This presentation was delivered at PCQuest-CIOL Enterprise Security Summit, Mumbai on June 11, 2014, to large enterprise CIOs. The number and types of security threats are rising exponentially and continue to get worse. Some major causes for this are the very IT buzzwords that are a part of every CIO dictionary today—Cloud Computing, Mobility, BYOD, Social Media, etc. This presentation provides a practical view on information security with recent cyber crime activities, the learnings from it, and some of the best practices to follow to keep your data safe.

1. A Practical View to
Information Security
Anil Chopra
Group Editor
PCQuest and CIOL.com

2. Some Recent Cyber Crime Activities
Rs. 63 Lakhs of an NRI’s Fixed Deposits defrauded via fake
emails sent to a leading public sector bank's branch in
India
Former director of reputed educational institute gets duped of
Rs. 19 Lakhs; Fraudster de-activates victim’s SIM to avoid
detection and transfers funds.
Rs. 17 Lakhs of fraudulent transfers done from a small
company’s accounts; Fraudster changes mobile number of the
victim’s KYC details by what appears to be an ‘insider’s job’.

3. Financial Sector perceived as most vulnerable
to fraud and faces the max number of threats
Source: CyberMedia Research

4. More Survey Findings on InfoSec
• There’s a growing need to focus
on internal threats
• 56% of CIOs in India feel that it’s
because of employee unawareness
• 37% feel that it’s due to open
vulnerabilities
• Security is the key challenge to
adopting Enterprise Mobility.
• Fixing known system
vulnerabilities is a given.
-E&Y CIO survey, 2014
• CIOs/CTOs at an overall level feel that
security would be top external IT
spending project in 2014–15. About
51% CIO/CTOs have indicated they’re
likely to spend in this area, way ahead
of Virtualization (39%) and ERP (35%)
-CMR CIO Survey 2014
• Detected security incidents
up by 25% over last year
•Average financial costs of
incidents up 18%
-GSISS 2014 by PwC

5. The Learnings
• Nobody’s Safe!
• Organizations are ending up paying huge sums of money in legal
cases, loosing their reputation and credibility, thanks to security
incidents.
• There’s a need to make information security a board room agenda
• Business Implications, Global cybercrime, changing profile of employees, and
risks with outsourced partners are some of the concerns to be addressed
• New techniques are emerging for cyber fraud
• Attacks have become more complicated, and so have the IT and
business environments

6. Some Best Practices
• Organizations should not be ignoring the basics while
framing their security policies, like regular training, revisiting
all policies, creating continuous awareness, etc.
• Policies and practices for basic protection must be
maintained, e.g. patches and updates, secure passwords,
updates anti-virus, etc.
• Security processes and technology adoption must keep pace
with rising number and complexity of threats
• Maintain inventory of all devices and software on your
network

7. Thank You!
www.pcquest.com, www.ciol.com
anilc@cybermedia.co.in