September 2015: AKATI Consulting Participates in Russia Business InfoSec Summit 2015
18th September 2015, Moscow – The Business Information Security Summit 2015, organised by INFOWATCH & the Business Information Security Association, was recently held in Moscow, Russia Its aim is to bring together professionals in the field of Information Security and business leaders, representatives of regulators, and other professionals interested in the development of information security in Russia and the world. Krishna Rajagopal, CEO of AKATI Consulting Malaysia, represented Asia, shared his insights and experience about current trends in Information Security.
Krishna's presentation was captioned "Net Wars: Is there any hope?". It focused on the seriousness and pervasiveness of threats in the cyber space and how to avoid them.
He commenced with a brief introduction to serial hackers and concluded with an explanation to the step-by-step methodology called “Defence-in-depth" on keeping corporate networks safe.
Krishna explained that hackers had began their large-scale operations in 2010, by hacking AT&T and releasing 114,000 records to the public, including those of the NY mayor, White House Chief of Staff, NASA and so on. The following year, they broke into Sony mostly using SQL injection attacks and leaking almost 77 million records and causing Sony financial losses of $ 171 million. In 2012, they hacked Amazon and Zappos, leaking 24 million records. The year after, these hackers have broken into the US’s satellites taking control for about 12 minutes. Further, in 2014 they hacked the biggest Bitcoin exchange, mt. Gox in the world, causing it to shut down.
He asked the audience to guess what would be the next target for these hackers. Of course he was referring to the entire hacking community and the dark web. These targets change – it’s all based on motivation and trend. He highlighted that the objective of most hackers is to monetize on any information they can hack into. Krishna pointed out that nowadays, they use stolen credentials. For a lot of attackers, it’s about ego. Phishing and SQL injections are issues that have stayed constant. Web application attacks are the most common technique, followed by POS intrusions and cyber espionage.
"For the last two years, more than 2/3 of incidents that comprised the cyber-espionage pattern have featured Phishing... Nearly 50% open e-mails and click on phishing links within the first hour... 99.9% of the exploited vulnerabilities were compromised more than a year after the CVE was published... In 60% of the cases, attackers are able to compromise an organization within minutes" he said.
He followed by showing the top 10 most dangerous celebrities used for phishing attacks - Lily Collins, Avril Lavigne and Sandra Bullock, Kathy Griffin and so on.
Having shown the list, he said, we are actually the weakest link at the end of the day. Regardless of the money you spent on perimeter security, your users are the weakest link. If there are hardcore fans of a celebrity, they are bound to click on these images – even security guys!
For corporate networks, he recommended the ‘Defense-in-depth’ strategy that takes the four steps of prediction, prevention, detection and response.
For prediction, hire good security consultants and have an emerging threats team – either do it manually or subscribe to advisory services. “Prevention delivers better ROI than responding to attacks after they occur. There is no such thing as 100% security hence detection is very important. When an attack slips past defenses, it must be properly identified and contained. For the Response phase, it is vital to have a response procedure that the staff is aware of”, he added.
A number of Russian and international cyber security experts presented at the conference including Natalya Kaspersky, CEO of GK InfoWatch; Tagir Yapparov, Chairman of the Board of Directors of GC IT; Dmitry Nazipov, Senior vice president, head of the Department of Information Technology VTB; and Renat Batyrov, general director of the Technopark "Skolkovo".
- END -
About AKATI Consulting Group
AKATI Consulting Group is a security-focused consulting firm providing services specializing in Information Security and Information Forensics. Operating in 5 continents with over 300 global clients, AKATI Consulting has earned its reputation for offering reliable solutions with guaranteed results using cutting-edge technology. Top banks in the world, military and some of the most hostile environments in the globe trust AKATI Consulting as their Trusted Security Advisor.
With its extensive experience and capabilities in Information Security & Computer Forensics consulting and training, AKATI Consulting is able to customize its services to suit the needs of each client. AKATI Consulting Group fills a distinctive requirement in business environments increasingly dependent on Information Technology and takes on the role of your InfoSec S.W.A.T Team.
For media enquiries, please contact :
AKATI Consulting Group
Email : firstname.lastname@example.org
Web : www.akati.com