Fostering a Security-aware Environment

Know the key trends affecting Organizational Cyber-security in 2015 and significantly use a focused approach towards curbing threats by Cloud Security SaaS – Netmagic

Keywords - Cyber security, IT security, cyber security solutions, SaaS security, cloud services

Enterprises may end up being used as channels for delivery of malware and conducting attacks, leading to regulatory, compliance and legal challenges, says Rishikesh Kamat, GM, Product Development & Marketing, Netmagic

Cybersecurity is experiencing enormous growth, as an industry and as a theme in the daily lives of people and businesses using technology. And because our technology keeps changing at an astounding rate, threats are evolving fast too - with cybercriminals finding new and creative ways to exploit users and technology all the time. In a recent survey done by Kaspersky Labs it was found that new technology - leading to new ways of working - were an area of significant concern for IT managers. Mobility, use of personal devices at work (BYOD) and social media in the work place were the top three concerns.

February 2015

– Netmagic

Fostering a Security-aware Environment – Netmagic

2

This presents a picture of a technology environment under significant change. The key trends affecting an organization's security in 2015 are:

Mobility/BYOD: Ubiquitous mobility and increasing consumerization in the business environment means a typical end-user community is now mobile

Cloud: Accessing company data via the cloud from an increasing variety of devices puts strain on IT security

Virtualization: Increasing use of virtualized environments to reduce cost and increase flexibility creates specific areas of IT security complexity

Social media: Employee use of social media in itself is rarely an issue, but cybercriminals are increasingly using the 'openness' of people's behaviour on these sites to gain access to valuable data

Internet of Things/Everything

The Threat Associated With BYOD

As the trend of employees bringing mobile devices, applications and cloud-based storage and access in the workplace continues to grow, businesses of all sizes are seeing information security risks being exploited at a greater rate than ever before. These risks stem from both internal and external threats including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications. If you choose to let your employees use their own devices, ensure a programme for allowing them to do so is in place and is well structured. If implemented poorly, such a strategy could lead to accidental disclosures because more business information is being held and accessed in an unprotected manner.

The Increasing Malware And DDoS Attacks

Over the last few years, the use of malware to profit from security has also significantly increased. There are now more than 20 million variants of malware which are constantly evolving to avoid detection. This growing trend affects consumers and businesses alike. It has also been fuelled by the growth of social and mobility platforms, allowing cybercriminals an efficient mechanism to deliver their malicious payloads. In the last one year itself, we have seen blatant use of social media sites such as Facebook being used to leverage the sympathy generated from humanitarian crisis. In almost all cases, there have been fake videos of accidents and other crisis being circulated online which tricks users into clicking on those links and downloading malware on their systems. Going forward, this trend is expected to continue, even with security increasingly being tightened by the social media firms. The real security needs to come from security-aware netizens who should use their discretion while clicking on links. The intent of malware has been multi-fold. It has been to steal data, hold the user to ransom, capture customer information such as banking details, generate DDoS attacks, distribute further malware, mint cyber currency such as bitcoins and much more. Ransomware attacks have been in the rise since the last one year, with the sophistication increasing through use of commercial grade encryption to lock the data being held ransom. While the law-enforcement agencies have come down heavily in taking down some of the prominent botnets delivering ransomware and other malware, the P2P nature of the botnets will only mean that we will see a recurrence and resurgence of these types of attacks.

Security predictions from : Blue Cost, Darnballa, FineEye, Fortinet, Forrester, Gartner, IDC, ImmuniWeb, Kaspersky Lab, Lancope, McAfee, Neohapsis, Sophos, Symantec, Trend Micro, Varonis Systems, Websense

New attack vectors & platformsEvolution of existing cybersecurity solutions

IoT & critical infrastructureMobile technology

Encryption & privacyHigh - profile data breaches

Regulation, compliance & cyber insuranceSecurity strategy evolutionPeople & social networks

Advanced threat intelligence & preventionState- sponsored & politically motivated attacks

RansomwareCloud services

Big data & analyticsPOS & payment systems

Biometrics & multi-factor authenticationCybercrime

Third-party attacks & malversticingOpen- source software

Web technologyCybersecurity skills

0 2 4 6 8 10 12 14

2015 cybersecurity predictions

3

Online Mobile Transactions

The retail sector in India is growing at a fast speed and the convenience of doing business online or through mobiles is only accelerating the growth. We are now seeing more consumers use cards rather than cash,even for in-store transactions as it provides high level of convenience. This basically means a lot of consumer data is getting collected and stored at various touch points within the retail stores - both online and traditional. Unless the right measures of security are in place, it is only a matter of time before we see a repeat of what happened at Target in the US. While regulatory compliance is not so strict in India, such compromises can leave a huge dent in customer confidence and erosion in market share for retail businesses.

The Internet of Things (IoT)

The Internet of Things (IoT) systems are capable of performing two-way actions. i.e they are capable of sending information that they have collected and also receiving instructions to operate in a certain manner. This effectively means they can be leveraged for causing mass disruption in one of two ways - (a) by affecting a large deployment of IoT devices with homogeneous characteristics to create attacks that transcend from the virtual to the physical world or (b) in a different way by leveraging the IoT infrastructure to cause mass scale attacks which have the potential to dwarf some of the largest DDoS attacks we have ever seen. IoT systems of current stage are highly susceptible to such forms of mass attacks

Cloud Deployments And Security

Cloud services are another cybersecurity battleground. Cloud and IaaS companies will need to compete on how well they manage and protect data while also providing productivity-enhancing functionality to their clients.Failure to offer the same levels of access control, data protection and breadth of productivity enhancement that enterprises are accustomed to enjoying inside the walls of their own data centers will force cloud companies into service niches that exclude their clients' most vital data. IDC, meanwhile, sees security software itself moving into the cloud: "Enterprises will be utilizing security software as a service (SaaS) in a greater share of their security spending. By the end of 2015, 15 per cent of all security will be delivered via SaaS or be hosted and by 2018 over 33 per cent will be".

Conclusion

Through all of this, enterprises are affected in multiple ways. Either their own data or their customer's data is at risk.

Fostering a Security-aware Environment – Netmagic

Moreover, enterprises may end up being used as channels for delivery of malware and conducting attacks, leading to regulatory, compliance and legal challenges. To avoid this, enterprises need to foster a security-aware environment. They need to prioritise risks and deploy resources towards mitigating the highest ones. While no single solution can address all requirements, a focussed approach towards security spending can definitely keep out most common attacks and significantly deter the determined attacker. Enterprises need to focus on deploying the right skills to make the security solutions effective. In most cases, a third party service provider provides a much better value addition to providing the right skills than building them in-house.

marketing@netmagicsolutions.com www.netmagicsolutions.com1800 103 3130

About Netmagic Solutions (An NTT Communications Company)

Netmagic, an NTT Communications company, is India’s leading Managed Hosting and Cloud Service Provider, with 8 carrier-neutral, state-of-the-art datacenters across the country. Established in 1998, Netmagic has been a pioneer in the Indian IT Infrastructure services space as it was the first to launch services such as cloud computing, managed security, Disaster Recovery-as-a-Service and software-defined storage. An IT Infrastructure Partner to more than 1400 enterprises globally, Netmagic, also delivers Remote Infrastructure Management services to NTT Communications’ customers across Americas, Europe and Asia-Pacific region. Netmagic is the recipient of several industry accolades and was recently chosen by India’s CIO community as the best service provider of Datacenter Managed Services and Cloud services, at the CIO Choice 2015 Awards.NTT Communications has subsidiaries and offices in 43 countries / regions, with over 21,600 employees worldwide. It had total operating revenues of 1230bilion JPY for year ending March 31, 2014 and has infrastructure worldwide, including leading global tier-1 IP network, the Arcstar Universal One™ VPN network reaching 196 countries/regions, and 130 secure datacenters.

NTT Communications is a part of NTT Corporation, Japan – one of world’s largest telecommunications companies and ranked 53 on Fortune Global 500 list (2014).

For further details please log into | Twitter: | LinkedIn: www.netmagicsolutions.com @netmagic @Netmagic Solutions

About NTT Communications Corporation

NTT Communications provides consultancy, architecture, security and cloud services to optimize the information and communications technology (ICT) environments of enterprises. These offerings are backed by the company’s worldwide infrastructure, including leading global tier-1 IP network, Arcstar Universal One™ VPN network reaching 196 countries/regions, and over 150 secure data centers. NTT Communications’ solutions leverage the global resources of NTT Group companies including Dimension Data, NTT DOCOMO and NTT DATA