Thursday, October 2nd, 2014 marked the commencement of Cyber Security Awareness Month at SCIT. It was a proud moment for us as we hosted CSAM event for the 5th consecutive year with the help of Team Matrix and our sponsor ISACA. The day began with the panel discussions where we had dignitaries from industries who shared their valuable inputs regarding security issues faced in the industry. Later on, we had events for students which were fun as well as informative. The events included Treasure Hunt, Role Play Audit and Case Study from Keywords.
We had very experienced panelists, which included:
- Mr. Ajit Menon (Guest of Honor) – Chief Security Officer, Tata Consultancy Services
- Mr. Avinash Kadam (Chief Guest) – (CURRENT) Advisor – India Task Force at ISACA
(FORMERLY) Director, MIEL e-Security Pvt. Ltd. in charge of Information Security Consulting and Training, Chief Operating Officer, Kale Consultants Ltd, General Manager-IT, Raymond Ltd, General Manager-IT, Glaxo India Ltd
- Mr. Nitin Bhatnagar – Head of Business Development at SISA Information Security (APAC and CEMEA)
- Ms. Shweta Chawla – Owner, SC Cyber Solutions
- Mr. Niranjan Reddy – Founder NetConclave Systems
The panel discussion was the highlight of the entire event. It was a very fruitful discussion and helped us understand many new aspects of information security. The discussion began with the topic: challenges faced by law enforcement authorities while handling social media. This is a very severe issue because most of the law enforcement authorities do not have the proper awareness to handle crimes like this. There is a time lag between when the post is uploaded and when the post is the authorities remove post. During this time lag, the media can cause a lot of damage. Sometimes, we do not realize the consequences of the situation before it was already taken place; therefore, to avoid such catastrophe, we should always think before posting something on social media. There are no boundaries to what can be posted on social media, nor is there any control. E-ambassador is a term given to those individuals who inform the authorities of any mishaps that occur on the social media. With their help, the police is notified sooner and proper measures are taken accordingly.
BYOD (bring your own device) refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications. The proliferation of devices such as tablets and smartphones, which are now used by many people in their daily lives, has led to a number of companies allowing employees to bring their own devices to work, due to perceived productivity gains and cost savings. The idea was initially rejected due to security concerns but more and more companies are now looking to incorporate BYOD policies. It brings a lot of convenience to the end users but might not be as optimum for the organization. It is hard for the organization to put controls on devices such as proper security, the right processes, etc. The IT technicians need to be aware about how to fix all types of devices (windows, mac, etc.) rather than just one type. Of course, along with the pros, there are many cons for the end user as well. Loss of privacy is the main concern for the user because all the personal information on the laptop (personal emails and other data) is at risk of exposure.
With the pace the technology is advancing today, the forensics specialists also have to up on their toes in order to tackle security issues. Sometimes, storage capacity is too high in the devices and the data the forensics team is looking for is very little. It is just like looking for a needle in a haystack. However, with the kind of tools available today, it is very easy to identify the “needle”, no matter how big the haystack is. There are specific tools used for specific purposes, for example, email forensics tools, key logging, VAPT, etc. The employees to sometimes make the job of the forensics team harder than it should be. The user might not realize until too late that an attack is taking place on his/her device and in case of a fault may report it to the IT guys rather than the forensics team. Once the forensics team starts tracking a device, they can find out everything about the user, for example, their personal emails, sites visited, even the number of clicks he/she made on a website. This is the reason why BYOD is still not allowed or preferred by some organizations. We need to find a balance between risk seeking and risk avoidance.
The mobile users need to be particularly aware (especially android users), because there are many security issues involved; and once downloading an app, they may ask for information from the user which is irrelevant for that particular app, which the user happily gives away. Lets face it, who would not want to enjoy a “free” app even though it is at a cost of giving up valuable information. In the android playstore there is no authentication required, which is why it is impossible to know the authenticity of the developer. Mobile POS is also being used very widely these days. It was made transactions very easier, but also brings about major security issues.
To conclude, such technology has made our lives very efficient and convenient, but it also comes at a cost, i.e. out privacy. Stay aware and be more cautious.
Web and Media Committee (2014-16)