Year: 2022

By Colonel B. S. Nagial (Retd.) On 11 September 2001, terrorism crossed all the boundaries and became faceless yet a lethal weapon after it struck the US. The magnitude of the attack, the targets chosen, planning and infrastructure involved were beyond the imagination of scholars, security analysts and the policy makers. Since then, it has stimulated new national and international endeavours to track the ways and means of terrorist funding to clog them effectively. Nevertheless, evidence on terrorist sustenance edifices is challenging to stumble upon and even if it comes out, it is vague and mostly unreliable. Maybe only the intelligence and security agencies have a specific inkling of the roots and extent of financing terrorism. For example, investigators in the US believe that terrorists had spent about US$5,00,000 to carry out their 9/11 attacks. However, it will likely cost the US at least $100 billion to repair the damage. Terrorist organisations require funds to survive, thrive and carry out terror and violent actions. The financing of terrorism involves the resources of revenue and methods undertaken by terrorist organisations to fund their nefarious activities. The required funds could be generated through permissible sources such as profits from businesses and charitable organisations. But generally, terrorist organisations get the money from illegal resources such as the smuggling of arms, ammunition, logistic stores, drugs, etc. or kidnapping for payoff. Combating the financing of terrorism is an extremely intricate venture which involves multifaceted activities and players. It requires both legislation and ground-level operations involving different agencies. Taking a stride in the direction of combating terrorist financing, the United Nations Office of Drugs and Crime (UNoDC) issued the guidelines through the International Convention for the Suppression of the Financing of Terrorism in 1999. By implementing these conventions, the member nations could develop capacities of criminal justice and law enforcement agencies to investigate, prosecute and adjudicate terror financing. To track the financing of terrorism in India, a Terror Funding and Fake Currency (TFFC) cell has been set up under the supervision of the National Investigation Agency (NIA). It focuses on terror funding as well as fake currency notes. India has also strengthened the provisions enumerated in the Unlawful Activities (Prevention) Act 1967 to combat terror funding. It is the responsibility of all States and Union Territories to prevent the financing terrorist networks. The main aim of persons or entities involved in terror funding is to conceal the sources of money and funding activities. Money laundering is the process of concealment and camouflage of illegal origins and proceeds of criminal activities dealing with money. In both cases, the illicit use of the financial sector is involved. The most disturbing fact is that money laundering equips corruption and organised crime. The techniques used in money laundering and financing terrorism are similar, identical, and somewhat overlapping. Therefore, anti-money-laundering/ countering terror financing must address both these risks. Today, the world is technology driven. Swift developments in financial information, technology, and communication permit money to travel worldwide easily and quickly. This makes the job of anti-money laundering/ combating terror financing more dynamic and challenging. Terrorists frequently change their methods and means of raising and moving funds & other assets to hide their activities from the agencies involved in countering them. Thus, it is imperative to identify correctly, assess and understand the mechanism of funding terrorism. This is very crucial for the disruption and dismantling of terror funding networks. Modus Operandi of terror funding Terrorists need funds to function as an organisation. With the money, they buy arms, ammunition, and other warlike stores. Their sources of funding could be both legal and illegal. Funding generally takes place in small amounts. Terror financing is a worldwide phenomenon threatening the world community’s peace and security and weakening economic development and market stability. Therefore, it is essential to curb the flow of funds to terrorist organisations. Though terrorist organisations and their tactics have evolved, yet the primary requirement of the terrorists to raise, move and utilise funds has not changed over a period. The funds are mobilised in numerous ways, such as exploiting legitimate commercial ventures and natural resources, abuse of non-profit organizations, non-governmental organisations, and crowdfunding sites. Terrorist organisations might also be directly or indirectly associated with organised inimical groups/ people. They might involve them in felonious actions, such as drugs, arms trafficking, human trafficking, blackmailing, and kidnapping for money. Nations are always worried about terrorists’ ill use of the Internet and other emerging technologies to garner and move funds, including through virtual currencies. Tracing measures and scrutiny of financial intelligence provide critical information on terrorist networks and their links with individual terrorists and Foreign Terrorist Fighters. Terrorism in India Terrorism in India could be divided into four major categories as Terrorism in Jammu and Kashmir, Terrorism in the hinterland, Left-Wing Extremism (LWE) and Insurgency in Northeast states of India. Their activities include terrorism, secession, smuggling, production and circulation of Fake Indian Currency Notes, terror funding, etc. According to the accessible intelligence reports, terrorists who are in action in India are frequently reinforced and financed by their parent organisations located outside, predominantly in Pakistan, in the forms of shelter, training, weapons and finance. Countering terror funding and anti-money laundering in India There are four components of the financial market in India – banking companies, financial institutions, the securities sector, and insurance companies. A fully functional Financial Intelligence Unit (FIU) was established in the country in 2006 as a chief national agency in charge of receiving, processing, analysing and disseminating information relating to suspect financial transactions to enforcement agencies and foreign FIUs. It reports directly to the Economic Intelligence Council (EIC) under the Finance Minister of India. The other members of the EIC are heads of all the intelligence agencies, the Governor RBI, and the Chairman of SEBI. Agencies involved in the AML/ CFT system The Ministry of Finance is accountable for fiscal policies in India, including revenue and tax collection, budgeting, and expenditure of the Govt of India. Department of Revenue oversees monitoring…

Amarjeet Singh Manchanda Vice President – Data Centre & Cloud Business, iValue InfoSolutions Majority of the organisations are expanding their network and accelerating their adoption of the cloud. Organisations continue to build new cloud-based applications or migrate current ones. This is because Cloud allows for pervasive, convenient, and on-demand network access to a shared pool of programmable computer resources. According to new Confluera research, the majority of enterprises are speeding up their cloud adoption, with 97 percent of IT leaders admitting that their plan includes expanding cloud installations. In today’s cloud world, the report looks at how IT leaders discover, evaluate, and respond to cybersecurity threats. Although there are numerous advantages of using Cloud, there are also some major concerns. Security is one of the biggest impediments to the adoption of the cloud, followed by concerns about compliance, privacy, and legal challenges. Understanding the Cloud Vulnerabilities Organisations should be aware that the security vulnerabilities associated with cloud migration are constantly evolving. Adopting cloud technology or choosing cloud service providers (CSP)s and applications without understanding the risks involved exposes an organisation to a slew of financial, technical, legal, and compliance risks. Apart from these, it is important that enterprises consider other challenges and risks associated with cloud adoption specific to their processes, systems, data and the ones listed above are far from exhaustive. A company’s cloud journey will be fraught with dangers; all it takes is for them to recognise the risks. The security hazards of cloud computing differ slightly depending on the delivery model, even though most of the hazards apply to all cloud solutions. By taking the time to identify and assess these risks, businesses can ensure that they have the right processes and tools in place to minimise them. Here are five notable threats, risks, and vulnerabilities in cloud environments: Data Breaches & Loss Data breaches are one of the most significant security dangers of cloud computing, with costly ramifications for businesses of all sizes and industries. A data breach may occur when a security breach allows unauthorised access to sensitive information. The other most likely possibility is critical cloud resources would be irreparably corrupted. If you don’t back up your most crucial data, it’s always a possibility that it will be lost. Many significant, high-profile data breaches are caused by preventable cloud security vulnerabilities. A potential Insider Threat Insiders do not have to be malicious to be a security threat. Insiders do not need to break through firewalls, virtual private networks (VPNs), and other security defences as they are on a trusted level, due to which, they can access networks, computer systems, and sensitive data directly. If organisations don’t think carefully about their cloud governance model, their own employees can inadvertently put them at risk. Misconfiguration & Poor Access Management When computing assets are set up incorrectly, they become vulnerable to malevolent activity, which is referred to as misconfiguration. Unsecured data storage elements, excessive permissions, unchanged default credentials and configuration settings, standard security controls left disabled, unencrypted systems, and unrestricted access to ports and services are all examples of misconfiguration. Organisations today are adopting the cloud without a comprehensive plan that integrates their identity access management (IAM) programme with their cloud environment. A Lack of secure cloud architecture and strategy It’s a fallacy to assume that organisations can simply ‘lift and transfer’ their existing internal IT stack and security measures to the cloud. Moving, implementing, and operating in the cloud safely requires the right security architecture and strategy. However, if the cloud-based infrastructure interfaces are not properly secured, this can lead to problems. Insecure Interfaces/ APIs Organisations and clients are frequently provided with a variety of application programming interfaces (APIs) and interfaces by CSPs. These APIs are well-documented in general to make them as easy to use as feasible for CSP clients. If the API is configured incorrectly, it can expose the organisational data to vulnerabilities that will provide anonymous access without authentication which will eventually lead to potential cyberattacks. Factors to consider when choosing Cloud Services Organisations should investigate cloud access and entitlement management systems that enable visibility across all cloud resources as well as uniform enforcement and management of access controls to protect against the security threats of cloud computing. Furthermore, organisations need to consider implementing a cloud governance framework. It is a set of rules and policies that run services in the cloud. The purpose of cloud governance is to improve data security, control risk, and ensure that cloud systems run smoothly. Cloud governance incorporates cloud access and entitlement management into their overall identity management model. Organisations may use their existing identity procedures, workflows, sign-offs, and reporting for their cloud environments by implementing this identity-centric approach to cloud governance, simplifying administration, strengthening security, and facilitating compliance. Some more integration to manage cloud security: Firewalls Firewalls guard the perimeter of a company’s network security as well as its users. Firewalls help keep traffic between cloud-based apps safe. They act as initial shields against potential attacks. Identity and access management (IAM) Enterprises can deploy policy-driven enforcement processes for all users attempting to access both on-premises and cloud-based services using IAM tools and services. Its primary function is to create digital identities for all users so that they may be actively monitored and limited as needed during all data transactions. Data loss prevention (DLP) DLP services provide a range of tools and services that are designed to keep regulated cloud data secure. DLP systems secure all stored data, whether at rest or in motion, using a combination of remediation alerts, data encryption, and other preventative measures. Intrusion Management The advent of virtualisation and enormous multi-tenancy is creating new targets for intrusions, posing many problems about how to implement the same protection in cloud environments. Intrusion management is the process of monitoring and responding to statistically unpredictable events using pattern recognition. This could include real-time reconfiguration of system components to stop or prevent an intrusion. Security Information and Event Management system A SIEM gathers and analyzes data…

Manish Chasta, Co-Founder and CTO at Eventus The journey towards digitalization and cloud solutions that enhance productivity gains, increase agility, and reduce operational costs has rapidly and continuously expanded security vulnerabilities for most businesses. Businesses must supervise their entire IT infrastructure to comply with security requirements in the current digital environment, and Security Operations Center-as-a-Service (SOCaaS) is the most efficient way to do so. Why is SOCaaS Essential As workplaces become more mobile and remote, cybercriminals are ramping up their attempts to access applications, systems, services, and data both on-premise and in the cloud from outside the company network. Today, most businesses have made significant investments in on-premise and cloud security monitoring systems to secure sensitive data, comply with an increasing surface of data protection regulations, and defend intellectual property and other confidential data. However, this has catapulted in an overwhelming volume of security alerts. It is exceedingly difficult for the majority of these companies, particularly the small and medium-sized ones, to probe and evaluate every alert. SOCaaS enables security analysts to make a coherent effort to cover all cyber security risks and centralized threat surveillance abilities. Another significant driver has been the scarcity of cyber security skills, affecting companies of all sizes. SOCaaS enables you to take advantage of SOC resources without having to worry about employing qualified personnel. SOCaaS also allows for rapid capacity expansion at a much-reduced cost than establishing additional capacity in-house. Why Outsource SOC The Security Operations Center is a team consisting of cybersecurity experts and trained engineers, who are dedicated to performing advanced IT security operations. SOC services are aimed at preventing any threats to cybersecurity by early detection and response to any incident of hacking or data breach. It is a subset of cyber security that keeps a detailed real-time awareness of an organization’s assets in order to avoid threats and attacks. Organizations at times may not have the necessary workforce to be dedicatedly working on thwarting cyber attacks, or their current resources may not be enough or may have other areas to take care of, like IT support. To address this issue, Managed Security Services Providers (MSSP) can be employed to uphold your company’s security. Outsourcing SOC can help an organization enable: Reduced Expenditure: Outsourcing your cyber security monitoring to expert professionals means reducing the cost. To begin with, acquiring an employee with the necessary cyber security skill sets is not simple and at times not feasible. Additionally, having an in-house security team would certainly require you to purchase all necessary security solutions, which may be at times, difficult to choose from, and increasing complications. A dedicated SOC partner will be equipped with all the necessary solutions and resources, and will be entirely responsible for the designated tasks, which is the security of your organization. Ceaseless Support: Outsourcing a SOC implies uninterrupted support. An SOC partner will constantly monitor the company network systems round-the-clock, with real-time support, alerts and reporting, a viable way to ensure continuous support and service. They will also run checks for detecting anomalies in the network, mostly looking for preying malwares or breach attempts. Facilitates Greater Efficiency due to Global Visibility: Outsourcing SOC has the greater edge of broadening the scope of security protocols. While an in-house team is constantly monitoring attacks launched against the parent organization, SOCaaS has direct exposure to a wealth of information from numerous customers around the globe. MSSPs gather and supervise threat intelligence from a wide range of sources, providing them with constant insight into major cyber-attacks and evolving cyber-crime methodologies. This data enables cyber security service providers to work more efficiently against cybercrime. Enhances Business Productivity: Security is critical for every organization, requiring time and attention. When there is a security breach, management must divert their attention to the operations of the SOC. This disrupts the business environment in general and distracts employees’ attention away from their primary duties. With an SOC partner taking care of the affairs, both organizations and employees are completely focused on the core business processes without being distracted by security challenges. Bottom-line Going in-house with security measures may not be an ideal tactic in today’s times, when bad actors are miles ahead in terms of technology and resources required to ambush any business today. Keeping that in view, the most appropriate strategy to rising cybersecurity concerns is to outsource an SOC. Go for a partner who is well updated with all security trends, threat detection and incident response tactics, and collaborated with all leading solution providers best available to ensure your cyber network is with the safest hands.  

Alexey Parfentiev, Senior Business Analyst, SearchInform The biggest part of data leaks, which have ever been reported in various mass media sources, happened because of affected organizations employees’ fault. Some of them simply made a mistake, some of them acted deliberately. Let’s find out, what is an insider related risk, what factors cause internal data leaks and how to protect company against them. Who are insiders and how they may affect an organization? When it comes to data leaks, financial organizations are among most vulnerable ones. Despite they are usually protected way better than other companies, still, they always remain the focus of both general public and intruders’ attention. News on the leaks, containing thousands and millions of strings, are published regularly. For instance, Spanish branch’s databases of Zurich insurance company were exposed. They contained 4 million strings of data, retrieved from clients’ insurance policies. Such kinds of data leaks usually occur, because employees forget, that a cybercriminal isn’t necessary a mysterious hacker. Instead, any staff member may turn out to be an intruder. An insider is an employee of any organization, who has an access to confidential data. Confidential data include trade secrets, clients’ and employees’ personal data, payment details, intellectual property. Leaks of such data may result into reputational and financial loses, legal claims. According to SearchInform research, most commonly the following groups of specialists turn out to be culprits of data leaks: client managers (41%), supply managers (20%), accountants and financial officers (22%). Most vulnerable links of an organization are the departments, which employees deal with finance and critical data. Due to the peculiarities of the sphere, in financial industry just about every kind of information is critical and practically each employee is a potential insider. Unintended violations Not all data leaks happen because of malicious actions. Vice versa, usually they occur due to employee’s negligence or lack of knowledge in the sphere of information security. What’s more, they often happen accidentally. For instance, because of one insurance company’s employees’ negligence, copies of valid passports, drivers licenses, handwritten statements and some other documents were thrown away at the dump. All the documents weren’t disposed appropriately. Thus, unscrupulous employees threw away copies of valid documents, and didn’t even bother to burn or to shred them. In case this data had been obtained by intruders, document owners would have become victims of social engineering attacks. Also, there was a chance, that intruders could apply for a microloan using victims’ credentials. The most common mistake, which causes unintended data leaks is data access misconfiguration. For example, due to such misconfiguration, excel tables, containing lists of clients and information about their vehicles, were accessible on the website of one insurance company. It was possible to get access to the tables by inputting any client’s surname on the web site. Another attack vector is phishing or BEC-attack, which may also result into accidental leak of critical data. Phishing is a type of fraud, which main aim is to steal confidential info or to force victim to commit some undesirable actions. To achieve the goals, intruders treat victim in order to gain his or her trust. Usually, this type of attack requires usage of the following instruments: email, fake web sources, phone calls and SMS. BEC-attack Corporate e-correspondence compromising, in particular, with the help of phishing. Occasionally, such attack is divided into a few stages. With the help of phishing cybercriminals manage to obtain account data of a staff member, in order to reach out his or her boss later. Most frequently, attackers are driven by financial interest. However, sometimes they search for confidential data, such as client database or know-how documents. Deliberate leaks Such actions may be caused by plenty of different motives. For instance, insiders steal data in order to gain financial benefit, in such case they sell data to competitors or publish it on the darknet. Employees may be offended because of dismissal or deprivation of the bonus. In revenge, they leak data, revealing some information about the organization. What’s more, an insider can make a copy of data (for instance, copy it on a flash drive or upload to a cloud storage and use later, when he or she will change the company). This risk poses a threat not only to big corporations. Small and middle size companies are equally endangered. Case study An employee of our client, which is a reseller company, decided to resign after her request for promotion was denied. But before she quitted, the woman had uploaded a 900 megabytes archive to a cloud. This archive contained all company’s research data on the local market. The estimated price of the research was US$1,670,000. InfoSec officers prevented the data leak just in time and by the way revealed a fact of falsification of accounting documents. How to protect data against a leak In fact, it’s possible to prevent insiders’ violations, but it’s crucial to understand and follow security regulations. First of all, this task refers to InfoSec and IT-department staff. Other department employees should understand that security requirements, set in an organization, are reasonable. Thus, staff mustn’t neglect the rules. That’s why it’s important to implement organizational measures, aimed at increasing the level of employees’ computer literacy. Full list of measures depends on the specific business-process. However, there are some basic rules. Provide your employees with an educational course on the information security rules The most effective way to prevent accidental leaks is to be critical when dealing with data. So, clarify this idea to your employees. Tell your employees, which kinds of links they mustn’t open and in when it’s better to stop messaging with the email sender immediately. Explicate, what is phishing Tell your staff members, how do intruders use data about the recipient, pretending to be a counterparty in order to gain trust. Set the policy of reliable passwords in your organization. Explain employees, why is it crucial to lock the PC, when they leave their workplace. It’s a good idea to…