Entries by Kishore Kar

Cyber Security Expertise in India

Indian industries are already facing a shortage of skilled security professionals. The major dearth is of competent experts who understand the subject very well and can work to mitigate the risks. The shortage is going to be more acute, as demands for compliance goes up with regulations like IT Act, sectoral guidelines issued by RBI […]

Friendly Hackers

Here’s a surprise — there are as many friendly hackers as there are malicious ones. At least 32 previously unknown vulnerabilities were aired at the recent Black Hat hacker conference in Las Vegas. More will come from the other big hacker conference, Def Con. Some of those bugs have been found in control systems for […]

The Insider Threat

In a recent report by PwC1, they concluded that only about 10% of cyber crimes have been perpetrated by insiders in 2014/15. However that is rising faster than external hacking, and the consequences are often far more damaging. The 5 major categories of insider crime are Fraud, Espionage, Sabotage, Unauthorized Disclosure and Intellectual Property Theft. […]

Easy Money

Cyber security attackers have become extremely sophisticated at implanting malware in your systems and evading detection as they quietly steal your sensitive data. While that threat is increasing in popularity among clever hackers, there remains a thriving community of criminals who are far less sophisticated and are making a good living out of one of […]

Your Health Check

When you see your doctor for a medical check-up, the results are kind of predictable, and not very actionable – lose weight, get more exercise, and avoid stress. A cyber security health check can be much more insightful and actionable, and I recommend that your company does this regularly. A cyber security diagnostic includes: Focus […]

An Architect’s Nightmare

Your digital security architect has a terrible job. The bad guys are smart, sophisticated, and quick at evolving their attack techniques. Your company is slow to respond, unwilling to invest, and almost certainly ignorant of the risks they are taking with their valuable assets. You are a sitting duck, and probablyhavealready been compromised but don’t […]

The Humble Password

Cyber security is an extremely complex science, but the most important aspect is the humble password. If I know your password, then I can impersonate you and get access to your sensitive data. Whereas a simple 7-digit alpha-numeric password can be cracked in a matter of minutes, the entropy of a “strong” password is uncrackable. […]

Cyber warfare – protect your family jewels

Your company has terabytes of data, scattered across servers, workstations, laptops, smartphones etc. It is impossible to protect it all. The good news is that only a proportion of that data is sensitive. So the problem reduces to identifying the sensitive data (such as customer details database, financial records, and healthcare data or Point of […]

More companies pay cyber ransom than you would imagine

If malware is implanted in your company servers and you receive a ransom demand, you are very unlikely to tell people that you decided to pay up, right? In a recent survey from Threat Track Security, 30 percent of the 250 organizations polled said they would negotiate with a cyber-criminal to get their data back. […]

All Talk and No Action

For the first time ever, CEOs have ranked cyber security as their top business concern. And yet there is little evidence that they are taking action to mitigate this risk. 43% of companies surveyed report that their spend on cyber security is flat year-onyear. Why is there such a contrast between concern and action? Well, […]