Network is base of digital banking domain. The base should always be strong and updated. In Recent days Ransomeware attack was a very big problem. Due to confidential data, banking sector was under pressure of its major affect. Being a part of networking & security, it is our responsibility to face the challenges and search for the door to overcome from the massive situations. The small loophole in the network can create a big disaster.
While working under the guidelines of PCI DSS “The network diagram is supposed to be simple to flow, but difficult to attack, even the small changes can play a very important role in the network. The date & time on the system is always neglected but it stores the history of incidence so it should be accurate according to the time Zone (Can use NTP server). PCI DSS guidelines not only helped to make the Network strong but it also indicates how to overcome the Incidence.
Real time changes to avoid attack!!!
- Always keep an eye on every action of the user, small change in the behavior of user is the first indication of attack. To track all these changes Log server should be used in network and logs should be monitor on daily basis.
- Segmentation also plays an important role as it stops the communication between the other departments of the organization. You should create a multiple VLAN in core switch and put each department in separate VLAN. This helps in stopping the communication of inter departments and the logical segmentation can be created among the organization.
- It is challenging to segment the moving users (Laptop) so in this case MAC binding for each users should be done.
- Implement the proper Antivirus which can be controlled by centralized server. Because only Virus Scanning of laptops on daily basis is not sufficient. Virus infection through unwanted Website should be controlled/stop. It should also have ability to stop the data leaking by physical source.
- User data needs to be very confidential as by usage of some software, data can be tracked easily. So to avoid this situation VPN should be used in public network so that all the data will flow through your home network in secure way and cannot be tracked easily. 2 factor authentication process is a Major Key of safety which can meet by unique SSL certificate, Passwords, User Id.
Why attack affect us?
The virus like ransomware has mass effect on the system of organization because the construction of the network or the implementation of security software is in same Prototype. Also, Limitation in innovative Idea like local network is built on fixed IP range or some common range of IPs.
Virus/Attacks should be taken on positive note as this give you the idea to develop the security policy and unique network strategy. Appreciate the talent of your colleague as hacker, which will help you in gap analysis and know mind set of Hacker and the target points. Small changes make big difference.
It was two weeks ago. I was chatting with the CFO of a major automobile manufacturing company. This is one of the largest companies in the world. I was waxing eloquent about new-age attacks that would affect companies like theirs. He listened intently for a time, flummoxed at how attackers were using every tool at their disposal to steal money and data from companies like his, all around the world. He even admitted that his company had been a victim of a recent spear-phishing attack. It was an interesting discussion till he brought up the worlds “Wow, this is pretty great, but security I guess would be an IT thing…. That’s what happens at our place. Security is IT and we never poke our head into that”, chuckling at his own joke. It was then that something hit me, and hard. Security is still considered an IT problem and NOT a business problem. Information Security, Hacking and Cyber-threats are just below black magic and worldwide apocalypse in the list of things that non-IT people don’t quite comprehend. Surely, I felt, this CFO should know of Information Security as any other management focus area within the company like sales, marketing, HR and so on. Sadly, that was not to be. I prodded “Tell me something, you’re the member of your company’s Board of Directors, how often does Data Security feature in those meetings?” He thought for a while and then shook his head “Not that I can think of. We discuss some IT initiatives like SAP integration and so on, but not security, to my knowledge, no.”
At this point I realized one unequivocal truth about our industry. It was a painful one. Information Security is perceived to be less about Information and more about IT. Information Security unfortunately does not have much of a place in the boardroom of the average company. Here are three reasons why I think Information Security must occupy an important seat at your next boardroom discussion.
- Every Business == IT Business
I hate to begin with clichés, but this one is very apt. IT fuels the modern business. It runs production, marketing, purchasing, sales, and literally any other operation that you can think of. Like it or not, your business runs on IT and IT components and applications can be compromised. Therefore, Information Security is/should be a paramount concern. It is literally as bad as a hospital running out of doctors to perform treatments or a manufacturing company running out of raw material. During an assessment, I was speaking to the CISO of a major Oil and Gas company who said “You know what, nobody cares about Information Security. Think about it. If we don’t use IT tomorrow, they’ll just go back to pen and paper.” I thought that was a silly statement. Pen and paper? Really? That company had automated and integrated every bit of their upstream operations with ICS systems, ERPs and so on. If they had a Data breach, it would have been a long (really long) time for them to go back to “pen and paper” and their operations would have seriously seriously slowed down. Don’t kid yourself. Every business is in the IT business. And in the IT Business, any business can/probably would get hacked. Deal with it.
- Security Risk is a subset of Operational Risk
Every enterprise today wants to be on top of “Operational Risk”. Most boards and CXOs spend an immense amount of time and energy understanding and attempting to be on top of Operational Risk, a.k.a “What if” analysis. Expensive consultants are engaged to provide fancy reports with graphs on “Operational Risk”. Not including Information Security Risk in that mix is a recipe for disaster. For example, you are an automobile manufacturer who’s developing a new car that is revolutionary and would change the market forever. Well, you have probably analyzed operational risk to death. But what about that designer who is working on the core design of the vehicle receiving a phishing email from a competitor and exposing your critical business secrets to your competition, consequently blowing your chances of being a market leader. Information is power. Information Security is a way of protecting that power. You cannot afford to ignore it, especially in the boardroom.
- Security is a Keystone Habit
According to Charles Duhigg’s well-researched book “The Power of Habit”, Keystone habits are habits that cause a chain reaction. A Keystone Habit is a single habit that can affect change across different systems, using a series of “small-wins” and energy across the system. He uses a compelling of how Alcoa’s legendary CEO Paul O’Neil was able to convert Alcoa (The Aluminum Corporation of America), not by traditional methods like cost cutting and innovative products, but by focusing on one-single habit, Worker Safety. Using this Keystone Habit, Alcoa (where workers handled molten metal and dangerous substances) not only became a Zero-Injury workplace but also became a profit-making machine thanks to the single Keystone Habit of Worker safety.
Information Security has a very similar nature. I have seen companies that install strong technology, process and people controls from an Information Security Standpoint grow into serious profit-making machines that are long-standing and durable. Security, if implemented correctly instills a sense of discipline and culture that can have huge ripple benefits to the company on the whole. While most people (incorrectly) view Information Security as a cost-center and a “support” department. I believe that gelling information security into the organization’s culture correctly and deliberately can have huge productivity and efficiency rewards for the organization.
In some companies, Information Security and Risk consists of a large team of hundreds of professionals handling security and compliance risks across many countries. In others, Information Security is one of the many responsibilities of an IT Manager who handles everything from IT management, staffing and Project Implementation. Either way, Information Security is a critical facet of the modern enterprise that is riven with uncertainty and a growing list of possible threats. Building a solid information security team (own or outsourced) is critical.
I see everywhere, that people are facing a serious challenge with information security team. In my opinion, it’s not they don’t know how to get the right candidates, it’s that they don’t know what to look for in candidates when they are building their information security teams. According to the legendary author and eternal student of business, Jim Collins, its more important to get the right people on the bus and get these people to the right seats, rather than focus on what these people need to do. Good people, in the right mix tend to produce good – great results given the right environment.
Several CIOs and CISOs ask me that single question “What kind of people do I need managing our Information Security Team?” Well, that’s what I am about to address. I believe that these 3 types of people are key to making any information security team, super-successful.
The Tinkerer is my favorite character in any good Information Security Team. The Tinkerer essentially wrestles with Technical security issues. She sets up that SIEM product all on her own and starts monitoring events inside the network. She’s able to cull through complex application or system logs and identifies the root cause of a security incident. She’s able to script up a quick tool in Python/Ruby while performing an internal penetration test. She’s what we would all call, a Geek. The Tinkerer is one who possesses a wide and deep array of technical skills that she uses in information security. The Tinkerer is hungry for technology. She has passionate conversations with the technology teams and seems to have that unlimited energy and drive in “getting his/her hands dirty” with technology implementation. The Tinkerer is an invaluable asset to any Information
Security Team because they possesses the technical skills to cut through the crap and dig deep into any technical/technology oriented solution. I have observed that Tinkerers are great with Unix command line, probably have some scripting skills and have implemented just about any open source product you can think of.
The reasons why Tinkerers are so important:
• They do not just “listen to” vendors. They actively engage and get to the bottom of the vendor’s technology. They provide solutions often, when vendors can’t.
• They save you a ton of money. Don’t have the budget for that File Integrity Monitoring solution? Not to worry, the Tinkerer will scour through the Internet and would probably implement an open source solution with the same effect.
• Their passion would drive technology security. The Tinkerer is able to engage with ease with external penetration testers, internal penetration testers, network security personnel and application personnel. The Tinkerer is able to speak all of these diverse dialects with ease and ensure that security (atleast technically) is a top priority.
The Processifier is a unique, un-glamorous but highly important role in Information Security Management. Every strong Information Security team must rely on process, procedures and practices to succeed. This is where the Processifier comes in. The Processifier’s basic job is to streamline Information Security Processes at the company. She ensures that there is a strong process for most information security practices. She creates a strong risk management framework that defines the company’s information security growth year-on-year. She basically ensures that the bedrock of a strong information security practice is in place for the company to implement even when she’s not around. The Processifier is usually the sounding board for sane advice on any security-related practice. She keeps the other information security personnel in check by ensuring quality of standards and processes.
The reasons why Processifiers are so important:
• They create the foundation for a strong Information Security Practice. They create the practices, processes and documentation for the Information Security Practice, which is extremely important from a long-term perspective.
• The Processifiers provide the quality and consistency parameters for the Information Security Team to conduct its activities all through the year.
• The Processifier also handles initiatives like Security Awareness and Training that
is non-negotiable for a Security conscious company.
The Prophet is a unique role between business and information security. The Prophet is an Information Security Professional with a keen eye on the business. While the Processifier creates a risk management framework and the Tinkerer is technically adept, The Prophet’s job is to ensure that all of this applies and makes sense to the business. Business Risk is the Prophet’s business. She is the ultimate mediator between management and security scuffles. She advises the information security team on changing business risks and perceptions. She has the right connections to the right stakeholders inside and outside the business to provide Information Security with a unique perspective. She ensures that Information Security delivers immense business value and makes it
known. The Prophet is like the ultimate fixer for businesses and information security
teams because she can speak both tongues equally well.
The reasons why Prophets are so important:
• Popular perception is “Management is always at odds with Information Security”. With the prophet, management and information security are partners.
• Sometimes, Information Security tends to get lost in controls and technology. The Prophet is the essential element that points them in the most important direction of business risk.
• Prophets ensure that Management and Information Security meet in the middle. They are the diplomats of the security world, constantly ensure that the tug of war between these two diverse areas does not cause the rope in the middle to tear or break.
These people (listed above) do not always have to be different people. As a single IT Manager, you might have to wear all these hats. However, having the right mix of the Tinkerers, Prophets and Processifiers, your Information Security should be in great shape.