SlideShare ist ein Scribd-Unternehmen logo

Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept19'14)

XEventsHospitality
XEventsHospitality

By A.K. Vishwanathan, Senior Director – Enterprise Risk Services, Deloitte India Vis is a Chartered Accountant, has a Certified in Risk and Information System Control (CRISC) and a member of the Information Systems Audit and Controls Association (ISACA). He has advised large organisations in their endeavour in information security and controls, and led risk consulting in complex environments and regulated industries; specifically banking and financial services, telecom, manufacturing, oil and gas, pharma and life sciences and government sector.

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
In association with Presented by Supported by GLOBAL CYBER SECURITY OUTLOOK A.K. Vishwanathan, Senior Director – Enterprise Risk Services, Deloitte India SEPT 19, 2014 Hotel Digital Security Seminar
Presented by In association with Supported by A.K. Vishwanathan Vis is a Chartered Accountant, has a Certified in Risk and Information System Control (CRISC) and a member of the Information Systems Audit and Controls Association (ISACA). He has advised large organisations in their endeavour in information security and controls, and led risk consulting in complex environments and regulated industries; specifically banking and financial services, telecom, manufacturing, oil and gas, pharma and life sciences and government sector. By X Events Hospitality (www.x-events.in) 2 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Presented by In association with Supported by Agenda By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 3 ¨ Current state ¨ Case study ¨ Solutions ¨ Way forward
Presented by In association with Supported by Current state By X Events Hospitality (www.x-events.in) 4 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Presented by In association with Supported by Recent trends in India Over 35 % of the Indian organizations across various sectors have engaged in corporate espionage Nearly14,000 websites were 5000 hacked by cyber criminals till October 2012, an increase of nearly 57% from 2009. 81% of the CXO in this sectors depicts an increase in information security spending over the coming few years Website of Indian Embassy in Tunisia hacked in retaliation to the terrorism attack on Karachi Airport in June 2014. The embassy website was hacked by a group called “Hunt3R Source : NCRB (National Crime Number of Cyber Crimes under IT Act Records Bureau By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 5 0 2008 2009 2010 2011 2012 2013
Presented by In association with Supported by Key information security challenges – Pain areas The following are they key information security challenges being major organizations in India By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 6 01 02 03 04 05 Cyber Spying Virus and Trojans Data Theft Cyber Terrorism Phishing & Identity Theft Illegal interception of government data by foreign countries. NSA has been alleged to plant bugs in Indian embassy in Washington DC Infection of government IT systems with malwares that allow gives control to the hackers. Government of India IT systems infected by Conficker worm in 2008 causing multiple crashes and downtime. Insecure storage of GOI data leading to unauthorized access by hackers and spies. Alleged Chinese hackers in 2010 hacked in GOI systems to access National Security Council data Hacktivism attacks on GOI websites leading to reputational damage. Multiple foreign country hackers were responsible for hacking of websites of GOI Phishing attacks targeted towards GOI employees to steal identities and data. GhostNet attacks on Indian Government employees was conducted through spear phishing attacks CIA CIA CIA CIA CIA Confidentiality : Sensitive content and privacy of data Integrity : Unauthorized modification of data Availability : Multiple points in the IT infra preventing single point of failure Source : Times of India
Presented by In association with Supported by Understanding cyber threats Modern Cyber Threat landscape have evolved over the years. Applications and IT infrastructures are core pillars in today’s business. Security of core shall ensure security of the business. 1 Actors with differing motives and sophistication – often colluding with each other 4 Data is money – criminal underground makes for easy monetization Criminals pilferage on the PII data for identity theft leading to potential damages to customers By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 7 2 Organizational boundaries have disappeared – anytime, anyhow, anywhere computing 3 Attacks exploit weakest link in the value / supply chain 5 Traditional controls are necessary but not adequate 6 Regulators and government are key stakeholders with ever increasing focus Loss of PII data, customer data, sensitive and confidential company data. Availability of organization’s information is crucial and loss of such could result in impacting critical business functions. Breach of integrity could result in complete breakdown of trust of the organization. Brand reputation gets affected majorly leading to loss in revenue Losses resulting from leakage of backend customer data will impact customer’s trust on the brand National Cyber Security Policy formulated with focus on capability building at Nation level
Presented by In association with Supported by Industry view – Indian sector view By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 8 Hotels Airlines Travels & Tourism Sensitive information handled: Internal strategic & Customer Confidential • Visitor name, address, contact details, unique identification numbers or documents – Passport, PAN card, Driving License, Credit card etc. • Hotel billing details such as billing and payments , outstanding bills etc. • List of No. of Rooms occupied/vacant, pre-booked rooms, etc. • Vendors/Supplier details, contract details, outstanding payment details • Passenger Name, contact details, passport, visa details etc. • Flight details such as no of passengers and crew, passenger and crew personal details, city and time of departure and arrival etc. • Flight details such as details of flight status, flight maintenance details, etc. • Tourists’ Name, Address, Contact Details and unique identification numbers or documents • Tourist travel details such as mode of travel, destination city, duration of stay and accommodation details. • List of strategic tie-ups and related financial records with the organization
Presented by In association with Supported by Industry view – Indian sector view By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 9 Hotels Airlines Travels &Tourism Concerns • Absence of security compliance for information related controls • Compliance controls on basis of the quality controls only • Regulatory compliances in terms of financial or business controls • Absence of security compliance for information related controls • Absence of security compliance for information related controls • Compliance controls on basis of the quality controls only Security initiatives in HATT sector • Regulatory Implications drive security approach. Initiatives are taken by management to drive security in the organizations • Absence of regulatory requirements provides ground for laxity in security initiatives within organization
Presented by In association with Supported by Paradigm shift: Info security mgt. By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 10 Key questions to consider: ¨ Strategically … • Do you have a cyber security strategy including a clear cyber governance framework ? • How are you evaluating and managing cyber risk? • Is the existing risk framework adequate to address changing threat landscape? • How structured and well-tested are you existing incident response and crisis management capabilities? ¨ And tactically … • What is leaving our network and where is it going? • Who is really logging into our network and from where? • What information are we making available to a cyber adversary?
Presented by In association with Supported by Case study By X Events Hospitality (www.x-events.in) 11 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Presented by In association with Supported by Operation hangover By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 12 Recently attackers of unknown origin conducted a large hacking operation on multiple companies from servers hosted in India. Target Employee in the Victim Company Attacker creates a malicious attachment in PDF file and sends to an unsuspecting and unaware foreign government employee. The malware is signed using certificates purchased by a company in New Delhi, India 1 The users gets infected with malware that acts as a backdoor to his system. The attacker is able to pivot his system to conduct further attacks in the network. 2 Server hosted in India. All data stolen from the company are stored in a server hosted in India with domain names similar to large ecommerce sites in India. These form of operational security measures indicate an attempt by the attackers to hide the operation in plain sight 3 Source : Norman ASA
Presented by In association with Supported by Leading hotel chain in the USA Key Security Flaws (as per FTC report) Absence of Firewalls Default username and passwords Weak access controls for remote sites 4 Failure to conduct regular reviews Implications By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 13 A leading US hotel chain was breached by hackers from 2009 – 2010 resulting in stealing of 700,000 customer information. They were breached 3 times in the period during which these information was siphoned out. 1 2 3 • FTC sued the organization for loss of customer information • Organization has failed to dismiss the case • Investigations proved major non compliance to PCI DSS requirements by organization locations • 10.6 mil USD was estimated cost of data breach Source :Media Reports
Presented by In association with Supported by Hospitality industry Leading Airlines in US It takes an average of 156 days for By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 14 Hospitality, Airlines and Tourism industries depend on exhaustive branding and marketing efforts for sale of their services. Any impact on their IT infrastructure, websites or data that gets published in the media leads to direct effect on their revenue and core business sales. Incident • Airways vendors got breached by hackers leading to disclosure of internal employee information and customer information. • Data breach was investigated however with no conclusive root cause analysis Impact • Multiple news reports on the data breach got published leading to branding and reputational risks for the airlines. businesses to realize that the a breach has occurred (Trustwave) 43% of CXO officers report that negligent insiders are source of majority of the breaches (IBM) Source :Media Reports
Presented by In association with Supported by Way Forward By X Events Hospitality (www.x-events.in) 15 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Presented by In association with Supported by Cyber security mgt: Methodology By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 16
Presented by In association with Supported by Cyber security: Maturity model Situational Awareness of Cyber Threats Automated Electronic Discovery & Forensics Basic Online Brand Monitoring Automated Malware Forensics & Manual Electronic Discovery Government / Sector Threat Intelligence Collaboration Ad-hoc Threat Intelligence Sharing with Peers Baiting & Counter-Threat Intelligence Criminal / Hacker Surveillance Commercial & Open Source Threat Intelligence Feeds Real-time Business Risk Analytics & Decision Support Workforce / Customer Behaviour Profiling Network & System Centric Activity Profiling Business Partner Cyber Security Awareness Targeted Intelligence-Based Cyber Security Awareness General Information Security Training & Awareness Brand Monitoring E-Discovery & Forensics Intelligence Collaboration External Threat Intelligence Behavioural Analytics Training & Awareness Cyber Attack Preparation Asset Protection Security Event Monitoring Transformation By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 17 IT Cyber Attack Simulations Business-Wide Cyber Attack Exercises Sector-Wide & Supply Chain Cyber Attack Exercises Enterprise-Wide Infrastructure & Application Protection Global Cross-Sector Threat Intelligence Sharing Identity-Aware Information Protection IT BC & DR Exercises Ad Hoc Infrastructure & Application Protection Adaptive & Automated Security Control Updates IT Service Desk & Whistleblowing Security Log Collection & Ad Hoc Reporting External & Internal Threat Intelligence Correlation Cross-Channel Malicious Activity Detection 24x7 Technology Centric Security Event Reporting Automated IT Asset Vulnerability Monitoring Targeted Cross-Platform User Activity Monitoring Tailored & Integrated Business Process Monitoring Traditional Signature-Based Security Controls Periodic IT Asset Vulnerability Assessments Proactive Threat Management Level 1 Level 2 Level 3 Level 4 Level 5 Internal Threat Intelligence Cyber Security Maturity Levels Basic Network Protection Acceptable Usage Policy Operational Excellence Blissful Ignorance Online Brand & Social Media Policing Ad Hoc System / Malware Forensics
Presented by In association with Supported by Way forward: Cyber security v2.0 By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 18 A forward-looking approach to developing your organization’s cyber security capabilities is needed to ensure on-going cyber threat mitigation and incident response.
Presented by In association with Supported by About us HATT is India's young and premium community for CXOs from the Hospitality, Healthcare, Aviation, Travel and Tourism industries. o With over 1,000 members across India, we are now poised to expand globally with a presence in South East Asia and the Middle East by 2016. www.hattforum.com Hotel Digital Security Seminar & Webinar, Sept 19, 2014 19 X Events manages & supports events exclusively for the hospitality & travel industries. o Our USP is that we are hoteliers by training. We focus on the two most important aspects of an event; content quality and impact. o We do it because we believe in it. www.x-events.in By X Events Hospitality (www.x-events.in) FB/hattforum
Presented by In association with Supported by Our host – Brian Pereira Brian is a veteran technology journalist with two decades of experience. He has served as editor for two magazines: CHIP and InformationWeek India. He is a respected speaker & host at conferences worldwide. In his current role at Hannover Milano Fairs India, Brian serves as project head for CeBIT Global Conferences, the world's largest ICT fair that will debut in India this November, in Bangalore. By X Events Hospitality (www.x-events.in) 20 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Presented by In association with Supported by Hotel Digital Security Seminar & Webinar, Sept 19, 2014 21 Five expert speakers 1. Latest threats in digital security (Worms, attacks, viruses, flaws) - Santosh Satam, CEO, SecurBay Services. 2. The immediate action needed to tighten up (Priority list, cost, internal policies) - Ambarish Deshpande, MD - India & SAARC, Blue Coat 3. Information loss prevention (Principles & practices) - Geet Lulla, VP - India & ME, Seclore 4. How to build a business case & get the management's attention - Dhananjay Rokde, CISO, Cox & Kings Group. 5. Global cyber security outlook - A. K. Viswanathan, Senior Director - Enterprise Risk Services, Deloitte India. By X Events Hospitality (www.x-events.in) The seminar schedule
Presented by In association with Supported by Our sponsors & supporters By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 22 Thank You
In association with Presented by Supported by HOTEL DIGITAL SECURITY SEMINAR SEPT 19, 2014 www.x-events.in

Empfohlen

Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Gartner 2013 it cost optimization strategy, best practices & risks
Gartner 2013 it cost optimization strategy, best practices & risksGartner 2013 it cost optimization strategy, best practices & risks
Gartner 2013 it cost optimization strategy, best practices & risks
Satya Harish
 
AWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and WorkshopsAWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and Workshops
Tom Laszewski
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
Amazon Web Services
 
Remote IT Infra - lower cost & higher efficiency
Remote IT Infra - lower cost & higher efficiencyRemote IT Infra - lower cost & higher efficiency
Remote IT Infra - lower cost & higher efficiency
Abimanyu V
 
Managed it services
Managed it servicesManaged it services
Managed it services
Gss America
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
Dinesh O Bareja
 

Empfohlen

Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Gartner 2013 it cost optimization strategy, best practices & risks
Gartner 2013 it cost optimization strategy, best practices & risksGartner 2013 it cost optimization strategy, best practices & risks
Gartner 2013 it cost optimization strategy, best practices & risks
Satya Harish
 
AWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and WorkshopsAWS Cloud Adoption Framework and Workshops
AWS Cloud Adoption Framework and Workshops
Tom Laszewski
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
AWS re:Invent 2016: Governance Strategies for Cloud Transformation (WWPS302)
Amazon Web Services
 
Remote IT Infra - lower cost & higher efficiency
Remote IT Infra - lower cost & higher efficiencyRemote IT Infra - lower cost & higher efficiency
Remote IT Infra - lower cost & higher efficiency
Abimanyu V
 
Managed it services
Managed it servicesManaged it services
Managed it services
Gss America
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
Dinesh O Bareja
 
Managed Services Support
Managed Services SupportManaged Services Support
Managed Services Support
jdivalerio
 
Desktop as a Service DaaS in India by BSNL SIS
Desktop as a Service DaaS in India by BSNL SISDesktop as a Service DaaS in India by BSNL SIS
Desktop as a Service DaaS in India by BSNL SIS
SATYAVEER PAL
 
AWS Cloud Migration Insights Forum
AWS Cloud Migration Insights ForumAWS Cloud Migration Insights Forum
AWS Cloud Migration Insights Forum
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS Migration Planning Roadmap
AWS Migration Planning RoadmapAWS Migration Planning Roadmap
AWS Migration Planning Roadmap
Amazon Web Services
 
A cloud readiness assessment framework
A cloud readiness assessment frameworkA cloud readiness assessment framework
A cloud readiness assessment framework
Carlo Colicchio
 
ITIL PPT
ITIL PPTITIL PPT
ITIL PPT
Vikas Aryan
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
Amazon Web Services
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
Happiest Minds Technologies
 
Manage services presentation
Manage services presentationManage services presentation
Manage services presentation
Len Moncrieffe
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
Allen Baranov
 
Migration Planning
Migration PlanningMigration Planning
Migration Planning
Amazon Web Services
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
David J Rosenthal
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
John Arnold
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept Overview
Ilya O
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
 
Digital grid: Disruptive digital technologies
Digital grid: Disruptive digital technologiesDigital grid: Disruptive digital technologies
Digital grid: Disruptive digital technologies
Accenture the Netherlands
 

Weitere ähnliche Inhalte

Was ist angesagt?

AWS Cloud Migration Insights Forum
AWS Cloud Migration Insights ForumAWS Cloud Migration Insights Forum
AWS Cloud Migration Insights Forum
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
A cloud readiness assessment framework
A cloud readiness assessment frameworkA cloud readiness assessment framework
A cloud readiness assessment framework
Carlo Colicchio
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Manage services presentation
Manage services presentationManage services presentation
Manage services presentation
Len Moncrieffe
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 

Was ist angesagt? (20)

Managed Services Support
Managed Services SupportManaged Services Support
Managed Services Support
 
Desktop as a Service DaaS in India by BSNL SIS
Desktop as a Service DaaS in India by BSNL SISDesktop as a Service DaaS in India by BSNL SIS
Desktop as a Service DaaS in India by BSNL SIS
 
AWS Cloud Migration Insights Forum
AWS Cloud Migration Insights ForumAWS Cloud Migration Insights Forum
AWS Cloud Migration Insights Forum
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
AWS Migration Planning Roadmap
AWS Migration Planning RoadmapAWS Migration Planning Roadmap
AWS Migration Planning Roadmap
 
A cloud readiness assessment framework
A cloud readiness assessment frameworkA cloud readiness assessment framework
A cloud readiness assessment framework
 
ITIL PPT
ITIL PPTITIL PPT
ITIL PPT
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
Manage services presentation
Manage services presentationManage services presentation
Manage services presentation
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
 
Migration Planning
Migration PlanningMigration Planning
Migration Planning
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept Overview
 

Andere mochten auch

Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Accenture Mobility - Trends for the Next Decade
Accenture Mobility - Trends for the Next DecadeAccenture Mobility - Trends for the Next Decade
Accenture Mobility - Trends for the Next Decade
Lars Kamp
 

Andere mochten auch (20)

Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
 
Digital grid: Disruptive digital technologies
Digital grid: Disruptive digital technologiesDigital grid: Disruptive digital technologies
Digital grid: Disruptive digital technologies
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
Things That Don't Matter in Your Presentation!
Things That Don't Matter in Your Presentation!Things That Don't Matter in Your Presentation!
Things That Don't Matter in Your Presentation!
 
Accenture Mobility - Trends for the Next Decade
Accenture Mobility - Trends for the Next DecadeAccenture Mobility - Trends for the Next Decade
Accenture Mobility - Trends for the Next Decade
 
Presentation Design Trends 2015
Presentation Design Trends 2015Presentation Design Trends 2015
Presentation Design Trends 2015
 
Screw You Bullet Points! [Rest in Peace]
Screw You Bullet Points! [Rest in Peace]Screw You Bullet Points! [Rest in Peace]
Screw You Bullet Points! [Rest in Peace]
 
5 tools for an awesome presentation-By Samid Razzak
5 tools for an awesome presentation-By Samid Razzak5 tools for an awesome presentation-By Samid Razzak
5 tools for an awesome presentation-By Samid Razzak
 
The Art of the Presentation
The Art of the PresentationThe Art of the Presentation
The Art of the Presentation
 
Presentation Design Trends 2014
Presentation Design Trends 2014Presentation Design Trends 2014
Presentation Design Trends 2014
 
OpenACC Month Highlights- October
OpenACC Month Highlights- OctoberOpenACC Month Highlights- October
OpenACC Month Highlights- October
 
Digital Trends in 2017: Making Business Impact in a Changing World
Digital Trends in 2017: Making Business Impact in a Changing WorldDigital Trends in 2017: Making Business Impact in a Changing World
Digital Trends in 2017: Making Business Impact in a Changing World
 
23 quick color themes for your presentation
23 quick color themes for your presentation23 quick color themes for your presentation
23 quick color themes for your presentation
 
5 Ways To Surprise Your Audience (and keep their attention)
5 Ways To Surprise Your Audience (and keep their attention)5 Ways To Surprise Your Audience (and keep their attention)
5 Ways To Surprise Your Audience (and keep their attention)
 
17 Ways to Design a Presentation People Want to View
17 Ways to Design a Presentation People Want to View17 Ways to Design a Presentation People Want to View
17 Ways to Design a Presentation People Want to View
 
Digital Business - Accenture
Digital Business - AccentureDigital Business - Accenture
Digital Business - Accenture
 
MBA case study presentation template
MBA case study presentation templateMBA case study presentation template
MBA case study presentation template
 
5 Presentation design trends 2017
5 Presentation design trends 20175 Presentation design trends 2017
5 Presentation design trends 2017
 

Ähnlich wie Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept19'14)

Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdf
Chinatu Uzuegbu
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 

Ähnlich wie Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept19'14) (20)

Latest Threats in Digital Security - SecurBay (Hotel_Digital_Security_Seminar...
Latest Threats in Digital Security - SecurBay (Hotel_Digital_Security_Seminar...Latest Threats in Digital Security - SecurBay (Hotel_Digital_Security_Seminar...
Latest Threats in Digital Security - SecurBay (Hotel_Digital_Security_Seminar...
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Identity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdfIdentity & Access Management Day 2022.pdf
Identity & Access Management Day 2022.pdf
 
Ghostery Enterprise Security Study
Ghostery Enterprise Security StudyGhostery Enterprise Security Study
Ghostery Enterprise Security Study
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
 
Tighten Up Data Security - Blue Coat (Hotel_Data_Security_Seminar_Sept19'14)
Tighten Up Data Security - Blue Coat (Hotel_Data_Security_Seminar_Sept19'14)Tighten Up Data Security - Blue Coat (Hotel_Data_Security_Seminar_Sept19'14)
Tighten Up Data Security - Blue Coat (Hotel_Data_Security_Seminar_Sept19'14)
 
Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Infosecurity magazine webinar v2
Infosecurity magazine webinar v2Infosecurity magazine webinar v2
Infosecurity magazine webinar v2
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
Identity Verification API The Cornerstone of Digital Trust.docx
Identity Verification API The Cornerstone of Digital Trust.docxIdentity Verification API The Cornerstone of Digital Trust.docx
Identity Verification API The Cornerstone of Digital Trust.docx
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
The latest threats on digital security -
The latest threats on digital security - The latest threats on digital security -
The latest threats on digital security -
 
Third-party Remote Support Threats Inforgraphic
Third-party Remote Support Threats InforgraphicThird-party Remote Support Threats Inforgraphic
Third-party Remote Support Threats Inforgraphic
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | Sysfore
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 

Mehr von XEventsHospitality

Women In Hospitality Industry Leadership 2017 (AHLA & Castell Project)
Women In Hospitality Industry Leadership 2017 (AHLA & Castell Project)Women In Hospitality Industry Leadership 2017 (AHLA & Castell Project)
Women In Hospitality Industry Leadership 2017 (AHLA & Castell Project)
XEventsHospitality
 
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
XEventsHospitality
 

Mehr von XEventsHospitality (7)

Int'l Chefs Day (India) 2019 - Overview
Int'l Chefs Day (India) 2019 - OverviewInt'l Chefs Day (India) 2019 - Overview
Int'l Chefs Day (India) 2019 - Overview
 
Women In Hospitality Industry Leadership 2017 (AHLA & Castell Project)
Women In Hospitality Industry Leadership 2017 (AHLA & Castell Project)Women In Hospitality Industry Leadership 2017 (AHLA & Castell Project)
Women In Hospitality Industry Leadership 2017 (AHLA & Castell Project)
 
Int'l Chefs Day India 2018 (Main Preview, Apr 19)
Int'l Chefs Day India 2018 (Main Preview, Apr 19)Int'l Chefs Day India 2018 (Main Preview, Apr 19)
Int'l Chefs Day India 2018 (Main Preview, Apr 19)
 
How to create a safe workplace for ladies in hospitality
How to create a safe workplace for ladies in hospitalityHow to create a safe workplace for ladies in hospitality
How to create a safe workplace for ladies in hospitality
 
What makes a great workplace really GREAT!
What makes a great workplace really GREAT!What makes a great workplace really GREAT!
What makes a great workplace really GREAT!
 
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
 
Information Loss Prevention - Seclore (Hotel_Digital_Security_Semianr_Sept19'14)
Information Loss Prevention - Seclore (Hotel_Digital_Security_Semianr_Sept19'14)Information Loss Prevention - Seclore (Hotel_Digital_Security_Semianr_Sept19'14)
Information Loss Prevention - Seclore (Hotel_Digital_Security_Semianr_Sept19'14)
 

Kürzlich hochgeladen

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept19'14)

  • 1. In association with Presented by Supported by GLOBAL CYBER SECURITY OUTLOOK A.K. Vishwanathan, Senior Director – Enterprise Risk Services, Deloitte India SEPT 19, 2014 Hotel Digital Security Seminar
  • 2. Presented by In association with Supported by A.K. Vishwanathan Vis is a Chartered Accountant, has a Certified in Risk and Information System Control (CRISC) and a member of the Information Systems Audit and Controls Association (ISACA). He has advised large organisations in their endeavour in information security and controls, and led risk consulting in complex environments and regulated industries; specifically banking and financial services, telecom, manufacturing, oil and gas, pharma and life sciences and government sector. By X Events Hospitality (www.x-events.in) 2 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
  • 3. Presented by In association with Supported by Agenda By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 3 ¨ Current state ¨ Case study ¨ Solutions ¨ Way forward
  • 4. Presented by In association with Supported by Current state By X Events Hospitality (www.x-events.in) 4 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
  • 5. Presented by In association with Supported by Recent trends in India Over 35 % of the Indian organizations across various sectors have engaged in corporate espionage Nearly14,000 websites were 5000 hacked by cyber criminals till October 2012, an increase of nearly 57% from 2009. 81% of the CXO in this sectors depicts an increase in information security spending over the coming few years Website of Indian Embassy in Tunisia hacked in retaliation to the terrorism attack on Karachi Airport in June 2014. The embassy website was hacked by a group called “Hunt3R Source : NCRB (National Crime Number of Cyber Crimes under IT Act Records Bureau By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 5 0 2008 2009 2010 2011 2012 2013
  • 6. Presented by In association with Supported by Key information security challenges – Pain areas The following are they key information security challenges being major organizations in India By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 6 01 02 03 04 05 Cyber Spying Virus and Trojans Data Theft Cyber Terrorism Phishing & Identity Theft Illegal interception of government data by foreign countries. NSA has been alleged to plant bugs in Indian embassy in Washington DC Infection of government IT systems with malwares that allow gives control to the hackers. Government of India IT systems infected by Conficker worm in 2008 causing multiple crashes and downtime. Insecure storage of GOI data leading to unauthorized access by hackers and spies. Alleged Chinese hackers in 2010 hacked in GOI systems to access National Security Council data Hacktivism attacks on GOI websites leading to reputational damage. Multiple foreign country hackers were responsible for hacking of websites of GOI Phishing attacks targeted towards GOI employees to steal identities and data. GhostNet attacks on Indian Government employees was conducted through spear phishing attacks CIA CIA CIA CIA CIA Confidentiality : Sensitive content and privacy of data Integrity : Unauthorized modification of data Availability : Multiple points in the IT infra preventing single point of failure Source : Times of India
  • 7. Presented by In association with Supported by Understanding cyber threats Modern Cyber Threat landscape have evolved over the years. Applications and IT infrastructures are core pillars in today’s business. Security of core shall ensure security of the business. 1 Actors with differing motives and sophistication – often colluding with each other 4 Data is money – criminal underground makes for easy monetization Criminals pilferage on the PII data for identity theft leading to potential damages to customers By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 7 2 Organizational boundaries have disappeared – anytime, anyhow, anywhere computing 3 Attacks exploit weakest link in the value / supply chain 5 Traditional controls are necessary but not adequate 6 Regulators and government are key stakeholders with ever increasing focus Loss of PII data, customer data, sensitive and confidential company data. Availability of organization’s information is crucial and loss of such could result in impacting critical business functions. Breach of integrity could result in complete breakdown of trust of the organization. Brand reputation gets affected majorly leading to loss in revenue Losses resulting from leakage of backend customer data will impact customer’s trust on the brand National Cyber Security Policy formulated with focus on capability building at Nation level
  • 8. Presented by In association with Supported by Industry view – Indian sector view By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 8 Hotels Airlines Travels & Tourism Sensitive information handled: Internal strategic & Customer Confidential • Visitor name, address, contact details, unique identification numbers or documents – Passport, PAN card, Driving License, Credit card etc. • Hotel billing details such as billing and payments , outstanding bills etc. • List of No. of Rooms occupied/vacant, pre-booked rooms, etc. • Vendors/Supplier details, contract details, outstanding payment details • Passenger Name, contact details, passport, visa details etc. • Flight details such as no of passengers and crew, passenger and crew personal details, city and time of departure and arrival etc. • Flight details such as details of flight status, flight maintenance details, etc. • Tourists’ Name, Address, Contact Details and unique identification numbers or documents • Tourist travel details such as mode of travel, destination city, duration of stay and accommodation details. • List of strategic tie-ups and related financial records with the organization
  • 9. Presented by In association with Supported by Industry view – Indian sector view By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 9 Hotels Airlines Travels &Tourism Concerns • Absence of security compliance for information related controls • Compliance controls on basis of the quality controls only • Regulatory compliances in terms of financial or business controls • Absence of security compliance for information related controls • Absence of security compliance for information related controls • Compliance controls on basis of the quality controls only Security initiatives in HATT sector • Regulatory Implications drive security approach. Initiatives are taken by management to drive security in the organizations • Absence of regulatory requirements provides ground for laxity in security initiatives within organization
  • 10. Presented by In association with Supported by Paradigm shift: Info security mgt. By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 10 Key questions to consider: ¨ Strategically … • Do you have a cyber security strategy including a clear cyber governance framework ? • How are you evaluating and managing cyber risk? • Is the existing risk framework adequate to address changing threat landscape? • How structured and well-tested are you existing incident response and crisis management capabilities? ¨ And tactically … • What is leaving our network and where is it going? • Who is really logging into our network and from where? • What information are we making available to a cyber adversary?
  • 11. Presented by In association with Supported by Case study By X Events Hospitality (www.x-events.in) 11 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
  • 12. Presented by In association with Supported by Operation hangover By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 12 Recently attackers of unknown origin conducted a large hacking operation on multiple companies from servers hosted in India. Target Employee in the Victim Company Attacker creates a malicious attachment in PDF file and sends to an unsuspecting and unaware foreign government employee. The malware is signed using certificates purchased by a company in New Delhi, India 1 The users gets infected with malware that acts as a backdoor to his system. The attacker is able to pivot his system to conduct further attacks in the network. 2 Server hosted in India. All data stolen from the company are stored in a server hosted in India with domain names similar to large ecommerce sites in India. These form of operational security measures indicate an attempt by the attackers to hide the operation in plain sight 3 Source : Norman ASA
  • 13. Presented by In association with Supported by Leading hotel chain in the USA Key Security Flaws (as per FTC report) Absence of Firewalls Default username and passwords Weak access controls for remote sites 4 Failure to conduct regular reviews Implications By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 13 A leading US hotel chain was breached by hackers from 2009 – 2010 resulting in stealing of 700,000 customer information. They were breached 3 times in the period during which these information was siphoned out. 1 2 3 • FTC sued the organization for loss of customer information • Organization has failed to dismiss the case • Investigations proved major non compliance to PCI DSS requirements by organization locations • 10.6 mil USD was estimated cost of data breach Source :Media Reports
  • 14. Presented by In association with Supported by Hospitality industry Leading Airlines in US It takes an average of 156 days for By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 14 Hospitality, Airlines and Tourism industries depend on exhaustive branding and marketing efforts for sale of their services. Any impact on their IT infrastructure, websites or data that gets published in the media leads to direct effect on their revenue and core business sales. Incident • Airways vendors got breached by hackers leading to disclosure of internal employee information and customer information. • Data breach was investigated however with no conclusive root cause analysis Impact • Multiple news reports on the data breach got published leading to branding and reputational risks for the airlines. businesses to realize that the a breach has occurred (Trustwave) 43% of CXO officers report that negligent insiders are source of majority of the breaches (IBM) Source :Media Reports
  • 15. Presented by In association with Supported by Way Forward By X Events Hospitality (www.x-events.in) 15 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
  • 16. Presented by In association with Supported by Cyber security mgt: Methodology By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 16
  • 17. Presented by In association with Supported by Cyber security: Maturity model Situational Awareness of Cyber Threats Automated Electronic Discovery & Forensics Basic Online Brand Monitoring Automated Malware Forensics & Manual Electronic Discovery Government / Sector Threat Intelligence Collaboration Ad-hoc Threat Intelligence Sharing with Peers Baiting & Counter-Threat Intelligence Criminal / Hacker Surveillance Commercial & Open Source Threat Intelligence Feeds Real-time Business Risk Analytics & Decision Support Workforce / Customer Behaviour Profiling Network & System Centric Activity Profiling Business Partner Cyber Security Awareness Targeted Intelligence-Based Cyber Security Awareness General Information Security Training & Awareness Brand Monitoring E-Discovery & Forensics Intelligence Collaboration External Threat Intelligence Behavioural Analytics Training & Awareness Cyber Attack Preparation Asset Protection Security Event Monitoring Transformation By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 17 IT Cyber Attack Simulations Business-Wide Cyber Attack Exercises Sector-Wide & Supply Chain Cyber Attack Exercises Enterprise-Wide Infrastructure & Application Protection Global Cross-Sector Threat Intelligence Sharing Identity-Aware Information Protection IT BC & DR Exercises Ad Hoc Infrastructure & Application Protection Adaptive & Automated Security Control Updates IT Service Desk & Whistleblowing Security Log Collection & Ad Hoc Reporting External & Internal Threat Intelligence Correlation Cross-Channel Malicious Activity Detection 24x7 Technology Centric Security Event Reporting Automated IT Asset Vulnerability Monitoring Targeted Cross-Platform User Activity Monitoring Tailored & Integrated Business Process Monitoring Traditional Signature-Based Security Controls Periodic IT Asset Vulnerability Assessments Proactive Threat Management Level 1 Level 2 Level 3 Level 4 Level 5 Internal Threat Intelligence Cyber Security Maturity Levels Basic Network Protection Acceptable Usage Policy Operational Excellence Blissful Ignorance Online Brand & Social Media Policing Ad Hoc System / Malware Forensics
  • 18. Presented by In association with Supported by Way forward: Cyber security v2.0 By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 18 A forward-looking approach to developing your organization’s cyber security capabilities is needed to ensure on-going cyber threat mitigation and incident response.
  • 19. Presented by In association with Supported by About us HATT is India's young and premium community for CXOs from the Hospitality, Healthcare, Aviation, Travel and Tourism industries. o With over 1,000 members across India, we are now poised to expand globally with a presence in South East Asia and the Middle East by 2016. www.hattforum.com Hotel Digital Security Seminar & Webinar, Sept 19, 2014 19 X Events manages & supports events exclusively for the hospitality & travel industries. o Our USP is that we are hoteliers by training. We focus on the two most important aspects of an event; content quality and impact. o We do it because we believe in it. www.x-events.in By X Events Hospitality (www.x-events.in) FB/hattforum
  • 20. Presented by In association with Supported by Our host – Brian Pereira Brian is a veteran technology journalist with two decades of experience. He has served as editor for two magazines: CHIP and InformationWeek India. He is a respected speaker & host at conferences worldwide. In his current role at Hannover Milano Fairs India, Brian serves as project head for CeBIT Global Conferences, the world's largest ICT fair that will debut in India this November, in Bangalore. By X Events Hospitality (www.x-events.in) 20 Hotel Digital Security Seminar & Webinar, Sept 19, 2014
  • 21. Presented by In association with Supported by Hotel Digital Security Seminar & Webinar, Sept 19, 2014 21 Five expert speakers 1. Latest threats in digital security (Worms, attacks, viruses, flaws) - Santosh Satam, CEO, SecurBay Services. 2. The immediate action needed to tighten up (Priority list, cost, internal policies) - Ambarish Deshpande, MD - India & SAARC, Blue Coat 3. Information loss prevention (Principles & practices) - Geet Lulla, VP - India & ME, Seclore 4. How to build a business case & get the management's attention - Dhananjay Rokde, CISO, Cox & Kings Group. 5. Global cyber security outlook - A. K. Viswanathan, Senior Director - Enterprise Risk Services, Deloitte India. By X Events Hospitality (www.x-events.in) The seminar schedule
  • 22. Presented by In association with Supported by Our sponsors & supporters By X Events Hospitality Hotel Digital Security Seminar & Webinar, Sept 19, 2014 (www.x-events.in) 22 Thank You
  • 23. In association with Presented by Supported by HOTEL DIGITAL SECURITY SEMINAR SEPT 19, 2014 www.x-events.in