Gaana.com, one of the popular music streaming service got hacked. It is reported that 10 million username, email addresses, MD5-encrypted password, date of births, and other personal information has been stolen.
It is reported by their CEO that they have taken the adequate measures to safeguard post incident. Here are a few things which you should do as a user or any other organization.
If you are a Gaana.com user...What should you do?
- Handling Passwords: Are you using the same password as Gaana.com in other sites? In that case, create different password for the other sites.
- Dealing with personal information: Do not give away your actual sensitive personal information (like date of birth) to different websites if possible. You need to check if you are violating the terms but for your own security it is a good idea to have "fake data" where ever possible without making any legal violation.
- Beware of Social Engineering Attempts: If anybody gets your personal information they may use it to conduct social engineering attacks. Beware of any social engineering attempt on you. If somebody calls you posing as a credit card company/bank who provides credible personal information of yours, Do not trust. Do not give away any financial information like your credit card details over phone.
>> Share with your friends: Click here to tweet!
How secure are the Indian companies?
At CISO Platform we have conducted study of more than 400 Indian Companies and here are some of the findings. The report is to be published next week. The statistical numbers shall be released during the launch of the report but here are some quick observations.
- More than 70% of Indian companies are under prepared when it comes to security.
- More than 80% of the companies lack in awareness among thesenior management. (For example we observed that a lot of companies believe that they have implemented DDOS security by having firewalls with very limited DOS protection)
How prepared is your organization?
If you are an organization ask yourself the following:
- When is the last time when you conducted a high quality Penetration Testing not just to have tick in the box?
- How long is your remediation cycle?
- Do you have an incident management program in place which is tested? (Just like your fire drill)
- Do you have a security dashboard for the management? Does it make sense?
- Is your Security team (both junior and senior members) spending adequate time in learning about the latest technological changes? Security is a fast changing world. Hackers are continuously learning and evolving. Are you?
Few must read resources..
5 Lessons from Linkedin Breach: Click here
How to implement an automated incident response architecture: Click here
Check if your SIEM is actually detecting breaches: Click here
Why is it easier to hack than to defend: Click here
2 Day Training on "Cyber Forensics and Incident Response": Click here
>> Share with your friends: Click here to tweet!
Don't miss: Wargame on How to respond to a breach?
During CISO Platform Decision Summit (June 4 and 5, New Delhi) we will have a real life strategy simulation on how to respond to a security breach. We have a set of great panelists like
- Brian Mizellle- VP Technology,Cigital
- Steve Ledzian- Director Systems Engineering, Fireeye
- Pawas Agarwal- CISO, Aircell
- Siva Sivasubramanium- CISO, Airtel
- Vibhore Sharma- CTO, Naukri
- Burgess Cooper- Partner, Ernst & Young
>> To claim your pass: Click here
.png)
Comments