Business houses and
individuals are facing sophisticated malware attacks around the
world. This is true about not only big business companies but even
small and medium business houses. Cyber criminals are also targeting
individuals for sensitive personal and financial information.
Ransomware attacks are increasing and they are targeting stakeholders
ranging from big hospitals, banks and individual computer users.
Even at the
organisational level, the directors and top management are lethargic
towards cyber security of the organisation. For instance, the
directors of Indian companies are not at all paying
attention to cyber security issues. As the Indian
government is not pushy at all regarding ensuring cyber security in
companies and at the level of Indian cyberspace, these directors are
escaping their legal liabilities even if a cyber breach occurs. There
are no cyber
security breach disclosure norms in India and this makes
the directors and top management indifferent toward cyber security
related legal obligations in India.
India has no dedicated
cyber security law though it is absolutely required due to projects
like Digital
India and Aadhaar. Cyber criminals are targeting banking
sector of India with ease and stealing big amount of money. The
Reserve Bank of India (RBI) had even declared that it would open up
an IT
subsidiary that wold take care of cyber
security issues of banks in India. However, till May 2016
there is no sign of such an IT subsidiary. Similarly, the Indian
government has appointed Dr.
Gulshan Rai as the first Chief Information Security
Officer (CISO) of India but much has to be done after this stage.
In the present cyber
security environment, malware have emerged as undefeatable
and uncontrollable. Cyber security product and services providers
have no other option left but to innovate so that sophisticated
malware can be detected at the earliest stage. Anonymity tools and
use of Dynamic
DNS, Fast Flux and Bullet Proof Servers has further
complicated the problems for law enforcement agencies world over.
Instead of strengthening the cyber security capabilities, law
enforcement agencies around the world are barking the wrong tree.
They are trying to kill encryption and compromise the cyber security
by demanding backdoor in the security products. FBI of US has even
gone to the extent of acquiring long
arm jurisdiction through US
Supreme Court that would allow it to target global
computers. This would clearly violate civil
liberties and cyber laws of various nations.
Cyber criminals have
unlimited resources at their disposal these days. Many of them are
even supported by state actors and this allows them to make
customised malware that cannot
be detected and eliminated by traditional anti virus and security
products. As a result the contemporary cyber security products and
services are ineffective
in preventing such malware from causing damage.
World has already faced
sophisticated malware like Stuxnet, Duqu, Flame, Uroburos/Snake,
Blackshades, FinFisher, Gameover Zeus (GOZ), etc. These malware were
unique as they were detected much after they infected the targeted
systems. Some of these systems remained infected for many years and
this facilitated targeted cyber espionage and customised infection of
these systems.
The financial sector has
its own share of cyber security problems and challenges. Malware
targeting financial sector are also in circulation for long. These
include Carbanak, Vskimmer Trojan, Malware Dump Memory Grabber, etc
that cause tremendous financial loss world over. It is not just the
financial loss but also loss of faith and goodwill that banks and
other financial institutions have to face.
Perry4Law
Organisation (P4LO) has provided the “Cyber
Security Trends In India 2016” that have predicted that
use of botnet and malware would increase in the year 2016. The trends
has also predicted that critical infrastructure, cloud computing and
e-health would also be on the receiving end. We have already
witnessed an increased use of ransomware and malware for targeting
hospitals and health industry. Similarly, big corporations are also
frequently targeted and their data are encrypted by the cyber
criminals. This data is then decrypted only after the ransom is paid
by the corporation to the cyber criminal.
The year 2016 would
witness an increased use of malware for various purposes like cyber
terrorism, cyber warfare and cyber espionage. It is for us to develop
both offensive
and defensive cyber security capabilities and a robust
cyber
security infrastructure so that the impact of these
malware can be minimised if not eliminated.
No comments:
Post a Comment
Please see https://cybersecurityofindia.blogspot.com/p/advertise.html for advertisement procedure.
Note: Only a member of this blog may post a comment.