Softcell Technlogies organized a CxO Roundable on Cybercrime Management at the Sahara Star Hotel on the 23rd of June. The event was well attended by CxOs of blue chip corporates including Larsen and Toubro, HDFC Ltd, HDFC Standard Life, Essar Group to name a few..
The event began with a presentation by Dr. Rama Subramaniam, CEO of Valiant Technologies, who is a veteran with over two decades of experience in the Industry. His presentation entitled "Cybercrime - What should Corporate IT Do?" covered the various trends he has seen in this domain from a worldwide perspective. Some insights were that simply throwing technology at Cybercrime does not work beyond a point, and that Cybercrime is now being committed by criminals for financial gain rather than by some teenage hackers who have other motivations. Due a lack of digital forensics solutions that enable corporates to track Cybercrimes to their source, even non-malicious users ("the curious and the ignorant", to quote Dr. Rama) who represent a vast majority of the users do engage in undesirable activities at some point of time. Ambiguity about jurisdiction i.e. if someone from New York hacks a server of an Indian company hosted in Singapore, where do you file a case? also plays a role in this whole scenario, as also the easy availability of hacker tools on the net, at times backed by SLA's! Dr. Rama concluded his presentation by sharing some propositions that CxOs could look at, to examine their applicability in their organizations and their effectiveness to combat Cybercrime.
Dr. Rama's presentation is available here for download:
Cyber Security - What should corporate IT do?
Mr. Sanjay Pandey of I-Sec was the next to take the stage. He covered the IT Act 2000 and its amendment in 2008, with a particular references to those sections that had an impact on Cybercrime. Having a IPS background and having spent time in law enforcement in the Economics Offences Wing of the Police, he was able to share his viewpoint on the applicability and effectiveness of the various provisions in the Act. He was of the opinion that the Act was a good beginning but it was early days yet and there was a long way to go before we reached the goal of having a separate Act for Cybercrime rather than it being a part of the IT Act. He also pointed out that under the current situation, with the IT Act being under the Central List, the State Governments had limited role to play in the whole scenario which resulted in the dilution of the impact of the Act at the implementation level. This is further compounded by the fact that most of the offenses under this Act have been made bailable, when the corresponding offense under the CrPC, would attract more severe penalties.
Mr. Pandey's presentation and paper on the IT Act can be downloaded here:
Implication of IT Act for Corporates
IT Act Paper
The session concluded with a lively round-table discussion moderated by Dr. Rama where Mr. C N Ram, Group CIO of Essar and Mr. Anantha Sayana, Head-Corporate IT of the Larsen and Toubro Group, shared their views along with Mr. Sanjay Pandey. Mr. Sayana put forward an interesting proposition, that more research has to be done to make information more intelligent i.e. it should know where it is supposed to go, rather than putting the onus on the systems to prevent information from going where it is not supposed to. Mr. Pandey pointed out that even with all his limitations, the IT Act was a good starting point to instill discipline in corporates; that gave them a framework to put together a process to address compliance issues. Mr. C N Ram shared his views that security was often given a go by due to convenience reasons or Business reasons. At the same time he pointed out that 'Reputation Risk' is one of the major drivers of Security investment in the industry along with Regulatory Compliance. He gave several examples from the banking and finance industries to buttress his viewpoint. The concluding remarks were on the lines that security needed to move from a reactive to a pro-active mode since many users often seemed to throw caution to the winds when working on the Internet.
To see photos of the event, please click here
For more information on Cybercrime Management please write to info@softcell.in
