Emerging Cyber Security Threats and Data Protection Nanda Mohan Shenoy D CAIIB,DBM-Part I,, NSE Certified Market Professional Level-1 ,P G Diploma in IRPM, PG Diploma in EDP and Computer Management, DIM,LA ISO 9001,LA ISO 27001 NISM empanelled CPE Trainer Director 1
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Emerging Cyber Security Threats and Data Protection
Nanda Mohan Shenoy DCAIIB,DBM-Part I,, NSE Certified Market Professional Level-1 ,P G Diploma in IRPM, PG Diploma in EDP and Computer Management, DIM,LA ISO 9001,LA ISO 27001 NISM empanelled CPE Trainer
Director
1
Agenda
• Overview
• Protection
• Emerging Regulations on Data Protection
• Cyber Liability Insurance
• Question & Answers
2
Agenda
• Overview
• Protection
• Emerging Regulations on Data Protection
• Cyber Liability Insurance
• Question & Answers
3
India’s Rank in GCI (195 Countries)
23
4
GCI Parameters
5
GCI Report
6
Insurance
7
Ransomware- Statistics
• A company is hit with ransomwareevery 40 seconds
• 6 in 10 malware payloads were ransomware in Q1 2017.
• There were 4.3x new ransomwarevariants in Q1 2017 than in Q1 2016
• 15% or more of businesses in the top 10 industry sectors have been attacked.
• 1 in 4 businesses hit with ransomware have 1,000 employees or more
• 71% of companies targeted by ransomware attacks have been infected
–Research by IBM reveals that 59% of ransomware attacks originate with phishing emails and a remarkable 91% of all malware is delivered by email
14
Agenda
• Overview
• Protection Strategy
• Emerging Regulations on Data Protection
• Cyber Liability Insurance
• Question & Answers
15
Protection Strategy
Unconventional Thinking required for
protection
• Technology
–Deception Technologies
– IPF,DKIM,DMARC
• Human Control
• Cyber Drills
16
Agenda
• Overview
• Protective Technology
• Data Protection
• Cyber Liability Insurance
• Question & Answers
17
Data Classification
• From Organisational perspective
– PII or SPDI*
• Customers
• Employees
– Audit Logs (like his login and transaction details)
– Organisation Data
• Financial
• Vendors
* There are regulatory requirements for protection of these data
18
PII or SPDI
(iii) "sensitive personal data or information" means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.
19
What Constitutes SPDI ?
(i) Password
(ii) Financial information such as bank account, credit card, debit card or other paymentment details
(iii) Physical, physiological and mental health condition
(iv) Sexual orientation
(v) Medical records and history
(vi) Biometric information– Finger prints
– Eye retina and irises
– Voice patterns
– Facial patterns
– Hand measurement
– DNA
Rules &
Regulatio
ns
20
Sec-43 A
• Where a body corporate, possessing,
dealing or handling any sensitive personal
data or information in a computer resource
which it owns, controls or operates, is
negligent in implementing and maintaining
reasonable security practices and
procedures and thereby causes wrongful loss
or wrongful gain to any person, such body
corporate shall be liable to pay damages by
way of compensation, to the person so
affected. (Change vide ITAA 2008)
21
Talk of the Town
• Fine: 20,000,000 Euros or 4% of Global Turnover, for offenses related to: