At CISO Platform Annual Summit 2017, we had a panel discussion on the topic of Learning from Recent Global Security Breaches, including industry stalwart like Shailaja Adurthi(Vice President , Digital Bank, DBS Bank), Julen Mohanty (AVP, JP Morgan Chase), Sridhar Govardhan (General Manager-Cyber Security, Wipro Limited), Dhirendra Kumar (Head of Cyber Resillience and Information Risk, Barclays), Vivian Dmello (Information Security Officer, MOFSL), and Fal Ghancha (Business Information Security Officer, Reliance Nippon Life Asset Management, Ltd.).
Key Learning - Learning from Recent Global Security Breaches
- Equifax Breach– Governance Issue
(Read More: Equifax Breach Postmortem: Top Mistakes Enterprises Should Avoid)
- Yahoo Hack-
- Hackers were selling 200 million yahoo accounts in darkweb. Hacker named Peace obtained the data and is selling.
- Much of it is from older breaches, dating back to as early as 2012. But the consequences have already been serious—likely due in part to victims reusing passwords between sites—and include hackers compromising the Twitter accounts of Mark Zuckerberg, Twitter founder Ev Williams, a multitude of celebrities including Drake and Katie Perry and likely many more less-visible attacks. In fact, these breaches are so large it's hard to imagine anyone with a digital life who is not in some way affected.
- Common mistake which people and organisation do:
- Preventive Controls are very weak or no preventive Controls at all.
- Detection Technique are very weak and less.
- Containment is very poor.
- Even when companies knows they are hacked they are not able to prevent it due to lack of preventive measures.
- Mostly hacks happens due to malware attacks.
- Zomato said the development section was compromised.
- All organisation has IPS included and approx 5000-6000 groups are there. But manual changes are not possible.
- PPT(People, Process, technology) should be balanced.
- Itachi System got compromised.
- Evaluating Fraud Prevention technnique.
- For all the things there is 2 factor authentication but if your device is itself compromised, no use of 2-factor authentication.
(Use FireCompass discovery and comparison tool to shorten your vendor assessment cycle by months. Sign Up for FREE)