‘Smart’ & connected device is sitting duck for hackers

Blog, News

Amrita Didyala| TNN | Dec 15, 2017, 07:38 IST

HYDERABAD: Anything ‘smart’ is hackable and anything connected can be remotely hackable, was the message spelt loud and clear by experts at the two day International Cyber Security Conference-2017 on Thursday.

And, if connected, devices like your smart-camera fitted television isn’t enough, future attacks can be launched directly from human brains with a future attacker launching a highly-sophisticated attack by just thinking of a strike and artificial intelligence carrying it out.

“Brain computing operations, which uses intelligent technologies like machine learning and natural language processing to mimic the way the human brain functions, is something that a handful of companies are researching. The future attacks can even be through brain computing operations,” pointed out Colonel Daniel Noy (Retd), senior director for CERT projects, Rafael Advanced Defense Systems Limited. Some experts say the camera of a smart TV may be vulnerable to attackers spying on a person’s homes by hacking into the TV set.

In the fast-changing world of information technology explosion, every home/office is becoming a mini data centre of sorts as there are no longer any defined boundaries or fences. “We are moving from technology to super technology, from connectivity to hyper connectivity and crypto-based economies. Everything is changing fast and there is definitely no defined fence that you can protect. It is not enough to know how to use a computer, we need to know how to use it safely,” Ram Levi, CEO, Konfidas, said.

Dr Shai Moses, consul for trade and economic affairs, Consulate General of Israel in Bengaluru, pointed out the need for collaboration and sharing of expertise with the world and said cooperation between Israel and India on security was the need of the hour at the conference, organized by Kenes Exhibitions India Private Limited.

“India needs to scale up the development and train more people to check for cyber security. Not just IT professionals but there can be several other roles like analyst, forensic and crisis officers,” said Levi.

Speaking to TOI, Levi said all generations need to be educated about cyber risks. “India should provide training in open schools about ethical hacking and audit the cyber security. This will also increase the employment in the country. The people who are still unaware of the technology need to be educated,” he added.

According to Levi, more companies should invest in cyber security and it should be regulated. “No company will spend extra on cyber security, unless its regulated. If there is regulation, the companies will get cyber experts and analysts to check the risks,” said Levi. The Israeli government provides 6 % to 8% of the information technology budget for cyber security, he said.

Eli Zilberman Caspi of Israeli cyber security consultancy firm Konfidas says, “It’s like a tsunami coming in” but no one is taking notice of the danger.

“Its magnitude is misunderstood. It is quite a task to identify the data asset (that falls under the regulation space) and assess what part of it is private data. Making every employee in an organisation aware of the requirements is important,” he told BusinessLine.

Caspi was here to attend a two-day international conference on cyber security.

“It is the responsibility of firms that do business in the EU to ensure that the companies they engage in executing the business comply with the norms. If you are not complaint, you could face harsh fines,” he said.

***

Voter & PAN database too not fortified from hackers

TNN | Dec 15, 2017, 08:17 IST

HYDERABAD: Hackers can easily access your voter or PAN data and get away. Even if they are caught, they will get a three-year jail term. Reason: Crucial ‘critical’ cyber infrastructure is yet to be notified by government/independent entities under the Information Technology (IT) Act.

The state too is yet to notify cyber infrastructure under the IT Act. An amendment to the Act had mandated that all critical infrastructure should be notified. As a result, anyone (read hacker) who messes with the critical infrastructure, could escape with just a three years jail term, while if notified the imprisonment would be up to 10 years.

Speaking at a session on ‘Protecting critical infrastructure’ at the Cyber Security Conference, Symantec Corporation director (Government Affairs, India and ASEAN Region) Deepak Maheshwari said the voter database and even PAN card details have not been notified. “Since the law came into force, less than 10 notifications were issued. Not a single system under the ministry of defence or RBI has been notified,” he explained.

Other experts pointed out the need to define critical as everything cannot be protected. “We have to defend wisely and understand what is critical,” Dr Ram Levi, CEO, Konfidas, a security company, said. Speaking about the first cyber attack on the electric grid in Ukraine, Col Daniel Noy (Retd) of Rafael Advanced Defense Systems Limited, said attacks happen due to human failure and other issues.