Presented at the Private Wealth Management Summit 2017 held at Mumbai, India.
Security has to be considered as the foundation on which one can build a business. Gone are the days when we can build a perimeter, sit back and feel secure. In today’s digital environment we partner with others, we outsource, we have alliances, we let our customers into our systems and as we extend our networks.
In the digital economy, effective cyber security can mean the difference between a business’s success and its failure.
Time Series Foundation Models - current state and future directions
Cyber Fraud Risks Family Offices Face
1. Cyber Fraud and Security
WHAT RISKS DOES FAMILY OFFICE'S FACE IN
TODAY'S WORLD?
Kannan Subbiah
Chief Technology Officer
MF Utilities India Pvt Ltd
1
2. About MF Utilities
2
Transaction Aggregation System
Ease and convenience of transacting
SEBI Regulated
Equally owned by the Asset Management Companies
Free for all
Check www.mfuindia.com for more details
3. Setting the Stage
“We thought that data was the new Oil …
… but it turns out it is the new Asbestos”
3
4. Mobile Devices
MOBILE, the new Cyber Crime Target
Percent of overall fraud originating
from a mobile device
Percent of transaction volume
originating from a mobile device
4
8. Small is Not Safe
85%
50%
Vast majority of small
businesses lack a formal
Internet security policy for
employees, and only about half
have even rudimentary
cybersecurity measures in place
Despite significant
cybersecurity exposures, 85
percent of small business
owners believe their
company is safe from
hackers.
8
9. Some of the Small Business Stats
28 million small business owners have no confidence in their
security
1 in 5 small businesses reported a cyber attack
63% of small businesses have been victims of cyber attacks in the
last 12 months
Average cost of a breach for small to mid-sized businesses was
over $180,000
40 percent of attacks are against organizations with fewer than
500 employees.
9
10. Where are We Heading to …
Data
Things Systems
People
11
12. Privacy & Security
13
Privacy Security
Data
Safeguards
Awareness
& Training
Compliance
Notice & Choice
Collection Limitation
Use Limitation
Purpose
Specification
Accountability
Access to Data
Confidentiality
Integrity
Availability
Reliability
Authorization
Authentication
Access Control
13. Compliance under Indian IT Act
Body Corporate includes Firms and Individuals
Information Privacy
Grievance Officer
Reasonable Security Practices
Maintenance of audit logs and trails
Punishment – upto 3 years of Imprisonment or fine up to
5 Lakhs or both.
14
14. Risks For Small Office
Reputation / Brand damage
Loss of customer trust and in turn revenue loss
Cyber extortion / Ransomware
Network / System disruption
Regulatory Compliance Liability
Investigation, Fine and Remediation Costs
Risk of business closure
15
15. The Myths
Investment in sophisticated tools
Third Party provides a managed security services
Protect Internet Facing Applications alone
Never been attacked
It’s the Responsibility of IT
Too Small to experience a breach
16
19. Have the Basics Right
Install / Implement and Activate the Firewalls
Use a reliable end point protection software
Have a back up plan
Collaborate with Friends & Peers on Cyber Risk /
Security
21
20. Other Precautions
Be careful in sharing your personal data
Control Physical and Logical access to IT Assets
Maintain, Monitor & Review Logs
Educate your employees
Know about and be Compliant with Laws and Regulations
Assess, Audit and Patch the security gaps periodically
Use tools to stay vigilant and proactively monitor the cyber incidents
Use Cyber Insurance
22
Questions:
Website / Portal
Networked computers / laptops
Security measures in place
Traditional Crimes Cyber Crimes
Digital Business dependency on Security
Effective Cyber Security success or failure of business
Data – decision making
Traditional vs. digital
Technology - big data
First Computer – early 1990s ₹ 10k for 4 MB RAM
With Technology, Data as Asset Data as Oil Data as Asbestos
Technology helps Hackers as well Hackers are always ahead
Data Breach – Jio
Legislations – Legal actions
Source: RSA Global Fraud Forecast – 2017
How many of you present here had seen the mobile phone of late 1990s?
My first mobile
Mobile Phone is not just a phone any more.
Story - Location sharing
Source: RSA Global Fraud Forecast - 2017
Motivation for Hackers – not just financial gain
Being Small Advantage for Hackers
Tendency to defer cyber security investments.
Path of least resistance
NCRB Report 2016
In January and February 2017 alone, 39 government websites were hacked, which led the government to set up an expert group to combat cyber crime.
11,592 cases of cyber crime were registered in India, leading to 8,121 arrests.
Operational systems apparently are most vulnerable to cyber attacks, as many are built around legacy technologies with weaker protocols that are inherently more vulnerable.
By 2020, 50 billion smart devices
Fridge, TV, Amazon Dash
Do we want to go back?
Robotics
Privacy shall be the choice of your clients / users. To enable them to make the choice you should tell them as to why you need the data, what all you will be doing with that data, who will have access to this data, etc. This is where a well drafted Privacy Policy is essential for every organization and the same shall be accessible for them.
Compliance as an organization using IT
Punishment for other crimes
Consequences - embarrassing to life-threatening
Misuse of your IT assets by your employees – or even friends and neighbours
Mobile – Your Identity
A combination of these risks might lead to closure of business
25% small business have mistaken beliefs
Threat is real – question is when
Continuous thing
Cyber Threat is Risk Issue than IT Issue
2FA, Passphrase
Security Vs. User Experience
NIST’s recent recommendation on Password
No more periodic password changes.
No more imposed password complexity
Mandatory validation of newly created passwords
Vulnerabilities
malware
Example of Phishing
Credit card – hacker database
Social Engineering
With the pace at which the technology is evolving and the pace at which the hackers and fraudsters change their tactics, there cannot be a single plan that will just work for ever. The defense should be agile and resilient, being able to discover and react to such newer threats.