Millennium Post

After the fateful cyber attack

Today, while governments and corporates are increasingly leveraging technology to conduct business, they are also increasingly exposed to the threat of cyber crime. Cyber crime comprises a range of illegal activities using computing and communication devices aimed at causing loss to organisations. Digital frauds could range from fund embezzlement, data theft, and intellectual property violations to activities like security breaches, terrorism and money laundering.

As part of the recent KPMG cyber crime survey 2014, it was revealed that 49 per cent of survey respondents had experienced cyber crime and digital frauds in the past 12 months. With more and more businesses and government organisations increasingly adopting technology and e-commerce, and criminals having access to greater digital attack tools, the number of such incidents can only be expected to rise in the future.

As the government looks at rapidly expanding the scope and depth of e-governance services, the corresponding IT infrastructure, along with monitoring capabilities must be scaled up. Given the nature of technology and its usage, cyber crime cases are being reported across the spectrum from state-level cyber-attacks to targeted attacks at business groups, which often have a direct impact on their reputation, brand and financials. The pervasiveness of cyber crime is posing a serious risk.

Although it is seen that government organisations are increasingly becoming aware of the possibilities of cyber crime within their environment, a proactive approach to cyber risk management is mostly missing due to factors such as lack of top level support, requisite skill sets, and formalized digital evidence handling procedures and understanding of the related laws.

As part of the technology enablement initiative, both government agencies and businesses need to put in place effective cyber security measures using cyber risk assessment, real-time cyber threat monitoring and detection and cyber incident management protocols. This would need investment as it definitely requires building a pool of cyber specialists, who are adequately trained and also, training law enforcement agencies for securing e-governance services.

Listen to the cyber voice

Combating cyber threats would entail using modern technologies to predict attack vectors, conduct real-time monitoring and set up incident response mechanisms. Digital information flow typically has its traces across the ecosystem from communication logs, social media sites and end-point devices. An effective mechanism could be to ensure that cyber threats are assessed on a continuous basis through dark net monitoring, analysis of various threat vectors released by the computer emergency response team (CERT) and simulating cyber crimes through cyber war rooms. Essentially, the focus has to be on being ready to combat cyber threats on a real-time basis so that the impact is neutralised. 

Organisations, both public and private, need to invest in cyber monitoring mechanisms which could serve as the first line of defence. Though these involve investments in technology, the human aspect should not be ignored since they are often the weakest link in cyber security. Data analytics and predictive modeling techniques can scan through the attack vectors and predict  attacks, so as to develop counter measures to deploy in an attack scenario. This would need a good partnership to be established across public and private sectors, and with the international community. For day-to-day operations of law enforcement agencies, data analytics capabilities that could handle huge volumes of data received would need to be built. Data indexing and analytics platforms which can help in classifying information, identifying trends, performing keyword searches and visualising outlier data elements would need to be deployed. Challenges in terms of employee skillsets for handling such tools and technologies need to be addressed through relevant trainings.

Focus on cyber forensics
Since a large number of illegal activities are carried out using computers and mobile devices, making it hard for organisations and investigators to establish culpability, organisations are increasingly depending on cyber forensics to detect and receive accurate facts of such incidences. Cyber forensics encompasses the recovery and investigation of material found in digital devices, following standard procedures acceptable in a court of law.

It is also interesting to note that these days, cyber forensics is also often being used in criminal or civil courts to support or refute a hypothesis. It is also used extensively in the private sector during internal corporate fraud investigations or intrusion investigations (for example, investigating a system breach which occurred from outside or loss of customer data).

Various government law enforcement agencies are now required to increasingly cooperate among themselves to identify, track and extract evidence in order to capture criminals. Going forward, digital forensic evidence such as system logs and user identity details would need to be co-related in near real-time with telecom data such as GPS coordinates for effective monitoring and tracking of criminals.

A holistic approach to utilising cyber forensic technologies, along with monitoring platforms having data analytics capabilities could be a key requirement for running secure e-governance services. Cyber forensic practices can help security and law enforcement agencies in extracting evidence for effective legal re-course by helping ensure that correct procedures for acquiring, handling and preserving digital evidence is followed so that it is admissible in the court of law.

Cyber forensic efforts can be greatly enhanced if the organisations have appropriate audit trails and logging mechanisms established in their business environment. Lack of system level audit trails generated at the time of business activities/transactions can hamper the investigation as cyber forensic cannot recover something not created in the first place. It could become difficult to propose/test hypothesis without having appropriate audit trails to substantiate the analysis.

Legal and international co-operation can be important to ensure that cyber criminals are brought to justice. Many of the cyber-attacks originate either from overseas or routed through multiple countries involving multiple jurisdictions and law enforcement agencies. International co-operation could be therefore imperative to ensure speedy cyber investigations.

Monitor change to protect
With increasing technology awareness as well as regulation such as Companies Act, 2013 that lays emphasis on fraud risk management and fraud reporting, information technology departments in government and public sector organisations are increasingly implementing forensic controls in IT systems and IT processes to facilitate an amicable environment for digital forensics, should the need arise.  On the technology front, cyber security is itself constantly evolving and adjusting to meet the demands of newer technologies released in the digital world.

Besides the advancement in the digital monitoring and forensic investigation tools, the methodologies or techniques developed to obtain the information have also become more advanced. Hence, building forensic controls in IT systems and processes can be a good starting point for managing risks, periodic monitoring of security risks, and evolving IT forensics controls could be vital to ensure that government agencies protect digital infrastructure and continue to  expand effective e-governance services. A positive effect of such a dedicated exercise would be that the government is able to effectively manage cyber risk from a technology standpoint and should they be impacted, they would have the effective wherewithal to ensure that the criminals are brought to book and the damage caused by the crime is minimised. Governance Now
Next Story
Share it