitions ofcyber law are barely in tune with thepresent day scenario - they should bebrought up to the current situationon a war footing.• The Ministry of InformationTechnology, through CERT-INshould send an advisory to all ISPsto undertake mandatory publicCSR initiatives towards buildingawareness of cyber crimes in thecommunity.• Schools and colleges should beadvised to include some aspectof cyber crime awareness in thecurriculum.• ISPs must be mandated to ensurethat every internet account holdertakes up a cyber law awareness quiz37
- Page 1: Quarterly Newsletter from CII (Sout
- Page 5 and 6: Chairman’s Messageear Reader,It i
- Page 7 and 8: In September 2007, CII in partnersh
- Page 9 and 10: and at affordable prices, not reser
- Page 11 and 12: CII Southern Region Annual DaysAnnu
- Page 13 and 14: Kerala - Global Health Challenges -
- Page 16 and 17: TRICHY TRIVANDRUAM VIZAGVIJAYAWADAC
- Page 19 and 20: How mobile phones, micro-financehav
- Page 21 and 22: A call for good governance,transpar
- Page 23 and 24: Business Consulting Services, USA g
- Page 25: One second, one small step canmake
- Page 28 and 29: Securing Business and BeyondNo more
- Page 30 and 31: 30past 10 years, according to him,
- Page 32 and 33: In today’s world, ‘intelligent
- Page 34 and 35: Mr Ashish Sonal, Founder & CEO, Ork
- Page 38 and 39: and pass the same for obtaining anI
- Page 40 and 41: Kerala Ayurveda Scenario3. Kerala,
- Page 42 and 43: Scaling Up : A few initiatives8. Va
- Page 44 and 45: CSR CornerSneham - The CSR Wing of
- Page 46 and 47: “Become a Santa” InitiativeSNEH
- Page 48 and 49: Deccan DoingsRegional, State & Zona
- Page 50 and 51: State ActivitiesAndhra PradeshSeven
- Page 52 and 53: CII - Andhra Pradesh Tata DocomoCri
- Page 54 and 55: KeralaOne-Day Attitudinal Seminar o
- Page 56 and 57: Job Opportunities Session18 April 2
- Page 58 and 59: Study Mission on Total EmployeeInvo
- Page 60 and 61: Awareness Programmeon SEDEX & C-TPA
- Page 62 and 63: CII “ERA” (EmpoweringRural Area
- Page 64 and 65: In FocusBuilding MSMEs in the Regio
- Page 66 and 67: and services, investment by small a
- Page 68 and 69: Young IndiansBANGALOREA Transformat
- Page 70: CII Southern Region NetworkSouthern