At a time when the nation’s critical information infrastructure is seeing a big overhaul, the potential for crippling critical services through cyber means is becoming a real and present danger. What are the shortcomings of security when it comes to protecting critical, operational technology in India?  As the rate of breach incidents continues to escalate, the magnitude of related brand, reputation, and fiscal impact is driving organizations to address cybersecurity risk.

It is very critical to become more resilient to new attacks and threats and compete more safely in the digital age as most cybercriminals are not fussy about who they steal from. While you could be the next target, making your defences as resilient as your digital ambitions is of utmost importance. What needs to be done to ensure that the recovery is seamless and the damage minimal? How must Indian and Asian organizations rise to the incident response challenge to help protect their organization? It’s critical that the scope of a breach response plan goes beyond technical operations, covering all interested parties, such as legal, finance and media relations, that may have greatly different priorities at crunch time and ensuring everyone is on the same page.

This session will look at:

• Security gaps in the existing breach response mechanism;
• The nuances of protecting critical infrastructure in the Indian context;
• The role of multi-stakeholder in crafting and testing the plan;
• What changes when the breach is real and it’s time to put the plan in action?

Most organizations in Asia continue to address breach response in reactive mode – having a crude disaster recovery plan in place in case something “does” happen, rather than accepting that something “will” happen and proactively preparing for it.

Once breached, the post breach investigation and response is most critical, followed by building resilient defenses within a short span. Given the technological advancement and the technology sprawl, the practitioners are in a state of chaos. Against this backdrop, what do organizations need to unlearn and relearn about incident response? The session will include:

• Enhancing forensic capabilities in detecting the breach;
• Assessing the cost of a breach;
• Why is it important to have a specialized response once an attack/breach is discovered;
• Should incident response be outsourced or should it be led from the front by the security team?
• Investigating security incidents and assessing compromise levels.

Ransomware became an even bigger threat in 2016, and the organized criminals behind it got bolder. Fraudsters are now aiming at bigger targets, seeking even bigger payoffs. For a variety of end goals, be it hacktivism, nation-state revenge or financial gain, the methodology is simple. Quite often the first you’ll hear of an attack is: “We have encrypted your systems, pay us x amount and we will give you the key.”

In this session, we’ll discuss the scope of this current threat as well as the best available concepts for prevention and recovery.

The global WannaCry ransomware epidemic reveals that in the aftermath of the attacks include poor patching hygiene. Why so slow to patch? Security teams and CISOs may want to patch immediately, but many business owners demand patches be thoroughly tested to avoid any potential business downtime – usually taking weeks of testing and compliance clearances and the result, some patches are never made. Why does it take months to roll out patches for organizations?

Experts argue it is a big issue with unlicensed software being illegally used in enterprises, which prevents these systems from receiving security updates. In this case some organizations saw there wasn’t even a patch available when the attacks started spreading. The list of reasons is endless.  But what could be the effective nuances to patch management and best practices CISOs need to follow. A robust patch management strategy is essential for a proactive and preventive security stance.

The session details:

• Rewriting the rules of patch management;
• Addressing the patch management concerns;
• Bug fixing through patches.

Even though India lacks an effective breach notification regime, ad hoc and unofficial efforts to share information and collaborate in the face of increasingly sophisticated and coordinated attackers abound. How can these multi-stakeholder, public-private partnerships be amalgamated into a formalized framework that can support organisations and practitioners with threat defense and incident response in India and throughout Asia? What are some lessons from around the globe?

The dark web has become synonymous with cybercrime, with a burgeoning underground economy for data, attack tools and malware flourishing in the parts of the internet inaccessible to the World Wide Web. Sophisticated hierarchies and support mechanisms that mimic real world organizations have transformed launching a cyber-attack from an art – the preserve of highly skilled hackers – to a commodity service, available to any script kiddie with minimal skills, who can launch an attack for as low as $5. Contemporary developments include malware-as-a-service or its better known cousin, Ransomware-as-a-service, have successfully evolved in this environment, driven by the potential of massive financial gain and low-risk. The ransomware epidemic around the world is being fuelled by these developments and it behoves the security community to take a moment to walkthrough how we got here, if they are to mount an effective defense against what is yet to come.

The session will discuss:
• What Malware-as-a-Service means to CISOs
• Mapping the risks from the dark web and responding to the challenge
• Building proactive defences

Recent media attention to high-profile cyberattacks would lead an organization to think external threats are its only concern. Unfortunately, this misconception allows another significant threat to your organization’s critical assets to stay completely under the radar – the threat of malicious and non-malicious insiders.

With so much of an organization’s valuable information digitized today, it may be possible that an insider can steal your information or expose it unintentionally without you knowing it. Every attack witnessed in early 2017 has invariably an insider angle, being the top challenge for security practitioners. What can you do to fight this proactively?

This session will discuss

• Technological possibilities to detect the source and origin of insider breaches and detect anomalous behavior;
• Anti-fraud tools and technology investments that can help detect the origin of insider leaks;