Kolkata: The Indian School of Ethical Hacking (ISOEH) is the training wing of ISOAH Data Securities Pvt. Ltd. With several years of experien...
Kolkata: The Indian School of Ethical Hacking (ISOEH) is the training wing of ISOAH Data Securities Pvt. Ltd. With several years of experience in the IT security industry it has been working with governments, law enforcement agencies, and corporate clients. They have felt the lack of well-trained individuals in the IT security industry. This school is an effort to impart in-depth IT security know-how to fresher engineers as well as senior working professionals. At ISOEH, training is imparted by only Ethical Hackers & Penetration Testers, who are associated with the IT security industry over the last 10 years. A conversation with Sandeep Sengupta, lead auditor/tutor, ISOEH, revealed some interesting information about the school and its work
1.
What is ethical hacking vis-a-vis hacking?
Ethical hacking (done by white hat hackers) is a testing
network, software, mobile app and any IT or OT infrastructure for cybersecurity
vulnerability. This happens when the owner or custodians of such organisations
invite an ethical hacker for testing the system, so that they can close the gap
proactively. Bad hackers or unethical hackers or black hat hackers are the group
of techies who hack into the same systems without permission to steal data
which they can then sell to potential buyers in illegal markets on the dark
web. Nowadays, we also have state sponsored hackers from rogue countries who
are trying to steal data from rival countries to weaken their defence
strategies, economy and growth. These hackers take an active role in cyber
warfare, which we assume has already started. World War III will be fought with
keyboard and mouse.
2. Who are the most vulnerable to hacking and why?
Every company, every individual, every PSU. We are under
constant attack. Companies like Air India and Dominos lost their customer data
to hackers. This private and confidential data of Indian citizens are sold in the
black market to marketing companies. As for Air India hack, it might get into
the hands of any terrorist group who will come to know the coordinates and
travel plans of our govt employees, defence personnel, Diplomates, ministers;
who usually travel by Air India. This is not good for national security.
As for PSU, the most vulnerable sector is the power grid,
followed by Banking systems, national stock markets, telecom companies,
logistics companies, railways, etc. We have seen rising attacks on powergrid
all over the world. If a rogue country can take down the power grid
for sufficient time, that will cause significant damage to national
security.
Individually, vulnerable people are senior citizens and kids. Senior citizens
are not tech-savvy. They are finding it difficult to cope up with digital
India. They are the most vulnerable to prevailing scams, bank fraud. etc. The
minor kids, who are on social media, are vulnerable to paedophiles,
cyberbullying, blue whale challenges, etc.
3. Can you
throw some more light on the various ethical hacking workshops held by you for
police, senior citizens, students?
We organised regular workshops for law enforcement agencies like
CID, Kolkata police to make them familiar with the latest cyber security
vulnerabilities, recommendations, fraud detection, and monitoring techniques.
We conducted a 3-month course for CID forensic LAB staff. Also conducted a
2-month cyber security course for sales tax cyber team & also for CRPF
officials. Also conducted cyber security awareness sessions for HIDCO
officials, NKDA, STPI, Nasscom, CII, BCCI, BNCCI, etc.
Accompanied CID team in forensic data
collection for German Case against tech Process Company in Sector 5, on request
from Mr. Sanjay Singh (ADG, CID).
Trained Kolkata Police, Anti-Cyber-crime Cell,
Lalbazaar HQ (21.06.2014)
Trained CRPF high
officials on Ethical Hacking & Digital Forensic
Trained Nepal Police on
Digital Forensic – February 2017
Organized workshop
at US Consulate (Kolkata)
on Identity Theft – 18.03.2016.
Conducted a
cyber-security workshop at STPI on
the eve of Digital India Week – 02.07.2015.
Conducted workshop
at BSNL Kolkata HO on
Information Security – 16.01.2016.
Speaker at CeBIT International conference on
16.02.2015 – topic – IT Security
Speaker at CII Annual Events - ICT East in
August 2014 till August 2019. Topic – Information Security
Speaker at FICCI, Annual Consumer Rights Day,
Kolkata (14.03.2014) – IT Security
Organized workshops on
IT Security at Nasscom –
19.03.2015 & 06.01.2016.
Speaker at ISACA Kolkata Chapter on “Cyber
Security” – 15.11.2014 onwards.
4. What kind of training is imparted in ethical hacking
sessions?
Depends on the background of the person. If the person is BTech
/ BCA / BSc (or equivalent postgrad); we teach him cyber security audit
(penetration testing). If the person is MBA / BBA, we teach him ITGC process
audit or ISO 27001. If the person is CA, Lawyer, police officer; we teach him
Digital Forensics. We have a few short-term 3-month courses, to 1-year diploma,
1.5 years PG Diploma, 3 years BSc Hons Bachelor Degree (UGC approved), 2 years
MSC Degree (UGC approved). We have global certificates on cyber security like
CEH v11 (Certified ethical hacker), CHFI, Licensed Penetration Tester, SOC /
SIEM, etc. We are one of the biggest & oldest cyber security training
institutes in India.
5. How can the common citizen protect himself/herself against
hacking especially now when everything from banking, purchasing, studying, and
consulting doctors has gone online?
They need to follow some basic cyber hygiene.
a) Never share OTP with anyone over the phone call.
b) Never put your password or confidential information on a
website which doesn't start with https (secured site in URL)
c) Never install the software ANYDESK & TeamViewer in mobile
d) Always opt for Cash on Delivery for unknown
ecommerce websites
e) In Facebook & Gmail, go to settings --> Security
--> activate 2 factor authentication (OTP)
f) Check any news from fact checker sites before forwarding
--> https://toolbox.google.
A complete list of do & don't can be found here - https://www.isoeh.com/
6. Some
quick tips on how do we save out mobiles, tablets, laptops, and desktops from
getting hacked
a) Install an antivirus or security tool
b) Do not install unknown apps in mobile
c) if you install an app, do not give permission to SMS (you are
giving permission to OTP)
d) If you have already given permission to OTP, go to settings
--> App permission --> Remove permission from SMS.
e) Use PIN for whatsapp. Lock screen
f) Do not sell your mobile. Using forensic tools all your photos
can be recovered even after deleting them or factory reset.
g) Do not click on unknown whatsapp links or email attachments.
May lead to ransomware.
h) Do not use passwords on http sites. Only https sites to be
trusted.
7. How far is ethical
hacking viable as a career option for our citizens?
India has an acute shortage of ethical hackers. As per Nasscom
survey, India needs 5 lakh cyber security professionals over the coming 5
years. At this moment, we have only 60-70,000 professionals. This has led to
major hacking in Domino, Air India, etc. With more and more ethical hackers,
Indian corporations can protect themselves from cyber crime. And our country
will be better equipped against hackers from foreign countries.
8. Any
message you would like to give to our readers?
There will be no job crunch in the Cyber Security domain.
Fresher students are being offered 2 lakh per month salary. Join BSc Cyber
Security or Digital Forensics Hons course after class XII. Help the
corporations to stay safe. Help India to enhance national security. Earn the
best possible salary and highest respect.
No comments