SlideShare a Scribd company logo

Data theft in india (K K Mookhey)

ClubHack
ClubHack

- Data theft of customer records from financial institutions is a serious and growing problem in India, with records being sold online for less than $0.01 each. Customer data is often not well protected and is spread across many different systems with broad access. - Regulatory frameworks and enforcement are still weak, and many organizations do not prioritize data protection. Comprehensive solutions require changes to policies, processes, oversight of vendors, access controls, encryption, and other technologies. Stronger laws and regulations may also be needed to curb the problem.

TechnologyBusiness
1 of 32
Download to read offline
Data Theft in India - Seedhi baat, no bakwas K. K. Mookhey, Principal Consultant CISA, CISSP, CISM
Speaker Introduction Founder & Principal Consultant Network Intelligence Institute of Information Security Certified as CISA, CISSP and CISM Speaker at Blackhat 2004, Interop 2005, IT Underground 2005, OWASP Asia 2008,2009 Co-author of book on Metasploit Framework (Syngress), Linux Security & Controls (ISACA) Author of numerous articles on SecurityFocus, IT Audit, IS Controls (ISACA) Over a decade of experience in pen-tests, application security assessments, forensics, compliance, etc.
Agenda What’s the ground reality Recent news Financial institution data theft explored Challenges Solutions Conclusion
Let’s see now….
Well, yes Sir, you’ve been had!
It’s not paranoia… It’s actually happening!
Data theft in the recent past
What price India? Online examples…
Less than 1 cent per record! http://www.jobstiger.com/emaildatabaseindia.html http://www.kumudhamwebtech.com/ http://hyderabad.olx.in/38-lakh-stock-market-traders- dmat-account-holders-database-44000-sub-brokers-iid- 106295300 http://www.ebusinessindya.biz/ http://www.mobiledataindia.com/ http://www.gsquare.biz/data.html
Fresh record price = Rs. 75 Converted customer price = Rs. 150 View from the trenches…
Pick an industry, pick a company Large business house gets into the financial services industry with a big bang But slightly late in the game Huge marketing blitz, offices opened nationwide Aggressive marketing, huge ad spends Customer base widens Assets under management bloats In a couple of years, they’re within the top 5 private insurers, equity trading companies, and mutual funds! However…
Data all over the place… Specific mutual fund purchase records available for a price Customers get calls just before their fund payments are due Customers get calls to switch funds Specific data available: Customer name Cover amount Investment amounts Fund details Personal information Expiry dates And more…
What should the company do to fix this?
Why data isn’t being protected
No one gives a damn!
Where is the customer data? – Equity Trader Example Primary Trading system CRM Business Intelligence system Compliance Reporting system Backups Password Reset system Excel Flat files USBs Shared folders!
Who has access to it? Front-office Back-office IT Research Customer service Vendors KYC Call Center Direct Sales Agents (Devil’s in-Security Agents) DPs Registrars Settlement Finance & Accounts Cleaning Staff??
Ok, now I’m just depressed… But there’s more…
Weak regulatory framework Unless someone serious starts kicking some serious ass, nothing’s going to change… RBI SEBI AMFI But what about? IRDA TRAI •UID? •Healthcare?? •Pharma?? •FMCG?? •Retail?? •Government????
Government’s role No comprehensive national consciousness on data protection Data protection efforts not cohesive – don’t address all industries Government endorses data theft and invasion of privacy? Niira Radia tapes Blackberry controversy …
Business comes first! Sell more! Expand market share! Heavy reliance on limited number of outsourced vendors Weak mechanisms to oversee data protection by vendors Vendors don’t care…
When things do end up in court… Judge: IT?!? Senior Counsel: Well…umm…err…you see this is under Section 66 of IT Act because, well…err… Junior Counsel (whispering): Sir…we need to get imaging done…not sure what that is, but the “cyber expert” we hired told us to do this Judge: Please continue! Senior Counsel: Sir we need a forensic investigation done Judge: What is that?!? Okay, seal the website! Court-appointed Commissioner: Yes sir, but kindly clarify who pays my fees?
Here’s how it gets done!
Solutions?
Solutions Technologies Encryption Data Leakage Prevention Information Rights Management Database security solutions Audit/Log Management Stronger regulations Stronger laws or stronger enforcement of existing laws Mindset change Data protection does matter! It is NOT a technology issue Policy and process frameworks must be implemented ISO 27001 is not the answer
Conclusions
Summary It is an epidemic, and it is getting worse! When Big Brother wields the stick, then things begin to happen – fines, penalties, court cases Back to basics approach – thorough risk assessments! Identity and access management Technologies help, but it has to begin with PPP – Policy, Process, People Innovative audit/forensic techniques
Thank you! Questions / Queries K. K. MOOKHEY kkmookhey@niiconsulting.com NETWORK INTELLIGENCE INDIA PVT. LTD. www.niiconsulting.com

Recommended

The Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditThe Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditSBWebinars
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Next Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension Inc.
 
GDPR Webinar - feb
GDPR Webinar - febGDPR Webinar - feb
GDPR Webinar - febSophos Benelux
 
Ecosystm BreakFirst presentation slides
Ecosystm BreakFirst presentation slidesEcosystm BreakFirst presentation slides
Ecosystm BreakFirst presentation slidesChris White
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 

Recommended

The Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditThe Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditSBWebinars
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Next Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension: How to create a Cybersecurity Strategy
Next Dimension: How to create a Cybersecurity StrategyNext Dimension Inc.
 
GDPR Webinar - feb
GDPR Webinar - febGDPR Webinar - feb
GDPR Webinar - febSophos Benelux
 
Ecosystm BreakFirst presentation slides
Ecosystm BreakFirst presentation slidesEcosystm BreakFirst presentation slides
Ecosystm BreakFirst presentation slidesChris White
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 
Investment in Legal Technology
Investment in Legal TechnologyInvestment in Legal Technology
Investment in Legal TechnologyEvolve Law
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?Ankit Dua
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Jan Carroza
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Cybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalCybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalVivek Ahuja
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Black Duck by Synopsys
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital spaceYves Sinka
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case studyAbhilash vijayan
 
Data Governance in the Enterprise: Highlights from Our Research Report
Data Governance in the Enterprise: Highlights from Our Research Report Data Governance in the Enterprise: Highlights from Our Research Report
Data Governance in the Enterprise: Highlights from Our Research Report Blancco
 
Key Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportKey Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportClio - Cloud-Based Legal Technology
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?Clio - Cloud-Based Legal Technology
 
Smarter Security - A Practical Guide to Doing More with Less
Smarter Security - A Practical Guide to Doing More with LessSmarter Security - A Practical Guide to Doing More with Less
Smarter Security - A Practical Guide to Doing More with LessOmar Khawaja
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 

More Related Content

What's hot

Investment in Legal Technology
Investment in Legal TechnologyInvestment in Legal Technology
Investment in Legal TechnologyEvolve Law
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?Ankit Dua
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Jan Carroza
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Cybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalCybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalVivek Ahuja
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Black Duck by Synopsys
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital spaceYves Sinka
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case studyAbhilash vijayan
 
Data Governance in the Enterprise: Highlights from Our Research Report
Data Governance in the Enterprise: Highlights from Our Research Report Data Governance in the Enterprise: Highlights from Our Research Report
Data Governance in the Enterprise: Highlights from Our Research Report Blancco
 
Smarter Security - A Practical Guide to Doing More with Less
Smarter Security - A Practical Guide to Doing More with LessSmarter Security - A Practical Guide to Doing More with Less
Smarter Security - A Practical Guide to Doing More with LessOmar Khawaja
 

What's hot (20)

Investment in Legal Technology
Investment in Legal TechnologyInvestment in Legal Technology
Investment in Legal Technology
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing?
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Cybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalCybersecurity pres 05-19-final
Cybersecurity pres 05-19-final
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
Open Source Insight: Banking and Open Source, 2018 CISO Report, GDPR Looming
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital space
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentation
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case study
 
Data Governance in the Enterprise: Highlights from Our Research Report
Data Governance in the Enterprise: Highlights from Our Research Report Data Governance in the Enterprise: Highlights from Our Research Report
Data Governance in the Enterprise: Highlights from Our Research Report
 
Key Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportKey Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends Report
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?
 
Smarter Security - A Practical Guide to Doing More with Less
Smarter Security - A Practical Guide to Doing More with LessSmarter Security - A Practical Guide to Doing More with Less
Smarter Security - A Practical Guide to Doing More with Less
 

Similar to Data theft in india (K K Mookhey)

Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPNick Selby
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...RedZone Technologies
 
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your BusinessConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your BusinessConnXus
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls PresentationBill Lisse
 
Aleksandr Yampolskiy Presentation
Aleksandr Yampolskiy PresentationAleksandr Yampolskiy Presentation
Aleksandr Yampolskiy PresentationMediabistro
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Baretzky & Associates Presentation.
Baretzky & Associates Presentation.Baretzky & Associates Presentation.
Baretzky & Associates Presentation.Ricardo Bn. Baretzky
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersThe Lorenzi Group
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?John Mancini
 
Data protection on demand in hybrid it
Data protection on demand in hybrid itData protection on demand in hybrid it
Data protection on demand in hybrid itHybrid IT Europe
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?Zscaler
 

Similar to Data theft in india (K K Mookhey) (20)

Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needs
 
SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLP
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
 
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your BusinessConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
 
Aleksandr Yampolskiy Presentation
Aleksandr Yampolskiy PresentationAleksandr Yampolskiy Presentation
Aleksandr Yampolskiy Presentation
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Baretzky & Associates Presentation.
Baretzky & Associates Presentation.Baretzky & Associates Presentation.
Baretzky & Associates Presentation.
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud Examiners
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?Information Governance -- Necessary Evil or a Bridge to the Future?
Information Governance -- Necessary Evil or a Bridge to the Future?
 
Data protection on demand in hybrid it
Data protection on demand in hybrid itData protection on demand in hybrid it
Data protection on demand in hybrid it
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?
 

More from ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 

More from ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Recently uploaded

JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 

Recently uploaded (20)

JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 

Data theft in india (K K Mookhey)

  • 1. Data Theft in India - Seedhi baat, no bakwas K. K. Mookhey, Principal Consultant CISA, CISSP, CISM
  • 2. Speaker Introduction Founder & Principal Consultant Network Intelligence Institute of Information Security Certified as CISA, CISSP and CISM Speaker at Blackhat 2004, Interop 2005, IT Underground 2005, OWASP Asia 2008,2009 Co-author of book on Metasploit Framework (Syngress), Linux Security & Controls (ISACA) Author of numerous articles on SecurityFocus, IT Audit, IS Controls (ISACA) Over a decade of experience in pen-tests, application security assessments, forensics, compliance, etc.
  • 3. Agenda What’s the ground reality Recent news Financial institution data theft explored Challenges Solutions Conclusion
  • 5. Well, yes Sir, you’ve been had!
  • 6. It’s not paranoia… It’s actually happening!
  • 7. Data theft in the recent past
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. What price India? Online examples…
  • 13. Less than 1 cent per record! http://www.jobstiger.com/emaildatabaseindia.html http://www.kumudhamwebtech.com/ http://hyderabad.olx.in/38-lakh-stock-market-traders- dmat-account-holders-database-44000-sub-brokers-iid- 106295300 http://www.ebusinessindya.biz/ http://www.mobiledataindia.com/ http://www.gsquare.biz/data.html
  • 14. Fresh record price = Rs. 75 Converted customer price = Rs. 150 View from the trenches…
  • 15. Pick an industry, pick a company Large business house gets into the financial services industry with a big bang But slightly late in the game Huge marketing blitz, offices opened nationwide Aggressive marketing, huge ad spends Customer base widens Assets under management bloats In a couple of years, they’re within the top 5 private insurers, equity trading companies, and mutual funds! However…
  • 16. Data all over the place… Specific mutual fund purchase records available for a price Customers get calls just before their fund payments are due Customers get calls to switch funds Specific data available: Customer name Cover amount Investment amounts Fund details Personal information Expiry dates And more…
  • 17. What should the company do to fix this?
  • 18. Why data isn’t being protected
  • 19. No one gives a damn!
  • 20. Where is the customer data? – Equity Trader Example Primary Trading system CRM Business Intelligence system Compliance Reporting system Backups Password Reset system Excel Flat files USBs Shared folders!
  • 21. Who has access to it? Front-office Back-office IT Research Customer service Vendors KYC Call Center Direct Sales Agents (Devil’s in-Security Agents) DPs Registrars Settlement Finance & Accounts Cleaning Staff??
  • 22. Ok, now I’m just depressed… But there’s more…
  • 23. Weak regulatory framework Unless someone serious starts kicking some serious ass, nothing’s going to change… RBI SEBI AMFI But what about? IRDA TRAI •UID? •Healthcare?? •Pharma?? •FMCG?? •Retail?? •Government????
  • 24. Government’s role No comprehensive national consciousness on data protection Data protection efforts not cohesive – don’t address all industries Government endorses data theft and invasion of privacy? Niira Radia tapes Blackberry controversy …
  • 25. Business comes first! Sell more! Expand market share! Heavy reliance on limited number of outsourced vendors Weak mechanisms to oversee data protection by vendors Vendors don’t care…
  • 26. When things do end up in court… Judge: IT?!? Senior Counsel: Well…umm…err…you see this is under Section 66 of IT Act because, well…err… Junior Counsel (whispering): Sir…we need to get imaging done…not sure what that is, but the “cyber expert” we hired told us to do this Judge: Please continue! Senior Counsel: Sir we need a forensic investigation done Judge: What is that?!? Okay, seal the website! Court-appointed Commissioner: Yes sir, but kindly clarify who pays my fees?
  • 27. Here’s how it gets done!
  • 29. Solutions Technologies Encryption Data Leakage Prevention Information Rights Management Database security solutions Audit/Log Management Stronger regulations Stronger laws or stronger enforcement of existing laws Mindset change Data protection does matter! It is NOT a technology issue Policy and process frameworks must be implemented ISO 27001 is not the answer
  • 31. Summary It is an epidemic, and it is getting worse! When Big Brother wields the stick, then things begin to happen – fines, penalties, court cases Back to basics approach – thorough risk assessments! Identity and access management Technologies help, but it has to begin with PPP – Policy, Process, People Innovative audit/forensic techniques
  • 32. Thank you! Questions / Queries K. K. MOOKHEY kkmookhey@niiconsulting.com NETWORK INTELLIGENCE INDIA PVT. LTD. www.niiconsulting.com