Communication with Cyber Terrorist

Communication with Cyber Terrorist

Direct messaging techniques use “counter narratives” to directly undermine and refute cyber terrorist 

messages, denigrate messengers, or disturb those within violent extremists’ ranks. Such techniques

include refutation, denigration, condemnation, and agitation. These can be effective when targeting

mobilized audiences by creating confusion, distraction, or paranoia among extremists, as well as

preventing the further spread of extremist narratives by embroiling extremist communicators in

defensive argumentation. They can also prevent the ceding of ground to extremists by offering a

competing response and by reducing the incentive to spread extremist ideas by making them appear

less defensible or appealing. There are risks to such messages, however, which include the possibility

of inadvertently bringing attention to extremist narratives, and forcing cyber terrorist communicators to engage on the latter’s terms. Actually changing the minds of mobilized audiences through counter messaging is difficult, however. Adherents to extremist narratives who have acted upon them tend to be strongly

resistant to counter evidence or direct argumentation, according to narrative theory. Direct

confrontation often creates more resistance to change in individuals with deep-rooted beliefs, which

risks further entrenching extremist beliefs. This is especially the case for mobilized audiences consisting of hard-line extremists who have acted upon their beliefs, thus solidifying and further embedding these attitudes. In contrast, radicalized audiences those who agree with the violent extremist narrative but have not yet engaged in supporting activities may be shakier in their beliefs and possibly more open to counter argumentation. In such cases, direct messaging techniques can be employed to trigger enough uncertainty to deter them from mobilizing to violence.

Often, however, indirect messaging techniques may be more effective in changing the minds of radicalized audiences. Indirect techniques use “alternative narratives,” designed to distract from or supplant the adversary’s narrative without directly referencing it and to galvanize non-participatory audiences against it. These narratives work by indirectly destabilizing the credibility and appeal of extremist arguments, rather than directly challenging them through argumentation. Extremist narratives are oversimplified and reductionist, which serves as both a strength and a weakness. While extremist narratives are simple enough to be easily understood and spread, their simplicity makes them brittle and vulnerable to destabilization in the face of additional details, complexities, and alternate explanations that can inspire curiosity and uncertainty among the

adherents. By introducing complexity into extremist narratives, these techniques gradually deflate

their appeal by fracturing the underlying belief system, triggering doubt among radicalized audiences.

However, doubt and curiosity can only grow in the adherent when they aren’t feeling threatened,

according to narrative theory, implying that alternative narratives which aren’t confrontational, but

rather seek to add new information, could be most effective. Government-directed efforts to employ

indirect messaging are difficult, however. Such messaging requires a deep understanding of the culture, as well as credibility with audiences who may be deeply suspicious of the government. As a result, it may require partnering with local messengers and engaging in capacity building to train credible communicators. Such techniques also tend to require continuous, intensive efforts to build relationships, trust, and the necessary nuance to succeed. They are long-term strategies that seek to cause change through a gradual insertion of doubt, and as such, are less useful for crisis communication immediately following an event. Communications with cyber terrorist are most effective when integrated with complementary policy actions that reinforce and extend the messaging themes, but often matching words to actions can be nonviable. At times, the best course of action may even be “strategic silence” when a communication response could exacerbate matters.

Taxation of E-Commerce

The Taxation of E-Commerce will depend on the business model adopted by the Company.Let me try to explain 2 types of E-Commerce transition and taxation for the same.

1.   Business to Customer 
In this type of business model, the E-Commerce Company sells goods directly to customer. In this case Sales Tax is charged on sale of goods. 

How goods taxed and what is Sales Tax?
Sales tax is a tax which is levied on sale of goods, constitution of India empowers state to levy tax on sale or purchase of goods.

Type of Sales

a)    Interstate Sale 

When sale or purchase is made from one state to another it is governed by Central Sales Tax Act 1956, the rate applicable for particular goods will be taxed according. (i.e 1%, 2%, 4%, 12.5%)
 
Note: Industrial inputs are taxed at moderate rate & Luxury goods are usually taxed at higher percent 
 
b)   Intrastate Sale

If buyer and seller are situated in the same state, the taxation will be as per the Local Sales tax as per the state law.( Ex. In Karnataka the tax rates are 1%, 2%, 5.5%, 14.5%)
 
c)    Export Sale

Any export sale made is exempt from Sales tax.
 
Illustration

Suppose a customer orders a goods from Bangalore, and the E-Commerce company is having a place of business in Delhi, one the sale of goods CST is charged as per Central Sale Tax Act 1956( i.e 1%, 2%, 4%, 12.5%) 
 
2.   Customer to Customer 
 
In this case websites doesn't sell goods directly but they bring buyer and seller together and in turn charges commission. This commission in turn is a service fee and service tax has to be collected from the E-commerce company. Hence there is no concept of Sales Tax in this type of transaction.

Electronic Evidence / Digital Evidence Case Laws and Cyber Law in India

Electronic Evidence/Digital Evidence & Cyber Law with case laws in India                                            By Adv. Prashant Mali [MSc.(Computer Science),LLB, LLM], Cyber Law & Cyber Security Expert. Email :prashant.mali@cyberlawconsulting.com

The proliferation of computers and the influence of information technology on society as whole, coupled with the ability to store and amass information in digital form have all necessitated amendments in Indian law, to incorporate the provisions on the appreciation of digital evidence. The Information Technology Act, 2000 and its amendment is based on the United Nations Commission on International Trade Law (UNCITRAL) model Law on Electronic Commerce. The Information Technology (IT) Act 2000, was amended to allow for the admissibility of digital evidence. An amendment to the Indian Evidence Act 1872, the Indian Penal Code 1860 and the Banker's Book Evidence Act 1891 provides the legislative framework for transactions in electronic world. Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial. Before accepting digital evidence it is vital that the determination of its relevance, veracity and authenticity be ascertained by the court and to establish if the fact is hearsay or a copy is preferred to the original. Digital Evidence is “information of probative value that is stored or transmitted in binary form”. Evidence is not only limited to that found on computers but may also extend to include evidence on digital devices such as telecommunication or electronic multimedia devices. The e-EVIDENCE can be found in e-mails, digital photographs, ATM transaction logs, word processing, documents, instant message histories, files saved from accounting programs, spreadsheets, internet browser histories databases, Contents of computer memory, Computer backups, Computer printouts, Global Positioning System tracks, Logs from a hotel’s electronic door locks, Digital video or audio files. Digital Evidence tends to be more voluminous, more difficult to destroy, easily modified, easily duplicated, potentially more expressive and more readily available.

Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums. Computer forensics is also known as digital forensics. The goal of computer forensics is to explain the current state of a digital artifact. The term digital artifact can include: A computer system storage medium (hard disk or CD-ROM) an electronic document (e.g. an email message or JPEG image) or even a sequence of packets moving over a computer network.

The definition of 'evidence' has been amended to include electronic records. The definition of 'documentary evidence' has been amended to include all documents, including electronic records produced for inspection by the court. Section 3 of the Evidence Act, 1872 defines evidence as under: "Evidence" - Evidence means and includes:- 1) all statements which the court permits or requires to be made before it by witnesses, in relation to matters of fact under inquiry; such statements are called oral evidence; 2) all documents including electronic records produced for the inspection of the court. Such documents are called documentary evidence.

The term 'electronic records' has been given the same meaning as that assigned to it under the IT Act. IT Act provides for "data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer-generated microfiche". The definition of 'admission' (Section 17 of the Evidence Act) has been changed to include a statement in oral, documentary or electronic form which suggests an inference to any fact at issue or of relevance. New Section 22-A has been inserted into Evidence Act, to provide for the relevancy of oral evidence regarding the contents of electronic records. It provides that oral admissions regarding the contents of electronic records are not relevant unless the genuineness of the electronic records produced is in question. The definition of 'evidence' has been amended to include electronic records. The definition of 'documentary evidence' has been amended to include all documents, including electronic records produced for inspection by the court. New sections 65-A and 65-B are introduced to the Evidence Act, under the Second Schedule to the IT Act. Section 65-A provides that the contents of electronic records may be proved in accordance with the provisions of Section 65-B. Section 65-B provides that notwithstanding anything contained in the Evidence Act, any information contained in an electronic, is deemed to be a document and is admissible in evidence without further proof of the original's production, provided that the conditions set out in Section 65-B are satisfied. The conditions specified in Section 65-B (2) are:

1. Firstly, the computer output containing the information should have been produced by the computer during the period over which the computer was used regularly to store or process information for the purpose of any activities regularly carried on over that period by the person having lawful control over the use of the computer.
2. The second requirement is that it must be shown that during the said period the information of the kind contained in electronic record or of the kind from which the information contained is derived was 'regularly fed into the computer in the ordinary course of the said activity'.
3. A third requirement is that during the material part of the said period, the computer was operating properly and that even if it was not operating properly for some time that break did not affect either the record or the accuracy of its contents.
4. The fourth requirement is that the information contained in the record should be a reproduction or derived from the information fed into the computer in the ordinary course of the said activity.

Under Section 65-B(4) the certificate which identifies the electronic record containing the statement and describes the manner in which it was produced giving the particulars of the device involved in the production of that record and deals with the conditions mentioned in Section 65-B(2) and is signed by a person occupying a responsible official position in relation to the operation of the relevant device 'shall be evidence of any matter stated in the certificate’.

Section 65-B(1) states that if any information contained in an electronic record produced from a computer (known as computer output) has been copied on to a optical or magnetic media, then such electronic record that has been copied 'shall be deemed to be also a document' subject to conditions set out in Section 65-B(2) being satisfied. Both in relation to the information as well as the computer in question such document 'shall be admissible in any proceedings when further proof or production of the original as evidence of any contents of the original or of any fact stated therein of which direct evidence would be admissible.'

ELECTRONIC EVIDENCE - CASE LAW

1. Ignatius Topy Pereira Vs. Travel Corporation (India) Pvt. Ltd and another, 2016 SCC Online Bom 97 (Hon. Shri Justice S.B. Shukre). Fresh Certificate S.65B, Evidence Act: If the certificate under S.65B, Evidence Act which was produced was rejected as not compliance with the Section, fresh certificate may be produced.
   
   
2. Rajesh Dhannalal Daware Vs. State of Maharashtra {Bombay High Court, 5 May 2016}Evidence Act, 1872 - Section 65-B - Footage of CCTV Camera - Under S. 65B(4) if it is desired to give a statement in any proceedings pertaining to an electronic record, it is permissible provided the following conditions are satisfied: (a) There must be a certificate which identifies the electronic record containing the statement; (b) The certificate must describe the manner in which the electronic record was produced; (c) The certificate must furnish the particulars of the device involved in the production of that record; (d) The certificate must deal with the applicable conditions mentioned under Section 65B(2) of the Evidence Act; and (e) The certificate must be signed by a person occupying a responsible official position in relation to the operation of the relevant device.
3. Raj Kumar v. State, CRL.A. 232/16, 19.4.16 DHC
   S.65-B of Evidence Act, 1872: Mobile Phone- Since the mobile phone of witness (containing the photograph) itself was produced in the Court and exhibited, there was no need of a certificate under Section 65-B Indian Evidence Act- The evidence is admissible. 
4. Amitabh Bagchi Vs. Ena Bagchi (AIR 2005 Cal 11) [Sections 65-A and 65-B of Evidence Act, 1872 were analyzed.] The court held that the physical presence of person in Court may not be required for purpose of adducing evidence and the same can be done through medium like video conferencing. Sections 65-A and 65-B provide provisions for evidences relating to electronic records and admissibility of electronic records, and that definition of electronic records includes video conferencing.
5. State of Maharashtra vs. Dr Praful B Desai (AIR 2003 SC 2053) [The question involved whether a witness can be examined by means of a video conference.] The Supreme Court observed that video conferencing is an advancement of science and technology which permits seeing, hearing and talking with someone who is not physically present with the same facility and ease as if they were physically present. The legal requirement for the presence of the witness does not mean actual physical presence. The court allowed the examination of a witness through video conferencing and concluded that there is no reason why the examination of a witness by video conferencing should not be an essential part of electronic evidence.
6. BODALA MURALI KRISHNA VS. SMT. BODALA PRATHIMA (2007 (2) ALD 72) The court held that, “…the amendments carried to the Evidence Act by introduction of Sections 65-A and 65-B are in relation to the electronic record. Sections 67-A and 73-A were introduced as regards proof and verification of digital signatures. As regards presumption to be drawn about such records, Sections 85-A, 85-B, 85-C, 88-A and 90-A were added. These provisions are referred only to demonstrate that the emphasis, at present, is to recognize the electronic records and digital signatures, as admissible pieces of evidence.”
7. DHARAMBIR Vs. CENTRAL BUREAU OF INVESTIGATION (148 (2008) DLT 289).The court arrived at the conclusion that when Section 65-B talks of an electronic record produced by a computer referred to as the computer output) it would also include a hard disc in which information was stored or was earlier stored or continues to be stored. It distinguished as there being two levels of an electronic record. One is the hard disc which once used itself becomes an electronic record in relation to the information regarding the changes the hard disc has been subject to and which information is retrievable from the hard disc by using a software program. The other level of electronic record is the active accessible information recorded in the hard disc in the form of a text file, or sound file or a video file etc. Such information that is accessible can be converted or copied as such to another magnetic or electronic device like a CD, pen drive etc. Even a blank hard disc which contains no information but was once used for recording information can also be copied by producing a cloned had or a mirror image.
8. STATE (NCT OF DELHI) Vs. NAVJOT SANDHU (AIR 2005 SC 3820) There was an appeal against conviction following the attack on Parliament on December 13 2001. This case dealt with the proof and admissibility of mobile telephone call records. While considering the appeal against the accused for attacking Parliament, a submission was made on behalf of the accused that no reliance could be placed on the mobile telephone call records, because the prosecution had failed to produce the relevant certificate under Section 65-B(4) of the Evidence Act. The Supreme Court concluded that a cross-examination of the competent witness acquainted with the functioning of the computer during the relevant time and the manner in which the printouts of the call records were taken was sufficient to prove the call records.
9. JAGJIT SINGH Vs. STATE OF HARYANA ((2006) 11 SCC 1) The speaker of the Legislative Assembly of the State of Haryana disqualified a member for defection. When hearing the matter, the Supreme Court considered the digital evidence in the form of interview transcripts from the Zee News television channel, the Aaj Tak television channel and the Haryana News of Punjab Today television channel. The court determined that the electronic evidence placed on record was admissible and upheld the reliance placed by the speaker on the recorded interview when reaching the conclusion that the voices recorded on the CD were those of the persons taking action. The Supreme Court found no infirmity in the speaker's reliance on the digital evidence and the conclusions reached by him. The comments in this case indicate a trend emerging in Indian courts: judges are beginning to recognize and appreciate the importance of digital evidence in legal proceedings.
10. TWENTIETH CENTURY FOX FILM CORPORATION Vs. NRI FILM PRODUCTION ASSOCIATES (P) LTD. (AIR 2003 KANT 148) In this case certain conditions have been laid down for video-recording of evidence:

• Before a witness is examined in terms of the Audio-Video Link, witness is to file an affidavit or an undertaking duly verified before a notary or a Judge that the person who is shown as the witness is the same person as who is going to depose on the screen. A copy is to be made available to the other side. (Identification Affidavit).
• The person who examines the witness on the screen is also to file an affidavit/undertaking before examining the witness with a copy to the other side with regard to identification.
• The witness has to be examined during working hours of Indian Courts. Oath is to be administered through the media.
• The witness should not plead any inconvenience on account of time different between India and USA.
• Before examination of the witness, a set of plaint, written statement and other documents must be sent to the witness so that the witness has acquaintance with the documents and an acknowledgement is to be filed before the Court in this regard.
• Learned Judge is to record such remarks as is material regarding the demur of the witness while on the screen.
• Learned Judge must note the objections raised during recording of witness and to decide the same at the time of arguments.
• After recording the evidence, the same is to be sent to the witness and his signature is to be obtained in the presence of a Notary Public and thereafter it forms part of the record of the suit proceedings.
• The visual is to be recorded and the record would be at both ends. The witness also is to be alone at the time of visual conference and notary is to certificate to this effect.
• The learned Judge may also impose such other conditions as are necessary in a given set of facts.
• The expenses and the arrangements are to be borne by the applicant who wants this facility. 

9.  ANVAR P.V. VERSUS, P.K. BASHEER AND OTHERS, in CIVIL APPEAL NO. 4226 OF 2012 decided on Sept., 18, 2014, That Computer Output is not admissible without Compliance of 65B,EA overrules the judgment laid down in the State (NCT of Delhi) v. Navjot Sandhu alias Afzal Guru[(2005) 11 SCC 600 by the two judge Bench of the Supreme Court. The court specifically observed that the Judgment of Navjot Sandhu supra, to the extent, the statement of the law on admissibility of electronic evidence pertaining to electronic record of this court, does not lay down correct position and is required to be overruled. This judgment has put to rest the controversies arising from the various conflicting judgments and thereby provided a guideline regarding the practices being followed in the various High Courts and the Trial Court as to the admissibility of the Electronic Evidences. The legal interpretation by the court of the following Sections 22A, 45A, 59, 65A & 65B of the Evidence Act has confirmed that the stored data in CD/DVD/Pen Drive is not admissible without a certificate u/s 65 B(4) of Evidence Act and further clarified that in absence of such a certificate, the oral evidence to prove existence of such electronic evidence and the expert view under section 45A Evidence Act cannot be availed to prove authenticity thereof.

In the Judgment, the Hon’ble Supreme Court has held that Section 65B of the Evidence Act being a ‘not obstante clause’ would override the general law on secondary evidence under Section 63 and 65 of the Evidence Act. The section 63 and section 65 of the Evidence Act have no application to the secondary evidence of the electronic evidence and same shall be wholly governed by the Section 65A and 65B of the Evidence Act.

The only alternative to prove the electronic record/evidence is by producing the original electronic media as Primary Evidence to the court or it’s copy by way secondary evidence u/s 65A/65B of Evidence Act. Thus, in the case of CD, VCD, chip, etc., the same shall be accompanied by the certificate in terms of Section 65B obtained at the time of taking the document, without which, the secondary evidence pertaining to that electronic record, is inadmissible. In the present case, the court observed that:

“The appellant admittedly has not produced any certificate in terms of Section 65B in respect of the CDs, Exhibits-P4, P8, P9, P10, P12, P13, P15, P20 and P22. Therefore, the same cannot be admitted in evidence. Thus, the whole case set up regarding the corrupt practice using songs, announcements and speeches fall to the ground.”

This judgment will have severe implications in all the cases where the prosecution relies heavily on the electronic data specially those cases where the audio-video recordings are produced in the form of CD/DVD before the court. The anticorruption cases are generally based on a lot of electronic / digital evidence and the CD/DVD forwarded to the courts are without a certificate and shall therefore not be admissible as evidence u/s 65B Evidence Act, which makes it mandatory to produce a certificate u/s 65 B(4). The failure to provide the certificate u/s 65 B(4). further occludes the judicial process as the expert view in that matter cannot be availed of till the preceding condition is fulfilled. It has been specified in the judgment that Genuineness, Veracity or Reliability of the evidence is looked into by the court subsequently only after the relevance and admissibility is fulfilled. The requirement to ensure the source and authenticity, pertaining to electronic records is because it is more vulnerable to tampering, alteration, transposition, excision, etc. without such safeguards, the whole trial based on proof of electronic records can lead to mockery of justice.

The original recording in Digital Voice Recorders/mobile phones need to be preserved as they may get destroyed, in such a case the issuance of certificate under section 65B(4) of the Evidence Act cannot be given. Therefore such CD/DVD is inadmissible and cannot be exhibited as evidence, the oral testimony or expert opinion is also barred and the recording/data in the CD/DVD’s do not serve any purpose for the conviction.

CONCLUSION: The progression of the Indian evidence law is apparent as it has withstood the pressures and challenges of technology and the cyber world. The appropriate amendments in Evidence Law, incorporated by our judiciary show pro-activism. In my opinion the law enforcement agencies and investigating officers have to update themselves about the authentication process prescribed by the court regarding the admissibility of electronic/digital evidences so that impediments in trial procedures can be successfully overcome. Proper training of law enforcement agencies in handling cyber related evidence and correct application of procedure and sections of Evidence Law while presenting such evidence in court is the primary need of recent times. Common man in the role of a complainant should be now aware that while submitting evidence to police or courts, he should submit it with a certificate under section 65B(4) of The Indian Evidence Act so the court takes cognizance and reads it as a primary evidence.

Landmark 6 cases won by Advocate Prashant Mali of Online Banking Fraud and Credit card frauds

Mobile Phone SIM Swap or SIM Exchange fraud and how to protect your selves?

Mobile Phone SIM Swap or SIM Exchange fraud and how to protect your selves? By Prashant Mali

I have clients who have lost Rs. 1,25 Crores to Rs. 30,000/- in SIM Exchange/Swap fraud and mind it no one was computer illiterate. As the name suggests, someone may buy a new SIM from the same network provider and start to operate all your banking transactions. The bank will not differentiate between you and the fraudster. Because the account is operating from the same number. Even mobile operator are also unable to track such frauds and sometimes abet the crime by faulty KYC Checking.

Let us see each step one by one.

1) Fraudsters gather your information-The first step they do is to gather your personal information. Usually, they try to access your personal information by way of phishing, Vishing, Smishing or any through the Trojans / Malware. They try to gather your banking details.

2) Fraudsters visit mobile operator to block your SIM-They approach mobile operator with genuine customer fake ID proof and request operator to block the SIM. They provide the reason as loss of handset or SIM damage.

3) Issuance of new SIM to fraudster-After due verification, a mobile operator issues a new SIM with the same number to a fraudster. Because even for a mobile operator it is hard to find a genuine customer. They issue the duplicate SIM to a fraudster. Once this new duplicate SIM is issued, then the genuine customer mobile phone will be without a network. Therefore, a genuine customer stopped to receive the SMS alerts on the phone.

4) Fraudster accesses your bank account with new SIM-Fraudster then initiates financial transactions (from the banking details which he has already stolen) by generating a one-time password (OTP). This new password will be sent to the fraudster’s new SIM but not to a genuine customer. Hence, a genuine customer kept in dark.

How the fraudsters get bank details?

SIM swapping/exchange is usually phase two of a fraud attack. Initially, they send a phishing email (or other similar phishing attempts) to get all your banking details. These details can also be stolen using Trojans/Malware. They also work towards getting the victim’s personal information and may even go as far as stealing identity and creating fraudulent ID documents. In order to use all of this gathered information, they need access to the victim's mobile messages – hence the SIM swap. In some countries, notably India and Nigeria the fraudster will have to convince the victim to approve the SIM swap by pressing some keys.

Once this happens the victim's phone will lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows the fraudster to intercept any one-time passwords sent via SMS or telephone calls sent to the victim; and thus to circumvent any security features of accounts (be they bank accounts, social media accounts etc.) that rely on SMS or telephone calls.

How to protect from such frauds?

If your phone is out of network continuously for a few hours specifically on weekends, then you have to take it seriously and be alert and complain the same to a mobile operator.

Never switch off your mobile for long periods to avoid unwanted calls. Instead, try not to pick them. Otherwise, activate DND (Do Not Disturb) facility for your SIM.

Regularly check your bank account statement.

Register for both email as well as SMS alerts.

Do not share your 20 digits SIM number mentioned on the back of your SIM with anyone

Do not display your mobile number on social media websites.

Advocate Prashant Mali handles these kinds of cases and is instrumental to win many cases against banks and telecom operators . 

Awards & Recognition Won by Prashant Mali in 2014

Cyber Security: Build a Culture of Prevention in Your Organisation

Cyber Security:  Build a Culture of Prevention in Your Organisation

Prashant Mali, 

Cyber Security Policy & Law Expert - India

“You cannot buy the revolution. You cannot make the revolution. You can only be the revolution. It is in your spirit, or it is nowhere.” 
― Ursula K. Le Guin, The Dispossessed

Today all organization’s need “Cyber Security Revolution”  i.e they need to bring in culture of cyber security within their organization. A strong cyber security culture is both a mindset and mode of operation. One that’s integrated into day-to-day thinking and decision-making can make for a near-impenetrable operation. Conversely, a security culture that’s absent will facilitate uncertainty and, ultimately, lead to security incidents that you likely can’t afford to take on. This is also brings us to have Cyber Insurance as part of the organisations culture.

What is a organizations cyber security culture?

An organisation's cyber security culture is the styles, approaches and values that it wishes to adopt towards cyber security.

The lack of robust security protocols and standards for data exchange between enterprise systems, devices and personal/home devices can put organizations at increased risk and exposure. However, by employing a comprehensive threat intelligence strategy, organizations can more effectively, proactively and sustainably defend against threat adversaries. The development of policies, procedures and training can further prevent attacks and raise user awareness to be mindful of clicking links, executing files or sharing account information. “When building cyber security capabilities, a Chief Security Officer must be able to identify data in an organizational environment, know the systems, devices and networks on which they are located, and build a security profile around them that addresses potential vulnerabilities,”

A strong cyber defense strategy should address how to prepare and monitor attacks, respond and ultimately recover from breaches. At a minimum, security architecture should be able to stall adversarial efforts, thwart attacks at each phase and facilitate a rapid response. Today, there are several cyber security frameworks that organizations may use as guidelines - such as ISO, COBIT and NIST - to develop security architecture. By overlaying these with counter-responses to the tactics, techniques and procedures that a threat adversary may employ, CISO’s can develop a robust defensive infrastructure. 

Many of these defensive strategies can be broadly characterised into the following three classifications:

1. Mitigate threats before they enter a network by having the basic controls in place -such as ensuring that operating systems and anti-malware, web filtering and antivirus software on servers and endpoints are updated and patched to reduce the risk of vulnerabilities and infections. At a primary level, preventive measures can be employed by implementing layers of firewall technology to stop known attacks. At a secondary level, the potential damage of a breach can be mitigated through automated alerts and notifications that quickly activate appropriate response measures according to security protocols. By training employees and building a culture of cyber security from top management to workers on ground, many breaches can be prevented upstream through user awareness of potentially malicious links, emails, websites, advertisements and files. As Kevin Mitnick notes in his book, The Art of Deception: Controlling the Human Element of Security, these technological methods of protecting information may be effective in their respective ways; however, many losses are not caused by a lack of technology or faulty technology but rather by users of technology and faulty human behavior. It stands to reason then that people not only can be part of the problem, but also they can and should be part of the solution.

2. Discover threats that have entered or tried to enter systems. No organization can prevent every cyberattack, but it is important to build a response system that can alert your security staff, rapidly identify a breach and its scope, and notify other enforcement points so that a breach can be contained without extensive collateral damage. Depending on the adversary, an organization may be better served by disrupting and throttling an attack rather than responding with a knee-jerk reaction that tips off an adversary to engage in additional attacks.

3. Respond to any threats that have breached the network. In addition to deploying sandbox appliances which can test and detect novel threats, it may be recommended for some organizations to deploy internal network firewalls and mitigate an attack once a network has already been breached. Depending on the extent to which data is stored on internal or external servers, organizations may need to develop coordinated responses to a breach with other entities.

The risk of cyber attacks is no longer limited to the IT desk, it is a key business issue that must be addressed by the Board. No organization can be completely immune from cyber attacks and adversaries. However, they can take appropriate measures to erect defenses and integrate cyber security into the business environment and culture. Management buy-in, establishing policies and updating them regularly, identifying and communicating the security awareness goals and message clearly and often, and performing assessments are crucial to a successful cyber security awareness program. By implementing some of these changes, organizations can achieve higher levels of cyber security awareness maturity and benefit from a stronger cyber security culture.