SECURITY AUDIT AND COMPLIANCE

Audit your security infrastructure, find and eliminate gaps, and keep fully compliant with prevailing security standards.

Your enterprise infrastructure is continually changing. New technologies and devices are added. Others are phased out. Users with multiple devices come and go. Complexity compounds. In such an environment, cybercrime is a continual threat. Maintaining compliance with mandated information security standards and best practices for your industry can be a challenge.

We provides the consulting services you need to uncover weaknesses in your security posture and to maintain adherence to your industry compliance requirements. We provide security assessment and assurance covering a broad range of solutions, including:

  • Comprehensive information systems audits
  • Detailed risk assessment of IT systems, processes and products
  • Information Security Management Systems (ISMS) audits based ISO 27001 standards
  • Compliance consulting for standards such as Committee of Sponsoring Organizations (COSO), Control Objectives for Information and Related Technologies (COBIT), ISO/IEC 20000 certification for IT service management, and Payment Card Industry Data Security Standard (PCI DSS).

Services

  • Governance, risk management, and compliance
  • Audit and assessment
  • Vulnerability assessment
  • Penetration testing
  • Security maturity assessment
  • Web applications testing
  • Compliance management
  • Architecture review
  • Code review
  • Technology roadmap assessment
  • Strategy consulting
  • Technology implementation

Tools, Processes & Standards

Consulting services follow process standards such as IT Infrastructure Library (ITIL). Dlines is certified as an Indian Computer Emergency Response Team (CERT-In) certified organization for IT security auditing.

Continuous Improvement and Innovation

To keep up with ever-evolving cyber threats, Technology Innovation Center works continuously to improve security processes and solutions. Your company’s benefits from access to our up-to-date knowledge.

The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year.

Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of “large-scale” NotPetya-like cyber attack.

According to a press release published Thursday by the Secret Service of Ukraine (SBU), the next major cyber attack could take place between October 13 and 17 when Ukraine celebrates Defender of Ukraine Day (in Ukrainian: День захисника України, Den’ zakhysnyka Ukrayiny).

Authorities warn the cyber attack can once again be conducted through a malicious software update against state government institutions and private companies.
Out of the top 10 most targeted countries by cyber attackers, India ranks fourth and cybersecurity defenders are facing a lot of threats from these cyber criminals. cyber attacks is an illegal activity and is continuously increasing in India for financial loot.

Cyber Attack is an attempt to destroy or infect computer networks in order to extract or extort money or for other malicious intentions such as procuring necessary information.

cyber attacks alter computer code, data or logic via malicious code resulting in troublesome consequences which can compromise the information or data of the organizations to make it available to cybercriminals. Cyber attacks consist of various attacks which are hacking, D.O.S, Virus Dissemination, Credit Card Fraud, Phishing or Cyber Stalking.

Major and Minor Cyber Attacks in India 2018

SIM Swap Fraud

In August 2018, two men from Navi Mumbai were arrested for cybercrime. They were involved in fraudulent activities concerning money transfers from the bank accounts of numerous individuals by getting their SIM card information through illegal means.

These fraudsters were getting the details of people and were later blocking their SIM Cards with the help of fake documents post which they were carrying out transactions through online banking.

They were accused of transferring 4 crore Indian Rupees effectively from various accounts. They even dared to hack the accounts of a couple of companies.

Prevention: The information required for such a scheme is gathered via various public domains and is misused later. Sharing personal information with unknown applications and domains can help in minimizing the risk of having your personal information reaching people with malicious content.

Fraudsters use the victim’s information in various scams and trick them into fraudulent activities. It is advisable therefore that the site where n individual is entering his banking or other details should be verified for authenticity, as scammer uses the fake site to get the information directly from prospective victims

Cyber Attack on Cosmos Bank

A daring cyber attacks was carried in August 2018 on Cosmos Bank’s Pune branch which saw nearly 94 Crores rupees being siphoned off.

Hackers wiped out money and transferred it to a Hong Kong situated bank by hacking the server of Cosmos Bank. A case was filed by Cosmos bank with Pune cyber cell for the cyber attack. Hackers hacked into the ATM server of the bank and stole details of many visa and rupee debit cards owners.

The Malware attack on the switching system raised numerous wrong messages confirming various demands of payment of visa and rupee debit card internationally. The total transactions were 14,000 in numbers with over 450 cards across 28 countries.

On the national level, it has been done through 400 cards and the transactions involved were 2,800. This was the first malware attack in India against the switching system which broke the communication between the payment gateway and the bank.

Prevention: Hardening of the security systems by limiting its functions and performance only to authorized people can be the way forward.

Any unauthorized access to the network should immediately set an alarm to block all the access to the bank’s network. Also, to minimize risk, enabling a two-factor authentication might help.

Through testing, potential vulnerabilities can be fished out and can make the entire digital part of the banking system safe.

ATM System Hacked in Kolkata

In July 2018 fraudsters hacked into Canara bank ATM servers and wiped off almost 20 lakh rupees from different bank accounts. The number of victims was over 50 and it was believed that they were holding the account details of more than 300 ATM users across India.

The hackers used skimming devices on ATMs to steal the information of debit card holders and made a minimum transaction of INR 10,000 and the maximum of INR 40,000 per account.

On 5 August 2018, two men were arrested in New Delhi who was working with an international gang that uses skimming activities to extract the details of bank account.

Prevention: Enhancement of the security features in ATM and ATM monitoring systems can prevent any misuse of data.

Another way to prevent the fraudulent activity is to minimize the risk of skimming by using lockbox services to receive and transfer money safely.

This uses an encrypted code which is safer than any other payments.

Websites Hacked: Over 22,000 websites were hacked between the months of April 2017 and January 2018. As per the information presented by the Indian Computer Emergency Response Team, over 493 websites were affected by malware propagation including 114 websites run by the government. The attacks were intended to gather information about the services and details of the users in their network.

Prevention: Using a more secure firewall for network and server which can block any unauthorized access from outside the network is perhaps the best idea.

Personal information of individuals is critical for users and cannot be allowed to be taped into by criminals. Thus, monitoring and introducing a proper network including a firewall and security system may help in minimizing the risk of getting hacked.

Security Testing and its Significance

Hackers and criminals are getting smarter every day. Counter measure is to predict their attack and block it in the most effective way possible before any unfortunate events.

In Testing, mostly 4 major types of testing ate performed

  • Network security
  • System software security
  • Client-side application security
  • Server-side application security

Stay ahead of network and information security compliance requirements. Understand the state of your organization’s security. Find and eliminate security gaps. Contact us today to find out more about Security Audit & Compliance Services.

write email us : info@dlines.co.in