As more and more businesses come online, they are involuntarily offering more hacking opportunities to cyber criminals, says Samu Konttinen, president and CEO of F-Secure. F-Secure, a cyber security firm based in Helsinki, has been focusing on the Indian market of late, and it has paid dividends, with half of its clients here
being B2B customers. “India was the fastest growing market in Q4 2016, which makes it an important market for us,” he tells Sudhir Chowdhary in an interview. Excerpts:
What kind of measures should be taken to make initiatives such as Digital India or Smart City safe?
Let us be honest about this; if there is anybody promising you foolproof digital security, then they are lying, because you can’t have that. Everything can be hacked and there is no way anybody can offer 100% security. The problem is, if the attack is targeted at a particular person, company or even a government, the attackers or cyber criminals will wait as long as it takes to hack and eventually get in. Therefore, the idea here is to ensure a kind of cyber security that makes life difficult for cyber criminals.
What steps should be taken by Indian banks to secure the data?
Hackers mostly hack for money and banks are easy targets. In most cases companies try to figure out security once they have been breached, whereas, security needs to be ingrained in the infrastructure right from the beginning. Security should go hand-in-hand with designing and infrastructure of all banking websites, applications and even e-wallets. I say this because there have been many instances where people don’t stop talking about how brilliant a particular website or an app is and that it’s going to change the world. On the contrary, when we inspect the code, we see that while this is brilliant innovation, it is easy to hack.
Similarly, in India when the government is promoting e-commerce and m-commerce installations, security cannot be an afterthought. With rapid digitalisation happening in the country, more and more businesses, which were offline, are coming online. These businesses, which otherwise would have never been on the radar of these hackers, are creating more opportunities for hackers.
India is ranked fairly high on the cyber attack vulnerability index; what are your suggestions to overcome these challenges?
The foremost challenge is security awareness in India. Today, if you are a car manufacturer and you make a car—a crash test is mandatory to get the permits. However, there’s no benchmark for the security industry and it is immature. You have to set your own standards. Whereas the automobile industry had these issues figured out almost 100 years ago!
Tell us about F-Secure’s performance in India.
We have consumers in B2B security and cyber security. As compared to the market, we are growing 2-3 times faster. In fact, India was the fastest growing market in Q4 2016, which makes India an important market for us, as 50% of the customers are B2C and 50% are B2B.
What are the advantages of your new product—F-Secure Radar?
F-Secure Radar addresses a fundamental issue that companies face today. To understand this, let us first consider what a cyber criminal’s course of action would be before hacking. These hackers would first scan the company and check the software it is using; they would check for vulnerabilities like wrong configuration or if it’s an old version, which may have known vulnerabilities. As we know, companies unfortunately are not very good at keeping up with upgrades; a cyber criminal will not have to design a breach and can easily penetrate the company in a matter of seconds.
Radar scans your entire IT environment and tells you which part of the company is using outdated software, which you must patch and which part of the company is using software which is wrongly configured. So we help companies to keep their systems updated. And Radar is a vulnerability scanner.
How can enterprises prepare themselves in order to win the battle against cyber criminals?
A well-planned cyber defence can make life difficult for cyber criminals. That’s because not all cyber criminals are persistent, except for the new bees in the world of hackers.Furthermore, security should be a part of the building process at every stage of the cyber infrastructure. This allows companies to have layers of security, which can alert them at a stage where a breach can be detected before any damage. This allows companies to identify and react faster, because it takes more than 200 days to identify that an attack has happened and the damage is mostly done by then.