E2-Labs :

Cyber Safety Week

Cyber Safety Week is a mass awareness campaign to promote safe computing practices, with customized programmes for different groups of computer users.

Cyberspace is the nervous system of infrastructure—the control system of a Nation. Cyberspace comprises millions of interconnected Computers, Servers, Routers, Switches and Fiber optic cables that make the critical Infrastructures work.

Mission of Cyber Safety Week

Promote collaboration among Police, Information Technology Industry, Judiciary, Academia and concerned Citizens.

Facilitate cyber crime investigation training among police officers.

Improve awareness of cyber crime among the people and enhance Information Security in general.

Spread awareness on Information Security.

Draw initiatives to combat leaks in Information Security.

Emphasize how important the growth of information security is for our nation.

Different Types Of Cyber Crime

THREAT	LOSS INCURRED
CYBER TERRORISM Internet can be brought down to its knees Global Economies can topple just with a click of a mouse You don’t need Tanks n Guns to attack & cripple a NATION just few COMPUTERS can do the job in CYBER WARFARE	UNIMAGINABLE
HACKERS & CRACKERS	IMMEASURABLE
VIRUS & WORMS In fiscal 2001, INDIA spent $13.02 billion on its armed forces to keep the Nation safe; in contrast worldwide economic impact of malicious code attacks in 2001 was $13.2 billion	157 to 192 billion $ in 2004 till date due to Bagle, MyDoom, Netsky & SoBig Sources www.mi2g.com
INFORMATION ESPIONAGE Internal Attacks , Disgruntled employees	UNTHINKABLE

& NEW emerging threats ………..

ELECTRONIC FRAUD, SPAM AND IDENTITY THEFT

Why should the police be interested?

Cyber Crime has evolved quite considerably from web page hacking and spoofing email accounts to be a serious criminal business today.

The evolution of the cyber offenders are also worrisome. However, with the large amounts of money being transacted online and with banks, brokerages and markets digitizing their operations, this has changed. Even organised crime has entered Cyber Space in a huge way.

Hence, all police personnel should be at least given the overview of what type of crimes are there in this cyber world.

Today, worldwide the key concerns are Identity Theft and National Security Implications.

Be it physical or cyber, a crime is a crime and it is the duty of the police to protect the people.

Hence, the state police along with some private security companies should fight and free the nation from such horrible crimes .

Why should the judiciary be concerned?

Computer-related crimes are committed across cyber space and do not stop at the conventional state-borders.

It is more difficult to protect individuals' rights in cases of cyber-crime because of complex issues such as the determination of the competent jurisdiction, the law applicable and cross-border enforcement.

There is a clear need to gather reliable evidence on the significance of computer-related crime. There is scope for action both in terms of preventing criminal activity by enhancing the security of information infrastructures and by ensuring that the law enforcement authorities have the appropriate means to act, whilst fully respecting the fundamental rights of individuals.

The public is undoubtedly concerned about their online privacy – and the potential for criminals, private industry, and the government to infringe upon it. But the public is also deeply concerned about their safety and security when using the wondrous resources of the Internet. Enhancing the ability of law enforcement to fight cyber-crime both promotes Internet users’ safety and security and enhances their privacy by deterring and punishing those criminals who violate individual privacy.

Criminalization of computer wrong-doing is prerequisite for combating cyber-crime.

Why should the academics be bothered?

The children and the youth are one of the largest user communities of Technology. The Cyber World is not a very safe place to be in without adequate knowledge of where you want to go.

It is important to make teachers and students aware of the great dangers lurking in cyber space and what they can do to protect themselves.

With the future of information security lying in the hand of the youth there should be special attention paid to this segment for greater awareness and development of their interest in this field.

The internet has become to some people their only source of income and can be misused for negative purposes also. Pornography has become a huge money making business on the internet. Parents should be aware of how to protect their children against this.

Some people in the youth community are very curious to experiment their little knowledge in harmful ways and don’t think, or most of the time don’t know the repercussion to their actions. Educating this segment will help put the fear of the laws concerning cyber crime in them.

Children and young adults are at the highest level of risk to cyber crimes because they can be exploited due to ignorance of such crimes. With awareness of cyber crimes being spreadthrough this program we can bring down the rate at which these crimes are committed.

Why should the Government be interested?

Excessive regulation is the last thing businesses need right now. At the same time, cyber-terrorism is a real and substantial threat to the economy, and trusting that market forces alone will be sufficient to enhance cyber-security invites disaster.

Example, one of the main goals of the Sept. 11 attacks was to disrupt the economy, and computer fraud can be one of the terrorists' top revenue streams.

Governments at all levels should require contractors to have advanced security measures in place. The federal government is the nation's largest consumer. If it steps up its cyber-security requirements, most companies will follow suit. That's what occurred with Y2K issues.

Certainly, new cyber-security and computer security regulations should strive not to harm business. But to draw a laissez-faire, anti-government line in the sand ignores reality and our economic self-interest.

Why should Corporates be interested?

Corporates and companies should also be very interested as this event is really beneficial for everyone. Corporates will benefit such that they have huge networks which has data which is extremely confidential and mission critical, hence, this event will enhance their knowledge on how to make their company more secure.

Few tips on cyber security

Setup an e-security program and always stress on confidentiality, integrity and availability.

Identify the sources of threats to your data from both internal and external sources.

Maintain provisions for the maintenance and upgrades of your systems.

Security policies should be drafted properly and then implemented.

Establish a security awareness program for all users in non-technical terms.

Maintain logs for everything.

User accounts should not be shared. User authorization should be mandatory. Employees

should only be able to see information that they are authorized to see.
Employee user accounts must be disabled or removed when no longer needed.
Ensure network security from external sources by installing firewalls and intrusion
detection systems.
Allow remote access to employees only through secure communication channels like SSL
or VPN
Install antivirus software on all desktops and servers. Buy Anti-Virus software solutions
that allow real time upgrading of systems with anti-virus patches.
Create a data backup and disaster recovery plan in case of unforeseen natural calamities.
Ensure back-up procedures are in place and tested
Ensure back-up procedures include all your critical as well as back office data such as
finance, payroll etc.
Incident response is the ability to identify, evaluate, raise and address negative computer
related security events.
Incase of an incident, do not panic, and continue to save logs.
Incident response - Take a backup of the affected system and notify the authorities.

Logistics Of Cyber Crime

Information Systems Security Survey, a report by CII and PwC, surveyed that about 600

organizations consider security as a high priority area among corporates.

However, over 70% of the organisations have reported security breaches.

About 40% of the companies surveyed have a comprehensive security policy and another 40% are hoping to obtain security certifications within a year.

An overwhelming 84% of all the corporates surveyed propose to increase security spend in ’04.

Enhancing network security is a priority at almost 80% of organisations; however improving application security is considered to be equally important.

Complexity of technology is perceived as a barrier by almost 35% of the organisations. Lack of time was perceived as a barrier by almost 31%, lack of training is barrier by 37% and 19% of the
companies’ surveyed reported lack of qualified staff as barrier to effective security.

However, information security spending in India is still low, though it has been increasing. An overwhelming 85% of corporates include information security as part of their IT budget.

Apart from the usual expenditure on anti-virus applications and firewalls, companies plan to invest in human and process components, including end user awareness, framing a security
policy, security training and hiring qualified security staff.

Security is perceived as very important, with the CEO or the MD determining spend on IS security in 50% of the companies with the IT head.

In less than 20% of the organizations, security spend was determined by the IT manager.