tsaro logo

HealthCare Sector at CyberAttack Risk

Digital technologies are making Patient care easy and efficient and are providing better outcomes. Regardless, the upgrade of digital technologies and the increasing interconnectedness between different healthcare systems come with advancing cybersecurity dangers.

The advantages of healthcare technology advancement are undeniable. For example, electronic health records (EHRs) have evolved critically to enhance Patient outcomes and diagnostics, with 75% of healthcare providers conveying that EHRs help them supply adequate patient supervision.

Providers are rapidly relying on technological advances that have raised healthcare cybersecurity threats. For example, the cybersecurity company Emsisoft reports that the U.S. had over 560 Cyberattacks against healthcare facilities in 2020.
What can healthcare organizations do to manage cyber Attacks? Following are some strategies to follow:

  • Enforcing Technical and technological cybersecurity measures
  • Constructing a group of skilled professionals to ensure cybersecurity in the healthcare department.
  • Designing a healthcare cybersecurity strategy focused on patient privacy protection
  • Addressing vulnerabilities in legacy systems in healthcare
  • Keeping tabs on new consequences to comprehend information technology (IT) challenges

These measures can strengthen an association’sassociation’s cybersecurity protection, underrate security breaches in healthcare, and ensure that critical systems remain active to reduce the impact on patient supervision.

Healthcare Cyber Security: Critical Issue

It is an area of information technology that focuses on safeguarding healthcare systems. These systems contain EHRs, health tracking devices, medical equipment, and healthcare delivery and management software. Healthcare cybersecurity concentrates on controlling attacks by protecting systems from unauthorized credentials and exposing patient information. The primary purpose is to assure the confidentiality, availability, and integrity of crucial patient data, which, if compromised, could put patient lives at stake.

Hospitals board hundreds and even thousands of patients, and as a result, they become excellent targets for hackers and make healthcare cybersecurity a critical consideration for hospital administrators.

Hancock Regional Hospital in Greenfield, Indiana, experienced an attack in 2018 and revealed how a ransomware attack could affect cybersecurity in hospitals. Cyberpunks accessed backup system data and eternally corrupted files, including EHRs.

Yet, the hospital stayed functional even after the IT team closed down the network.
However, the attack did affect the hospital financially, and it had to settle for a ransom of Four Bitcoins, i.e., $55,000, in exchange for its leaked data.

Cyberattacks come in numerous constitutions, from ransomware to theft of personal information. However, four issues are common throughout healthcare:

  • Patient privacy protection
  • The vulnerabilities of legacy systems
  • The challenges of IT in healthcare
  • Security breaches in healthcare

Patient privacy protection

As the healthcare industry is becoming more technologically associated, the risk of cyber theft also increases. The two types of robbery are outside theft and insider misuse.

External theft: Hackers outside a healthcare organization infiltrate Healthcare System and steal the Patient’sPatient’s Data for financial gains. For example, they use patients’ information to submit fraudulent claims to health insurers. External theft can also retain cyberpunks pushing healthcare organizations to settle a ransom amount in recovery for restoring patient data systems.

Insider misuse: Insider misuse often comes from stealing patients’ information for financial benefits or malicious intent. Other types of insider mishandling include curiosity (unwarranted access to data unrelated to care delivery) and comfort (overriding security protocols to make a job more accessible). Involuntary activities, such as human mistakes, mistyping, opening, or clicking phishing emails, make up the rest of insider misuse cases.

Vulnerabilities of legacy systems in healthcare

Despite various benefits, digitization offers many healthcare systems that keep outdated legacy systems for the following reasons:

Strict Budget: Shifting to a further system includes the expenses of purchasing the latest technology and paying technicians. It may also mean downtime, which facilitates possibilities for a healthcare structure to generate revenue.

Compliance guarantee: New equipment and technology can be tedious, therefore, organizations already gone through the process once, may surely prefer to avoid undertaking it again.

Upskilling costs: Training staff on new methods is time-consuming and expensive but essential to underrate mistakes. Jointly with training from technology agents, can aid supervisors in incorporating teamwork principles into contemporary healthcare strategies.

Complacency: Healthcare associations may restore an issue only after a system collapse. A bold strategy for substituting legacy systems can help avoid future problems.

Challenges of IT in healthcare

The advanced use of IT in healthcare has delivered advantages such as finer communication between doctors and patients, mechanization of manual duties, and improved contact between physicians caring for the same patients. In addition, IT and digitization have entrusted patients to make sounder judgments about their supervision, as patients have greater access to data about their fitness.

Benefits of IT and digitization in healthcare:

  • Easing inefficiencies
  • Enhancing healthcare access
  • Reducing healthcare expenses
  • Improving maintenance grade
  • Delivering personalized treatment for patients

To accomplish the advantages, related technologies are essential, although they are also prey for cyberattacks and data breaches. Despite external violations exceeding inner misuse as the predominant source of security risk, internal abuse is typical in the healthcare industry compared with other sectors, according to Verizon.

Security breaches in healthcare

In 2020, the healthcare industry witnessed hackers seizing the benefit of COVID-19 apprehensions. One example concerned an email about a presumed “coronavirus map” to track COVID-19 cases, and on clicking the link, it triggered information stealer malware that stole passwords and credit card information.
Some of the most significant data violations of 2020 came from vulnerabilities in healthcare vendor systems, phishing attacks, and fraud schemes.

Related Tag- phishing attack, cyberrisk, cyberattack, healthcare risk, breaches, security, patient privacy protection, healthsector cyberrisk, cybersecurity

Online Charging System

OCS is a specialized transmission function that permits an assistance provider to charge a user for services in real-time. The OCS handles the subscriber’s account balance, assigning transaction control, correlation, and rating. In addition, OCS assists a telecom operator in ensuring that credit limits are enforced and resources are authorized based on transactions.

Traditional online charging systems charge the Customer after a service is generated, whereas the OCS charges as services are developed. Therefore, OCS is more flexible than Intelligent Network (IN) prepaid solutions.

 1. Architecture

   1.1 Event-Based Charging

  1.2 Session-Based Charging

    1.2.1 Account and Balance Management

Online charging system overview (Source- researchgate.net)

Event Based Charging

An Event-Based Charging Function (EBCF) is employed to seize events based on their happening, preferably than their course or volume used in the event. Typical events include SMS, MMS, and content purchase (application, game, music, on-demand video, etc.).

The event-based charging operation is employed when the CC-Request-Type AVP = 4, i.e., for event proposal ex: diameter-SMS or diameter.

Let us assume a sample of Event-based Charging. 

  1. Cost of one apple is Rupees 25/- You pay the amount, take the apple and go. Likewise, sending a text message may cost you Rupee 1/- and that’s it. But, on the other hand, you subscribe to Caller Ring Back Tone (CRBT), which costs you Rs.30/- a month, irrespective of the number of calls you receive in a month. Therefore, we can term event-based Charging as a one-time or one-time occurrence cost.

 

Session Based Charging

The session-based charging function (SBCF) is responsible for the online Charging of network/user sessions, e.g., voice calls, IP CAN bearers, IP CAN offer sessions or IMS sessions.

Let us consider an example of session-based Charging. Utility services like electricity or water are charged based on overall usage for a specific time duration. For instance, you consume ‘x’ power units in a month and pay for units engulfed in that month. However, the use may vary monthly and hence the charges, similarly for drinking water, etc. Therefore, charging based on how much one consumes is metered or session-based.

 

Account and Balance Management

The account balance management function (ABMF) is the subscriber’s account balance location within the OCS.

LTE OCS-Online Charging System | OCF-Online Charging Function

Online charging architecture (source- rfwireless-world)

In OCS, charging events are received by the “Online Charging Function (OCF). ”
The OCF decides about the usage of resources based on the Rating Function (RF) and Account Balance Management Function (ABMF).
CTF stands for Charging Trigger Function.

Offline Charging System

Offline Charging authorizes Subscribers to consume the benefit without an upfront balance check or reservation. Post Service consumption and usage logs in the state of files & batches are processed for charging the Customers. These service usage files are called Charging Data Records (CDRs) or Event Data Records (EDRs).

As it’s not practical to send this large no. of files (different formats) through other Network nodes directly to the billing system, they are first adjudicated through a technique known as Mediation. It models between the Network layer and the BSS layer.

Mediation in offline charging (Source- RajarshiPathak)

Mediation system performs operations like: –

  • Raw CDRs Collections via PUSH or PULL method. CDRs file format can be ASCII, CSV, Binary, TAP, XML, etc.
  • Validating, Filtering & Parsing the CDR’s.
  • Processing/Enriching the records as per the Northbound systems (like Rating Engine, Interconnect System, Roaming Clearinghouse, RA, FMS, Reporting, etc.) requirements.
  • Distributing the processed CDRs to Northbound systems.

Offline Charging mechanism works for Service usage: –

  • Customer initiates service usage.
  • Raw CDRs get generated about this usage. Usage can be Session-based (e.g. Video call) or Event-based (e.g. File transfer/SMS).
  • Accounting-Request (ACR) and Accounting Answer (ACA) Diameter Messages are used to construct CDRs for service usage.
  • Raw CDRs are collected and processed by the Mediation system.
  • Processed CDRs from Mediation are guided to the Rating Engine.
  • CDRs are rated by Rating Engine as per the rate plans by measuring the events.
  • Rated Event data gets generated and stored in the Billing system.
  • Billing process picks up these rated events during the bill run for calculating the Usage charges to be applied on the Bill.
  • Bill gets generated for initiating Customer payments.


Source- netmanias.com

Offline Charging supports Session-based (like Voice calls or YouTube browsing) and Event-based (like SMS, File transfer over Instant Messaging) services. In addition, operators use the Customers’ credit limit for the service allowance. Therefore, revenue leakage will be minimal when the CDRs are rated as soon as they are generated during service usage.

Offline Charging mechanism as per 3GPP standard: –


Source- netmanias.com

CTF (Charging Trigger Function): The network node generates charging triggers whenever a customer uses services. Examples are GGSN, PGW, SMSC, etc. In addition, it sends Diameter Accounting-Request (ACR) messages to CDF to generate Raw CDRs.

CDF (Charging Data Function): This network node renders Raw CDRs by processing ACR/ACA messages established on service consumption. On obtaining ACRs, CDF processes the offline charging information and induces the CDRs. Using Accounting Answer (ACAs) messages, inform the CTFs that the Charging record has been developed.

CGF (Charging Gateway Function): The Mediation system processes the Raw CDRs and transmits the processed CDRs to the BSS systems. More details of Mediation are mentioned above.

Billing System

Use documents obtained from CGF (or Mediation) are placed by the Rating Engine. Rated Event data gets generated and stored. The billing process consumes the rated events held in the database and counts the Usage charges against the Customer’s Bill. During Bill Run, expenses like monthly recurring, one-time, cancellation, etc., are also processed along with usage charges. In addition, actions like billing term deals, adjustments, compensations, taxes, etc., are also assessed during the Bill Run. Once the Bill is concluded, it accepts the Payments against the Invoice.

Related Tags: payment, online charging, offline charging, billing, security, taxes, charging data, charging gateway, data management.

Industrial Control System

Sometimes, you can deploy firewalls or physical security measures to segment an asset and prevent an intrusion. In other circumstances, you may have to transition to an entirely new approach—even if that means replacing an otherwise functional segment.

Common ICS Threats

Years ago, the industrial cycle was powered by machines without computational abilities. Therefore, they could not be influenced by secluded hacks, network interruptions, or data exfiltration. However, in the existing industrial landscape, there are several omnipresent threats.

External Threats and Targeted Attacks

Because industrial processes directly impact many people’s health and quality of life, they are often the prey of hacktivists, terrorists, and others seeking detriment.

It requires a defense-in-depth strategy that covers crucial systems from those striving to interrupt or stop necessary procedures. Even a momentary interruption would be adequate to influence the lives of thousands. An outer person or group aims to steal intellectual property, exfiltrate data or stop production to either yield a competitive benefit or cause damage to targeted parties.

Internal Threats

As many ICS systems lack authentication standards that govern who can access respective production elements, when a person has been granted access, they may be able to affect many machines and systems all by themselves. This makes internal threats particularly problematic because one individual can do much harm.

With the preface of malware to a software-dependent system, it can halt the entire production. Also, with credentials to an internal database, a thief can pocket large amounts of data quickly and easily.

Human Error

Human error—such as misconfiguring equipment, incorrectly programming machinery, or overlooking alerts—can considerably affect operations. Often, these mistakes may result from a well-meaning person serving someone with more understanding of operating a machine or system—their lack of experience upshots in pricey supervision.

ICS Security Best Techniques

Limit access to the crucial regions of the system’s network and functionality. For example, firewalls can form a fence between the machinery and the organization’s grid.

Confine those who do not need a physical permit to come into contact with necessary ICS apparatuses. This may enclose physical actions like guards or digital methods such as card readers.

Use security measures for individual elements of the ICS. To do this, you can block unused ports, seat security patches, and implement least-privilege principles to ensure that only those who require access to the system can.
Safeguard data from being altered while it is being stored or transmitted.

Security Standards

Several security standards are commonly involved in ICS cybersecurity. These incorporate the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82, legislated by the U.S. Department of Commerce to sustain advanced secure, valuable methods in industrial backgrounds.

Also, the American National Standards Institute/International Society of Automation has published the ANSI/ISA A99 benchmark. This body sustains automated interfaces for establishments managing their control systems.

How Can TSAROLABS Assist?

The TSAROLABS industrial control systems/supervisory control and data acquisition key protect various industrial aids and approaches. Security is facilitated by preferring the most efficacious tools for corporate IT infrastructures, concealing from the data camp to the network edge to the cloud.

Visibility hinges on defining the attack surface’s various elements and the data traveling to and from each area. Control is achieved through network segmentation and micro-segmentation, sandboxing, quarantining, and multi-factor authentication (MFA) strategies to control who has credentials to limit the consequence of events.
Behavioral analytics studies the practices of users, computers, and networks to detect risk events and incorporates reacting to events and limiting or inverting their impact on the system.

Related Tags
Cybersecurity, Cyber Attack, Industrial Control System, Firewalls, Network Interruption, data exfiltration, Internal Threat, Human Error.

Shoulder Surfing at cafes and offices – An underestimated threat

Are you safe working at cafes, offices, and co-working spaces?

Well, the answer is No. It’s laughably low-tech, but shoulder surfing, or snooping over people’s shoulders to pry at the information displayed, is increasing – and there’s a good chance it’s happening to you.

Shoulder surfing is one of the most undervalued threats that is rapidly advancing. It is a type of social engineering that is aimed at obtaining personal information through interpersonal connection. There are two types of shoulder surfing.

The first type of attack is when direct observation is used to obtain access to data. For example, a person looks directly over the victim’s shoulder to observe when they enter data, such as their PIN, at a checkout terminal.

In the second type, the victim’s actions are first recorded on video. Criminals can then analyze these videos in detail and obtain the desired information later. Nowadays, it is possible to use video recordings to determine the PIN for unlocking mobile devices, even if the display cannot be seen in the video. The movements of a user’s fingers are enough to determine the access code.

Shoulder surfing can happen anywhere at any given point in time. So one must be aware of their surroundings while working on mobiles/desktops/laptops/ATMs/Filling necessary forms at banks, offices, etc.

The person can be a little far away, e.g., sitting some rows behind you on a train and using their mobile phone to video or take pictures of what they can see on your screen. Which they later use to retrieve information or access your account.

While using an ATM, someone positioned themselves in such a way that allowed them to watch you enter your PIN. In a rush, you leave the ATM with your card and money without ensuring it exited entirely out of your account. If the ATM doesn’t require the card to be inserted for the entire transaction, other transactions are permitted if you don’t confirm that you have any other trades to make as long as the attacker knows the PIN.

Crowded public transit makes it easy for attackers to see the device screens of others or hear the conversations of others. In these cases, they’re looking over the victim’s shoulder.

The victim accidentally leaves their device unattended in a public place. Having watched the victim enter his password into their computer moments before, the attacker can unlock the device with this information, putting any sensitive data on the computer at risk.

Some quick tips to avoid shoulder surfing

  • Eliminate passwords: The ONLY way to prevent password-based attacks is by eliminating passwords. Learn more about passwordless authentication today and keep your most critical applications secure.
  • Add a privacy screen to your devices: Using attached privacy screens dramatically lessens the risk of data disclosure. Some glass protector manufacturers have versions with a privacy screen, which protects your phone’s glass and the information on your phone, too.
  • Always be aware of your surroundings: Don’t let your guard down in public places. Attackers gravitate to those that they see as the easiest. If you’re distracted, you may not notice someone is watching you and what you’re entering into the device or the ATM.
  • Use biometric authentication instead: Biometric authentication, either using your fingerprint or face, can offer additional security that a PIN cannot. Since the attacker never sees you enter a physical PIN, they can’t log into the device.

 

Related Tags: cyberattack, hacking, security, cyberrisk, financesecurity, data, authentication, cybersecurity

The Uncharted Maritime – A Cyber Risk, that India needs to address immediately

Maritime cyber risk alludes to a proportion of the degree to which an innovation resource could be a potential circumstance or event, which might bring about transportation-related operations, safety, or security failures because of data or frameworks being corrupted, lost or compromised.

Cyberattacks on overall port offices have featured the critical requirement for port facility security officers (PFSOs) to redesign their network safety information and abilities.

According to IMO (International Maritime Organization), the Maritime Safety Committee, at its 98th session in June 2017, also adopted Resolution MSC.428(98) – Maritime Cyber Risk Management in Safety Management Systems. The resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.

Recently, some port communities have taken key first steps to drive cyber security capability development in their environments by engaging with investors and experts. For example, cyber security efforts are rapidly strengthening at key port trade hubs as a direct result of a new wave of investment accelerators, technical centers of excellence, and academic programs focused on innovative technologies, including start-ups in ports and maritime trade logistics.

Cybertechnologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping and protection of the marine environment. In some cases, these systems are to comply with international standards and Flag Administration requirements. However, the vulnerabilities created by accessing, interconnecting, or networking these systems can lead to cyber risks which should be addressed. Vulnerable systems could include, but are not limited to:

  •  Bridge systems
  • Cargo handling and management systems
  • Propulsion and machinery management and power control systems
  • Access control systems
  • Passenger servicing and management systems
  • Passenger facing public networks
  • Administrative and crew welfare systems and
  • Communication systems

Also, Cyber incidents can arise as the result of:

  • A cyber security incident, which affects the availability and integrity of OT, for example corruption of chart data held in an Electronic Chart Display and Information System (ECDIS).
  • An unintended system failure occurring during software maintenance and patching, for example using an infected USB drive to complete the maintenance.
  • Loss of or manipulation of external sensor data, critical for the operation of a ship. This includes but is not limited to Global Navigation Satellite Systems (GNSS), of which the Global Positioning System (GPS) is the most frequently used.
  • Failure of a system due to software crashes and/or “bugs”.
  • Crew interaction with phishing attempts, which is the most common attack vector by threat actors, which could lead to the loss of sensitive data and the introduction of malware to shipboard systems.

Perceiving that no two associations in the transportation business are something similar, these Guidelines are communicated in expansive terms to have a far-reaching application. Ships with restricted digital related frameworks might track down a basic use of these Guidelines to be adequate; in any case, ships with complex digital related frameworks might require a more prominent degree of care and ought to look for extra assets through respectable industry and Government accomplices.

A few functional elements that support effective cyber risk management and these functional elements are of not sequential, and all should be concurrent and continuous in practice and should be incorporated appropriately in a risk management framework:

  1. Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data, and capabilities that, when disrupted, pose risks to ship operations.
  2. Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.
  3. Detect: Develop and implement activities necessary to detect a cyber-event in a timely manner.
  4. Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.
  5. Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.

Few Organizations to watch:

IAPH (International Association of ports and Harbors) – Founded in 1955, is a non-profit-making global alliance of 170 ports and 140 port-related organizations covering 90 countries. Its member ports handle more than 60 percent of global maritime trade and around 80 percent of world container traffic. IAPH has consultative NGO status with several United Nations agencies. In 2018, IAPH established the World Ports Sustainability Program (WPSP). WPSP covers five main areas of collaboration: energy transition, resilient infrastructure, safety and security, community outreach and governance.

ICHCA (International Cargo Handling Coordination Association) -Founded in 1952, is dedicated to improving the safety, security, sustainability, productivity and efficiency of cargo handling by all modes and through all phases of national and international supply chains. ICHCA International’s privileged NGO status enables it to represent its members and industry at large in front of national and international agencies and regulatory bodies including IMO. ICHCA’s International Technical Panel also provides technical advice and publications on a wide range of practical cargo handling issues.

Cyberattack scenarios at the port community level

  • Acquiring critical data to steal high value cargo or allow illegal trafficking through a targeted attack.
  • Propagation of ransomware leading to a total shutdown of port operations.
  • Compromise of port community systems for manipulation or theft of data.
  • Compromise of operational technology systems creating a major accident in port areas.

The Organizational ISSUE: To exacerbate the situation, implications will fill the vacuum made by the shortfall of normal definitions. For instance, when the term ‘cyber security’ emerges in the administration gatherings of numerous associations, non-technical leadership habitually highlight the “IT Person” as the de-facto individual answerable for dealing with the cyber risk. Such a response, and the practically visually impaired spread of this insight inside numerous associations and gatherings thereof, basically addresses a dismissal of aggregate liability. C-level administration could rather embrace by figuring out that digitalization and cyber security “are not IT issues, but rather business issues.” However, establishing a shared vocabulary is just the first step in creating a common language. The challenge remains to bridge the language barrier between technical and nontechnical leadership, with the latter group representing most port community stakeholders.

Asking yourself? What is lacking in Cyber defense of port security?

While the reasons for the lack of a community approach vary with each port, typical contributing factors include:

  1. Lack of a Port Community Policy
  2. Lack of Visibility
  3. Unwillingness to Share Cyber Information
  4. Lack of Resources
  5. Early Warning System
  6. Collaboration Forum

Case Study Example:

  • The Port of Los Angeles Cyber Security Operations Center employs advanced technologies with layered detection capabilities. At the perimeter of the network, some 40 million unauthorized intrusion attempts are blocked every month. Within the network, multiple intrusion detection layers are used to continuously search for, detect and contain suspicious activities.
  • The Port of Rotterdam Authority has developed its own cyber crisis response strategy which includes a Port Crisis Team. The aim of this team is to make strategic decisions on the continuation of safe and efficient handling of shipping. The Port Crisis Team is supported by three action centers. One focuses on maritime issues, another on solving the IT issue at hand and the final center aims to align communication (both inward and outward) between the parties involved.

Recent Scenario in India:

Mumbai Port under Ransomware attack: A suspected cyber-attack of the management information system (MIS) has vastly affected the container terminal run by the state-owned port authority at Jawaharlal Nehru Port which handles about 50% of the overall containerized cargo volume, across major ports in India, this incident was happened on February 21, 2022. This the same port that was under cyber attack in the year 2017 as well, as you see the more blind spotted Ness among the companies that handle the ports and government of India not taking proper measurements like the contingency plans for cyber threats and action response/ Incident response to happen this has been failed. As this port is handled by Danish shipping giant AP Moller-Maersk, which said that the cyber-attack had caused outages in its computer systems globally and couldn’t share proper details.

As these types of attacks will increase the load at other connected ports and without proper contingency plans, we can say it’s a clear “Critical Infrastructure Failure” by the government and by the shipping community which I personally hope they will resolve this at the earliest.

This is one of the key Industrial Control Security failure that a developing country like India, with huge population needs to address immediately as Nation wide threat actors are espying on the areas of vulnerabilities.

Published bySai Ram

Source:

https://www.iacs.org.uk/publications/recommendations/161-180/rec-166-new-corr2-cln/

https://www.ics-shipping.org/wp-content/uploads/2021/02/2021-Cyber-Security-Guidelines.pdf

https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/MSC-FAL.1-Circ.3%20-%20Guidelines%20On%20Maritime%20Cyber%20Risk%20Management%20(Secretariat).pdf

https://sustainableworldports.org/wp-content/uploads/IAPH-Port-Community-Cyber-Security-Report-Q2-2020.pdf

 

Related Tags- cyberrisk, cyberattack, transportation, data, framework, cybertechnology, security, cybersecurity, sensordata, protect, detect, protection

Personal Data Protection Bill 2022

The Digital Personal Data Protection Bill 2022 tries to protect personal data while also pursuing users’ consent in what the draft claims are “precise and plain speech,” depicting the identical kinds of data that will be composed and for what purpose.

Divisions of “significant” dimensions – founded on aspects such as the volume of information they process – should appoint an autonomous data auditor to evaluate compliance with provisions of the law.
Enterprises will be mandated to stop controlling user data if it no longer suits the business objective for which it was amassed. However, users shall have the right to modify and erasure their data.
The administration will have the power to specify the countries where companies can transfer personal data. This will allow businesses to send user data to servers in nations on that list. In addition, the government will establish a “Data Protection Board” to ensure compliance with the proposed law. The board will also hear user complaints.

The Data Protection Board can impose financial fines for non-compliance. The draft proposal said that the collapse of commodities to take reasonable security precautions to prevent data infringements could result in penalties of up to 2.5 billion rupees ($30.6 million).

No company or institution will be entitled to process private data that is “likely to cause harm” to children, and advertising cannot target juveniles. In addition, parental consent will be required before processing any confidential data of a child.
The law will cover unique data collected online and digitized offline data. It will also apply to processing confidential data abroad if such data involves profiling Indian users or selling assistance to them.

Security-rich cloud services for the BFSI industry

Need for Cloud Security

Cyber threats to the BFSI system are rapidly increasing. The average cost of a financial services mega breach in 2022 was USD 387 million, taking 277 days to identify and contain a violation. And hence the global community must cooperate to protect it. Financial institutions are the richest sources of personally identifiable information of clients, customers, and stakeholders—they are primary breach targets and need a comprehensive threat defense plan.

Customer expectations, emerging technologies, and alternative business models are changing, and financial institutions must start implementing an action plan to help them prepare for any future threat. Recognizing the importance of cloud adoption, safe migration, and cloud security are significant. Cloud is the most uncontroversial goal for banks and other financial services firms to store and protect data and applications and permit advanced software applications via the internet. In addition, once massive data sets are combined in one place, the institution can apply advanced analytics for integrated insights.

Benefits to BFSI by adopting Cloud technologies

By moving workloads to the cloud, financial institutions can achieve the following.

  1. Securing sensitive data of customers and mission-critical workloads safe and compliant.
  2. Mitigating risk and accelerating cloud adoption for their most sensitive workloads.
  3. Financial institutions can reshape customer experiences, streamline operations, and unlock new revenue models. Compromising security or regulatory compliance is unacceptable, especially on a public cloud.
  4. Address compliance requirements with a standard controls platform built in collaboration with the finance industry.
  5. Accelerating innovation with an ecosystem of ISVs, fintech, and SaaS providers
  6. Protecting data with industry-leading security capabilities
  7. Operate with choice and agility using hybrid cloud deployment options
  8. Reduce your time to obtain cloud production approval using a standardized framework, compliance posture documentation, and continuous compliance tooling
  9. Protection of Identity and Access through Cloud Identity and Access Management solutions. Financial Institutions must achieve authentication and authorization of user accounts and Access controls to restrict legitimate and malicious users from entering and compromising sensitive data and systems. In addition, password management, multi-factor authentication, and other methods of IAM make a strong cloud posture.

Want more from us on Cloud Services?
Please visit our service page https://tsarolabs.com/cloud-services/ to know more.
Get in touch with our security experts at connect@tsarolabs.com to understand you better!

Supply Chain Attacks

Supply chain attacks are diverse and impact various industries. For example, the manufacturing industry has witnessed massive cyber security attacks by tampering with a company’s manufacturing processes, either by hardware or software. Due to the weak links in the supply chain, criminals get access to organization data and systems to infiltrate overall digital infrastructure.

Installing Malware at any stage of the supply chain can cause either disruptions or outages of an organization’s services. Therefore, manufacturers must be aware of many familiar sources of supply chain attacks, for example, commercial software, open-source supply chains, and foreign products.

How can manufacturers detect a supply chain attack?

  • Building a systematic verification process for every possible pathway into a system. An inventory of all the assets and data pathways within a supply chain should be made, which should help detect potential security gaps within a system.
  • To create a threat model of the organization’s environment. The threat models can include assigning assets to adversary categories.
  • Cyber security training for the workforce and top management must be deployed to timely identify, respond to, and monitor the threats.

How can TSARO Labs help manufacturers Mitigate the Risk of Supply Chain Attacks?

  • Evaluate the Risk of Third Parties by complying with appropriate cybersecurity regulations, conducting self-assessments and audits, and investing in proper cyber insurance.
  • Limit Users’ Ability to Install Shadow IT (Unapproved Software) and Audit Unapproved Shadow IT Infrastructure
  • Include Appropriate Termination Clauses in Vendor Contracts
  • Review Access to Sensitive Data
  • Secure IoT Devices
  • Continually Monitor and Review Cybersecurity
  • Build Secure Software Updates as Part of the Software Development Life Cycle
  • Use Strong Code Integrity Policies To Allow Only Authorized Apps To Run
  • Using client-side protection tools to filter downloaded content, looking for—and stopping—malicious code before it gets installed on a machine on your network.

Want More from TSAROLABS on Cybersecurity?
Contact our team of cyber security experts today at connect@tsarolabs.com.

Accelerate digital transformation with 5G security testing

5G networks are currently deployed across the globe by telecom operators and private enterprises. The 5G network is more complex than the previous generation of networks. With its Enhanced Mobile Broadband (eMBB), Ultra Reliable Low Latency Communications (uRLLC) and Massive IOT capabilities, 5G supports new use cases such as virtual reality, tele surgery, autonomous transport, industry automation and connecting billions of devices.

5G networks are currently deployed across the globe by telecom operators and private enterprises. The 5G network is more complex than the previous generation of networks. With its Enhanced Mobile Broadband (eMBB), Ultra Reliable Low Latency Communications (URLLC), and Massive IoT capabilities, 5G supports new use cases such as virtual reality, telesurgery, autonomous transport, industrial automation, and connecting billions of devices.

5G rollout also comes with numerous security concerns. Virtualization of network functions may lead to vulnerabilities such as denial of service. Software Defined Networks (SDN) are prone to attacks such as control plane threats, forwarding device attacks, API vulnerabilities, fake traffic flows, etc. 5G network attacks may even begin with exploiting the vulnerabilities in previous-generation networks. 5G core uses service-based architecture utilizing microservices deployed in cloud infrastructure. Microservices and the APIs connecting them also can open doors for attacks.

5G security is sufficiently addressed with new security frameworks such as SASE (Secure Access Secure Edge) or Zero Trust Security for the known vulnerabilities. However, with the wide variety of new 5G devices and millions of IoT devices introduced in the market with considerably fewer security features, the attack surface and vulnerabilities are also expanding.

Understanding the business impact of security breaches, simulating security threats, and planning mitigation approaches are vital for successful 5G network operations. The essential first step would be to build a comprehensive threat model to assess the network and applications’ risks and recognize the consequences of not addressing the risks. After formulating a threat model, the next important step in securing a 5G network would be to perform 5G penetration testing. Developing a comprehensive 5G security strategy is integral to the 5G deployment and validation. It must include security analysis and extensive cybersecurity testing across the supply chain, including all layers (i.e., hardware, operating system, applications, APIs, protocols), ensuring baseline security of 5G infrastructure.

Security & Vulnerability Assessment involves scanning 5G network components, devices, and applications.

5G cybersecurity assessment involves

  • Assessment of systems for compliance with regulations and standards
  • Gap analysis to unveil security holes
  • Assessment of insider and external threat
  • Assessment of active defenses and systems hardening
  • Cybersecurity patching

Information Assurance Testing involves the assessment of an organization’s security policies and procedures for operating the 5G network. It is performed using industry best practices and frameworks.
Penetration Testing is focused on the non-radio parts of the network, such as IP, network, and physical security, and tests the resilience of the 5G network security. It involves hacking, testing, and identifying vulnerabilities in networks and applications to secure them from unauthorized access.

Security Compliance Testing involves security evaluation against relevant security standards such as 3GPP Security Assurance Specifications.

Automated Network Testing involves identifying common security issues such as unpatched software, unencrypted links, poor network addressing, etc. This testing is performed using automated network security tools on the 5G network.

Public Key Security Testing involves validating Public Key Infrastructure (PKI) that uses cryptographic public keys linked to a digital certificate to authenticate devices or users. PKI certificates play a vital role in establishing and securing IoT devices, providing a high level of control and enabling large-scale device authentication, integrity, and reliable encryption.

5G security spans applications, network functions, transport layers, and cloud environments. Hence a holistic approach to testing is key to addressing security challenges and requirements. However, many network operators need help to build CI/CD pipelines and automated test suites to conduct comprehensive security testing, requiring 3rd party specialist testing service providers. Tsaro labs is a specialist security testing service provider with domain experts in cybersecurity and telecom network and applications.

Cyber security for drone industries

The Unmanned Aerial Vehicles (UAV) or drones industry has become a vast worldwide technological sensation. The extensive use of drones and UAVs has made UAS very popular for the public and the private sector, like the Agricultural industry, Armed Forces, law enforcement, meteorological agencies, medical services, environmental companies, oil refineries, windmill manufacturers, farm owners, and many more. In the next decade, drones may become a norm in day-to-day life, just as cell phones are a norm today, which they were not only a few years ago. Cybercriminals are already aware of this and always searching for new ways to use drone technology to extract sensitive information and create chaos.

Since drones are remotely controlled, their chances of being hijacked by bad actors are considerable. Major cyber domain threats caused by drone activity are Downlink intercept, GPS spoofing, data exploitation, and many more. Therefore, organizations must also be conscious of the risks and take necessary measures to secure this valuable technology.

How can we mitigate the prevailing threats?

1. Understand The Security Risks To Your Business With A Managed Vulnerability Assessment every six months.

Organizations must identify, quantify and address the security vulnerabilities within their company’s infrastructure, including on-premise and cloud networks.

Securing your platform as you would do with any network device. Some valuable tips are-

  • Update the drone’s firmware and apply a manufacturer’s ppatch.
  • Use strong passwords for the base station application.
  • Use updated anti-virus software for your drone controller device.
  • Subscribe to a VPN service to encrypt your connection.
  • Limit the number of devices that can connect to the base station.
  • Use the “Return to Home” (RTH) mode to ensure drone recovery from a hijack situation.

Counter Drones
Countermeasures should focus primarily on space protection. It is important to be able to detect drones efficiently. Thermal cameras, RF scanners, high-frequency radars, acoustic sensors, and sophisticated machine learning and AI algorithms are used for this purpose. However, drones’ small size and low speed make their detection difficult within a highly cluttered environment.
Other techniques involve geofencing software, which creates a virtual border around an area, prohibiting unauthorized drone flight.

Workforce Training
Workforce training on cyber security is essential to help you better understand, detect, respond and monitor security risks across your business.

Enterprise Resource Planning (ERP) software
Integrating ERP solutions to provide enhanced visibility, integration, agility, and response. It also includes technology that helps maintain and sustain UAVs and other defense assets.

Get a Consultation

Discover the many ways to enhance your organization security posture with TSARO Labs
Select service*