senior management awareness presetnation
TRANSCRIPT
![Page 1: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/1.jpg)
Emerging Cyber Security Threats and Data Protection
Nanda Mohan Shenoy DCAIIB,DBM-Part I,, NSE Certified Market Professional Level-1 ,P G Diploma in IRPM, PG Diploma in EDP and Computer Management, DIM,LA ISO 9001,LA ISO 27001 NISM empanelled CPE Trainer
Director
1
![Page 2: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/2.jpg)
Agenda
• Overview
• Protection
• Emerging Regulations on Data Protection
• Cyber Liability Insurance
• Question & Answers
2
![Page 3: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/3.jpg)
Agenda
• Overview
• Protection
• Emerging Regulations on Data Protection
• Cyber Liability Insurance
• Question & Answers
3
![Page 4: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/4.jpg)
India’s Rank in GCI (195 Countries)
23
4
![Page 5: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/5.jpg)
GCI Parameters
5
![Page 6: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/6.jpg)
GCI Report
6
![Page 7: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/7.jpg)
Insurance
7
![Page 8: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/8.jpg)
Ransomware- Statistics
• A company is hit with ransomwareevery 40 seconds
• 6 in 10 malware payloads were ransomware in Q1 2017.
• There were 4.3x new ransomwarevariants in Q1 2017 than in Q1 2016
• 15% or more of businesses in the top 10 industry sectors have been attacked.
• 1 in 4 businesses hit with ransomware have 1,000 employees or more
• 71% of companies targeted by ransomware attacks have been infected
Source: https://blog.barkly.com/ransonware-statistics-2017
8
![Page 9: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/9.jpg)
Data Breach
9
Fish Tank Attack on a Casino
in USA
![Page 10: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/10.jpg)
Financial Impact
10
![Page 11: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/11.jpg)
India Statistics
13,08349,4552015
9,50044,6792014
16,46850,3622016
NA27,4822017 (H1)
FYCY
11
![Page 12: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/12.jpg)
Cyber Crime
State & UT
Metropolitan Cities > 2 Mio Population
12
![Page 13: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/13.jpg)
Trend
13
![Page 14: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/14.jpg)
Emergence of Cyber Threat
• Cloud
• Mobile Applications
• Internet
• Third party beyond boundaries
–Biggest source
–Research by IBM reveals that 59% of ransomware attacks originate with phishing emails and a remarkable 91% of all malware is delivered by email
14
![Page 15: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/15.jpg)
Agenda
• Overview
• Protection Strategy
• Emerging Regulations on Data Protection
• Cyber Liability Insurance
• Question & Answers
15
![Page 16: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/16.jpg)
Protection Strategy
Unconventional Thinking required for
protection
• Technology
–Deception Technologies
– IPF,DKIM,DMARC
• Human Control
• Cyber Drills
16
![Page 17: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/17.jpg)
Agenda
• Overview
• Protective Technology
• Data Protection
• Cyber Liability Insurance
• Question & Answers
17
![Page 18: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/18.jpg)
Data Classification
• From Organisational perspective
– PII or SPDI*
• Customers
• Employees
– Audit Logs (like his login and transaction details)
– Organisation Data
• Financial
• Vendors
* There are regulatory requirements for protection of these data
18
![Page 19: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/19.jpg)
PII or SPDI
(iii) "sensitive personal data or information" means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.
19
![Page 20: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/20.jpg)
What Constitutes SPDI ?
(i) Password
(ii) Financial information such as bank account, credit card, debit card or other paymentment details
(iii) Physical, physiological and mental health condition
(iv) Sexual orientation
(v) Medical records and history
(vi) Biometric information– Finger prints
– Eye retina and irises
– Voice patterns
– Facial patterns
– Hand measurement
– DNA
Rules &
Regulatio
ns
20
![Page 21: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/21.jpg)
Sec-43 A
• Where a body corporate, possessing,
dealing or handling any sensitive personal
data or information in a computer resource
which it owns, controls or operates, is
negligent in implementing and maintaining
reasonable security practices and
procedures and thereby causes wrongful loss
or wrongful gain to any person, such body
corporate shall be liable to pay damages by
way of compensation, to the person so
affected. (Change vide ITAA 2008)
21
![Page 22: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/22.jpg)
Talk of the Town
• Fine: 20,000,000 Euros or 4% of Global Turnover, for offenses related to:
–Data processing;
–Consent;
–Data subject rights;
–Non-compliance with DPR order; and
–Transfer of data to third party
22
![Page 23: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/23.jpg)
Data Protection Framework-India
• Committee of Experts under the
Chairmanship of Justice B N Srikrishna,
Former Judge, Supreme Court of India, to
identify key data protection issues in India
and recommend methods of addressing
them.
• Released for Public Comments on 27th
Nov 2017
• 243 pages
23
![Page 24: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/24.jpg)
Contents
• Part-I Context Setting
• Part-II Scope and exemptions
–Ch3- What is personal Data?
–Ch4- SPDI
–Ch5- What is processing?
• Part-III Grounds of Processing
Cross reference to GDPR
24
![Page 25: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/25.jpg)
New Trends in Data Protection
• Tokenisation
–PCI
–Aadhaar Data
• Data Vault
25
![Page 26: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/26.jpg)
Tokenisation
26
![Page 27: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/27.jpg)
Information Security Governance for
Data Protection
• Board Level review of the policies
• Legal requirement mapping and review
• Budgetary allocations
27
![Page 28: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/28.jpg)
Agenda
• Overview
• Protective Technology
• Data Protection
• Cyber Liability Insurance
• Question & Answers
28
![Page 29: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/29.jpg)
Transfer of Risk
• Most of the Cyber Risks can be
transferred through Liability Insurance
• Bajaj Allianz has launched a policy for
Individuals as well recently
29
![Page 30: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/30.jpg)
Companies Offering Cyber LiabilitySrl
No
Insurance Company
Name
Product Name UIN
1 Bajaj Allainz BAJAJ ALLIANZ CYBER PROTECT
PREMIUM -DIGITAL BUSINESS
AND DATA PROTECTION
INSURANCE
BAL-LI-P15-11-
V01-15-16
2 HDFC ERGO HDFC ERGO CYBER
SECURITY INSURANCE
POLICY
IRDAN125P0005-
VO1-2011-12
4 Tata AIG CyberRisk Protector Insurance IRDAN108P0
003V0120
1314
5 Universal Sompo* Cyber Security Insurance USG-LI-P13-
103-V01-
12-13
30
![Page 31: Senior Management Awareness presetnation](https://reader033.vdocuments.site/reader033/viewer/2022051710/5a65ab717f8b9a38648b4997/html5/thumbnails/31.jpg)
Types of Losses Insured
31
Third Party
First Party
Services/Expenses
Exclusions
Similar to Own Damage
and Third Party Damage
in Motor Insurance