Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Cyber Security Awareness
1. Cyber Security Awareness for Board
4th April 2018
Nanda Mohan Shenoy D
CAIIB,DBM-Part I,, NSE Certified Market Professional Level-1 ,
P G Diploma in IRPM, PG Diploma in EDP and Computer Management, DIM,
LA ISO 9001,LA ISO 27001 NISM empanelled CPE Trainer
1
Director
8. Data Protection Framework-India
• Committee of Experts under the
Chairmanship of Justice B N
Srikrishna, Former Judge,
Supreme Court of India, to identify
key data protection issues in India
and recommend methods of
addressing them.
• Released for Public Comments on
27th Nov 2017 (243 pages)
• Last date for public comments was
31st Dec 2017
8
11. Ransomware- Statistics
• A company is hit with ransomware
every 40 seconds
• 6 in 10 malware payloads were
ransomware in Q1 2017.
• There were 4.3x new ransomware
variants in Q1 2017 than in Q1
2016
• 15% or more of businesses in the
top 10 industry sectors have been
attacked.
• 1 in 4 businesses hit with
ransomware have 1,000
employees or more
• 71% of companies targeted by
ransomware attacks have been
infected
Source: https://blog.barkly.com/ransonware-statistics-2017
11
17. Cyber Crime
State & UT
Metropolitan Cities > 2 Mio Population
17
CY FY
2017 (H1) 27,482 NA
2016 50,362 16,468
2015 49,455 13,083
2014 44,679 9,500
18. Emergence of Cyber Threat
• Mobile Applications
• Third party beyond boundaries
• Email
– Research by IBM reveals that 59% of
ransomware attacks originate with phishing
emails and a remarkable 91% of all malware
is delivered by email
18
23. Reporting Responsibility
• Wannacry attack
is a Cyber Security
Incident
• Mandatory
Reporting as per
Sec 70 B
– shall be
punishable with
imprisonment
for a term which
may extend to
one year or with
fine which may
extend to one
lakh rupees or
with both
23
Imprisonment Fines
28. Current Environment
• Internet Facing applications need stricter control and monitoring
Type of Application Intranet Internet-UI Internet-Web service Mobile App only
Application Licensed 28 35 12 5
28
34. Protection - Baseline
Sr
No
Most Common Issues Preparedness
1 Timely Application of OS/RDBMS Patches
2 Out of Support OS/RDBMS/Components
used
3 VAPT of Internet Facing
Applications/Application
4 E mail – IPF/DKIM/DMARC implementation
34
40. Transfer of Risk
• Most of the Cyber Risks can be
transferred through Liability Insurance
• Bajaj Allianz has launched a policy for
Individuals as well recently
40
41. Companies Offering Cyber Liability
Srl
No
Insurance Company
Name
Product Name UIN
1 Bajaj Allainz BAJAJ ALLIANZ CYBER PROTECT
PREMIUM -DIGITAL BUSINESS
AND DATA PROTECTION
INSURANCE
BAL-LI-P15-11-
V01-15-16
2 HDFC ERGO HDFC ERGO CYBER
SECURITY INSURANCE
POLICY
IRDAN125P0005-
VO1-2011-12
4 Tata AIG CyberRisk Protector Insurance IRDAN108P0
003V0120
1314
5 Universal Sompo* Cyber Security Insurance USG-LI-P13-
103-V01-
12-13
41
42. Types of Losses Insured
42
Third
Party
First
Party
Services/
Expense
s
Exclusions
Similar to Own Damage
and Third Party Damage
in Motor Insurance