In recent months, two major cyber security breaches have come to light. One, the website of the Indian Space Agency’s commercial arm, Antrix Corporation, was hacked. The hackers succeeded in defacing the homepage with an article about 300 kids from Cape Town getting American Major League jerseys at cheap prices from China. And, second, the Oil and Natural Gas Corporation Ltd (ONGC) is alleged to have lost R197 crore after cyber criminals duplicated the public sector firm’s official e-mail address with minor changes and used it to convince a Saudi Arabia-based client, Aramco, to transfer payments to their account.
Both of these incidents are a grim reminder to the government as well as businesses that a lot needs to be done when it comes to cyber security in the country. With government embarking on the creation of digital highway and building of smart cities, cyber vulnerabilities need to be reduced and ensured that hackers are unable to use same digital highway and smart platform to steal vital information.
“Even as a security provider, I won’t say that breach is impossible and all the attacks could be prevented but it is important to ensure that alarm bells must ring, when somebody is trying to breach or steal the data. India is already a dominating IT power, both the Digital India and the Smart Cities initiatives have the potential to project India as a role model for ensuring security of critical infrastructure but for that, India will have to embed security measures at every stage of these projects,” Raimund Genes, chief technology officer, Trend Micro told FE, adding that government should come out with a basic security standard for devices. “If any company does not comply with the standards, it should not be allowed to do business, something which already exists in Europe.”
One of the other areas that the country needs to address is under reporting of cyber security incidents.
Unfortunately, the under reporting of cyber security incidents is a norm these days. Companies do not report about cyber breaches, because they feel that they may not get a conducive response from governmental agencies. They also fear that if they report a security breach, the reputation of their company might take a hit. Also, currently it is not mandatory for companies to report the breaches in India. “This needs to be changed if you really want to secure the cyber frontier of the Digital India and Smart Cities,” said Genes, adding that one of the key missed opportunities for the world have been that there is no post breach analysis of Ashley Madison and Sony data breaches. Companies should report at least to the concerned authorities of such breaches. Also, that should come under the global breach notification law.
Understanding the augmented demand for cyber security solution that may come from an integrated digital footprint created by Digital India and Smart Cities, companies such as Trend Micro are gearing up to play its role. “We are an early adopter and always analyse the market to invest,” he said. The Tokyo, Japan, headquartered security software company already has substantial presence in India. Its R&D centre in Bangalore with ‘Deep Security Platform’ has delivered automated and highly scalable cloud security for data centres. The company is also mulling to work with some of startups. “We will help Indian startups and if they need additional research, we are ready to collaborate,” Genes said.
Globally, security companies are witnessing subdued demand for anti-virus solutions, leading to enhance focus on enterprise market. Same is the story in India. Trend Micro which recently acquired HP TippingPoint to strengthen its enterprise security offerings is also increasing its focus on Indian enterprise and government segments. “We were focusing on the enterprise market since the inception. We had developed the gateway protection first in 1996 and the server base cyber protection in 1993 which was licensed to Intel. Most of ourrevenue comes from enterprise segment,” he said, adding that most of the security companies are seeing a decline in consumer market for anti-virus
because the market is small. Even for other players like Kaspersky Lab and Symantec, the antivirus market is smaller and it depends on the PC sales, which are declining, as now people prefer to use mobile devices like tablet and smartphone.