2021 VOL. 01 ISSUE 02 A Specialist for Cybersecurity Product Companies
5 T H E
M O S T T R U S T E D
CYBER SECURITY
C O M PA N I E S T O WAT C H
Editor’s Note TOP TECH TRENDS IN THE CYBER SECURITY SPACE
T
he cyber security space has observed a tremendous growth worldwide. With the advent of Covid-19 pandemic, the demand for cyber security services and solutions have skyrocketed given it has become the need of the hour today. As every organization during the lockdown period was made compulsory to push its employees to work from home, cyber security emerged as one of the crucial elements to consider in order to stay safe from data theft and hacking. To safeguard against the threats that have gone digital as well along with the business processes, advanced cyber security solutions have come out as the only reliable option. It has been established that various business process has adapted digitization and so their exposure to various cybercrimes have increased a lot as a result. Hence, it would not be wrong to say that cyber security is going to play a crucial role in the coming days, even after the pandemic is over. With great prospectus ahead, the cyber security space globally has observed some great innovations taking place. Innovation in this space is proving to be the building blocks for what the next generation of cyber security solutions would look like. When we talk about
innovation, we just not mean the new ideas in the cyber security solutions, technological adaptations in the industry also plays a crucial role. Let us take a look at the trending technological advancements that are on its way to revolutionize the cyber security space dynamically: 1. 5G – It is predicted that 5G is going to enhance connectivity and security risks both. The increased adoption of global promotion of 5G technology is going to push businesses in undertaking unsecured infrastructure to keep up with its dynamics. This will result in businesses relying on under-skilled labour to protect it which could trigger various major 5G oriented security threat incidents. The data converging through 5G networks could be like browsing on social media platforms. Harmless, right? One might think so! Yet, it could also mean or contain sensitive information and even critical busines analytics that can be traced and even harnessed unethically. It would not be wrong to say that securing huge amount of continuous information transfers will need substantial efforts in safeguarding large quantity of data flow. 5G is great from a user’s perspective. It dilutes the fact that many people would be able to access huge files across global wireless networks in more areas with low latency and less performance impact. 2. Real-time Detection – It helps in tackling new security threats. Outpacing legacy systems, detection-centric cybersecurity solutions are on the way of becoming new norms and replace
Darshan Parmar Managing Editor
darshan@insightssuccess.com
traditional security processes with detectionfocused tools powered by automated remediation technologies. In detection technology, things that are driving an evolution are emerging threats and a shared security responsibility between cloud service providers and businesses. Cloud service providers are responsible for securing on-premises infrastructure, networking, computing, and other necessities that assists the cloud. On the other hand, customers need to secure everything in the cloud. New threats are introducing investment into detection technologies. Advancements prevailing in social engineering and malware due to machine learning makes it very hard to determine threats as and when they are delivered which complicates the maintenance of threat data as it is continuously evolving. Fortunately, new solutions are coming up to tackle these new challenges and threats. These solutions prioritize visibility, automation, and orchestration to immediately identify and organize the resolution of attacks as they emerge in real time. 3. Unified Cloud Security Platforms – These platforms are enabling a multi-cloud future. All modern businesses are derived virtually and depended on multi-cloud environments. It is said that the virtual business models and their security will move from a management-focused operational focus to factors relying on unified visibility and automation across their concerned clouds. This
particular shared responsibility of security adds a necessity for visibility and detection. Companies are observing an increasing need to consolidate cloud management as they operate hybrid and multi-cloud environments. Unified management and enhanced visibility allow companies to visualize configurations across clouds and networks. This surmounts to easy identification and remediate misconfigurations of networks before they create a ruckus. The cybersecurity space is one of the most continuously discussed and evolving areas in the technology domain. As the protectors of a business, security personnel must comprehensively update their security tools and processes to remain upfront with the threat factors. As organizations welcome the digital transformation and adapt to a globally interconnected world, security must stay a priority. Through this latest edition of Insights Success, we wish to feature organizations that are quite adept in utilizing and adopting these tech-trends in their operations. ‘The 5 Most Trusted Cyber Security Companies to Watch,’ is an edition which will take you on a journey towards the digital security space. So, give it a read and enjoy articles curated by our in-house editorial team.
DarsHP
CONTENT Unravelling Cybersecurity
10
Sacumen A Specialist for Cybersecurity Product Companies
20 ORRTUS TECHNOLOGIES INNOVATING EDUCATION WITH BLOCKCHAIN
CXO
24 CYBER SECURITY INSIGHTS DYNAMICS OF SOCIAL MEDIA & CYBER SECURITY
ARTICLES 16
28
Cyber Law Insights Dynamics of Cyber Laws in Business
Cyber Security Decoded Overview of Indian Cyber Security Space
Editor-in-Chief Sumita Sarkar Managing Editor Darshan Parmar
sales@insightssuccess.com
Assisting Editor Abhishaj Sajeev
JANUARY, 2021
Contributing Writer Aditya Umale
Corporate Offices:
Chief Designer Asha Bange Designing Head Priyanka Rajage Co-designers Deepanjali , Rahul
Operations Head Megha Mishra Business Development Manager Nandan Deshpande
Insights Success Media and Technology Pvt. Ltd. Off. No. 22 & 510, Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: +91 7410079881/ 82/ 83/ 84/ 85 Email: info@insightssuccess.in For Subscription: www.insightssuccess.in
Asst. Manager Ashwini Pahurkar Business Development Lead Tejswini Whaval Sr. Business Development Executive Pravin Yalameli
Technical Head Pratiksha Patil Technical Specialist Amar Sawant
Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com
Digital Marketing Manager Amol Wadekar SME-SMO Executive Atul Dhoran Circulation Manager Tanaji
Cover Price : RS. 150/Follow us on :
www.facebook.com/insightssuccess/
https://twitter.com/insightssuccess
We are also available on Copyright © 2021 Insights Success Media and Technology Pvt. Ltd., All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success Media and Technology Pvt. Ltd. Reprint rights remain solely with Insights Success. Printed and Published by Insights Success Media and Technology Pvt. Ltd. RNI NUMBER: MAHENG/2018/75953
THE
5
MOST TRUSTED
CYBER
SECURITY COMPANIES TO WATCH
Company Name
Management
Brief
Digipeddle Technologies
Gaurav Nikam Founder and CEO
Gaurav has more than five years of professional and entrepreneurial experience in leading Digipeddle Technologies
iTech Ecommerce
Khalid Isar Founder and CEO
Khalid is a keen strategist and responsible for driving iTech Ecommerce's local growth.
Orrtus Technologies
Dr. Samad M Waseem Director
Dr. Samad is leading Orrtus Technologies, an innovative company that envisions to fill gaps in the education and healthcare sectors using blockchain.
Sacumen
Nitesh Sinha, Founder and CEO, Subhashish Lahiri, Director of Product Engineering, Praneeth Kudithipudi Vice President of Sales and Marketing
The trio is leading Sacumen, a company that has been at the forefront of working with Security Product Companies to address their challenges dynamically.
Wattlecorp Cybersecurity Labs LLP
Zuhair E CEO
Founded in 2018, Wattlecorp is one of the leading cybersecurity companies in India.
A Specialist for Cybersecurity Product Companies
P
eople are always finding new ways to hack computers and systems. Cybersecurity threats are increasing daily. This industry vertical, particularly, has kept many people on their toes, as there are always new ways to learn, different innovations to look for, solving dynamic problems of the industry, the crackdown on a new cyber threat, and much more. The industry has urged to satiate its demand for building better security solutions and address various challenges that come with it. The term Connector means a thing that links two or more things together. Security Product Companies have faced a continuous challenge to keep pace in building integrations to newer 3rd party products as well as support the existing integration Connectors. On an average, each Security Product Company needs to build 150-200 Connectors which help to enhance the capabilities of their products. Sacumen has been at the forefront of working with Security Product Companies to address these challenges. Sacumen has built 750+ Connectors in the areas of SIEM, IAM, Ticketing Systems, Incident Response, Cloud Applications, Cloud Monitoring, Threat Intelligence Feed, Endpoint Security, Cloud Storage, DevOps, GRC, Vulnerability Management, Authentication, etc. Sacumen also has 2 Solutions in Connectors space. The first one is called DaaS (Data Collector as a Service) and the second one is CaaS (Connector as a service). Sacumen had witnessed more than 100% growth year on year over the past few years. This growth has further accelerated during the pandemic with Sacumen looking to double its workforce in the next 6 months.
10 | January 2021
Nitesh Sinha Founder and CEO
www.insightssuccess.in
Unravelling Cybersecurity A Global Security Execution Partner The foundation of Sacumen is built on the philosophy of being a niche player in the cybersecurity market and solve critical problems for Security product companies. “Sacumen was born to address the pressing needs of Security Product Companies looking for a trusted, focused and niche Security services partner to help them develop innovative Security Products and solutions so that they can stay ahead of the curve given the ever-evolving security challenges and stay relevant in a competitive market and ever-changing business dynamics and threat landscape.” says the team of Sacumen. “We realized that building and maintaining Third-party integrations or Connectors are so-called ‘necessary evil’ for a security product company to make their product usable and sellable. We decided to solve this problem and have been Laser focussed on our approach. This has helped us build a strong differentiator for ourselves in the market and leading to our exponential growth. All our customers currently are only Cybersecurity product companies!” says Nitesh Sinha, Founder and CEO of Sacumen. The company develops the ‘plumbing’ as Subhashish Lahiri, Director of Product Engineering at Sacumen likes to call it, to ensure that all the security product companies can do not just the defensive approach through analysis but also take an offensive approach in mitigating Threats by building orchestration solutions in real-time. What makes Sacumen a premier cybersecurity company is not only its development skills but also the know-how of how the 3rd party products work and the Use cases of the various categories in Cybersecurity while building these Connectors. One of the key differentiators that Sacumen brings to the table is its partner ecosystem. The company has built more than 165+ partnerships to date. Finally, the company’s undivided focus is the key to help product companies reach the market faster. It is one of the crucial factors that help in extending client satisfaction. “People are looking for what you can do beyond what they ask for. That is where the silver lining lies, I would say,” conveys Praneeth Kudithipudi, Vice President of Sales and Marketing at Sacumen.
www.insightssuccess.in
Subhashish Lahiri Director of Product Engineering
Security is like a ‘Titanic Syndrome’. No one thinks ‘it’ will ever go down, but you never know how close you are to that Iceberg.
January 2021 | 11
Innovation
Team work
LIFE AT SACUMEN
Ownership Fun Impact Connectors
Cyber Security Product Engineering 12 | January 2021
www.insightssuccess.in
Dynamics of Sacumen and the Trio “We want to be known as the Powerhouse for Connectors,” says the Sacumen team. That is the trio’s focus, and they are not going to dwindle from it. Sacumen was founded by Nitesh in 2015 and funded by an angel investor called Clarion Venture Partners. Praneeth joined the company 2 years later to help build Sales & Marketing teams from the ground up. Subhashish joined in 2019 to help strengthen the delivery process and run the core engine of Sacumen effectively which would enable Sacumen to grow much faster and increase customer satisfaction. Nitesh carries more than 18 years of experience in the Cybersecurity space and is a security evangelist. Nitesh drives the company and product vision. Praneeth, with his impeccable experience in growing Sales and understanding of customer requirements, serves as Client Champion to ensure that the desired outcome is met. Subhashish, with his proven experience in Delivery, works on improving delivery processes to ensure that the solutions are delivered with top quality. Trio’s skills and strength complement each other and that is helping Sacumen to go a fast pace of growth. “We don’t like monotonous work, that’s why we like to challenge ourselves every day. Cybersecurity space throws those challenges and that is what makes it an exciting space to be in” states Nitesh. Sacumen team would like to leave a legacy where he and his team builds a world-class services company that is known to solve complex problems in the Cybersecurity space. He describes the five pillars of culture that Sacumen has: 1. Ownership – Everyone owns their tasks. We do not believe in micro-management. We are looking to build leaders. 2. Impact – Impact through Innovation. Challenge the status quo and figure out ways to make things better. 3. Teamwork – Build a workplace where team members support each other and work towards a common goal. 4. Customer Delight – Delight the customer through delivering solutions that enable them to exceed their targets and achieve their goals.
www.insightssuccess.in
Praneeth Kudithipudi Vice President of Sales & Marketing
5. Fairness – Be fair in all our dealings with various stakeholders (employees, investors, clients, vendors). The pandemic has led Sacumen to help clients in strengthening their existing connectors and add value to their product engineering space while supporting them completely. “As a company, Sacumen has grown to 50-60% since mid-March and April and now is on a rising graph,” shares Praneeth. “As we are growing very fast, we are also looking to make our processes robust and scalable to keep delivering Enterprise-scale reliable Connectors for our customers” the trio concludes.
January 2021 | 13
Subscribe Today Stay in touch.
Subscribe to Insightssuccess Get Insightssuccess Magazine in print, & digital on www.insightssuccess.in
www.insightssuccess.in
Cheque should be drawn in favour of : INSIGHTS SUCCESS MEDIA AND TECH PVT. LTD.
CORPORATE OFFICE Insights Success Media and Technology Pvt. Ltd. Off No. 22 & 510, Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017. Phone - India: 020- 7410079881/ 82/ 83/ 84/ 85 USA: 302-319-9947 Email: info@insightssuccess.in For Subscription : www.insightssuccess.in
CYBER LAW INSIGHTS 12 | January 2021 16
www.insightssuccess.in
DYNAMICS OF
CYBER
LAWS
IN
BUSINESS Y
ear 2019, a year before the pandemic was the perfect year when things were going well for the global economy without a speck in the horizon to indicate what was to come next. In this ‘happy year’, unhappiness was brought not by a pandemic of any kind but by cybercrime. As per an independent report, organizations, including those under government rule, and individuals together lost a whopping USD 3.5 billion-plus to cybercrimes. In the US along a mind-numbing 450,000+ complaints were registered with the FBI with respect to cybercrimes If this is any indication, the field of crime in cyber-space is wide open for those who think they can get away with it. Many in fact do get away due to either opaque and unclear laws or
www.insightssuccess.in
the inability of the policing system to bring criminals to book. What has thus been increasingly felt the world over is the need for Cyber Laws in each country, and region which controls and subjugates this menace the moment it rears its head. On why a cyber law for business? Simple. Because in the making of a law, certain pertinent issues get resolved including: - What constitutes a cyber-crime? Crimes could be crimes of passion, those pre-meditated, inadvertent, in the line of a duty and so on. Cybercrime laws for business describe clearly which crimes fall within the ambit of cyber-crimes. Sometimes it may seem like a cyber-crime but, could be outside it is ambit. A clear definition is thus important.
January 2021 | 17
- Who can be designated a cybercriminal? The next thing the law does is to describe in complete details who constitutes a cybercriminal. Over-simplifiers may say that the one who commits a cybercrime is a cybercriminal which could be far from true in cases where one has committed an act inadvertently or done something in good faith but whose results turned out to be criminal as per the law. The person’s age, qualifications, acts, thought process etc all go into defining who could be a cyber-criminal as per law. - Bodies which can sit in judgement and adjudicate. It is finally up to the law to define who or which body sits in adjudication as also detail out those bodies which can contravene the adjudications of the first body, besides quoting the reason for the same. The world of courts and judgements is not as simple and straight as one would want. The reason for the same is that not all judicial bodies are equipped enough to handle cases and come to correct conclusions. There are courts that take care of all manner of complaints and issues; and then there are those that take care of very specific and special kinds of cases, and whose judgement can either be challenged only in specific courts or cannot be challenged at all. - Definitions. Nothing in the world of laws move without a proper and (fairly) clear definition. Cyber laws define each pertinent section and part down to words such that adjudication becomes easy and simple. - Penal provisions. The last and most important section of any law, cyberworld-related or otherwise is the clear definition of penalties in
12 | January 2021 18
the event of contraventions which could include incarcerations, financial penalties, attaching properties and so on.
they do not respond to genuine requests besides causing a crash. Now for some statistics:
Coming back to the same question, why are cyber laws needed for businesses? The internet is a universe where one can hide behind myriad tech inventions and launch attacks on unsuspecting victims for various reasons and outcomes. Of these, businesses are especially vulnerable with the usual forms of cyber-crimes mentioned as follows:
- Bromium and McGuire’s “conservative” estimates about cybercrime earning pegs it at a whopping USD $1.5 trillion in 2018- more than the GDP of Korea and Australia!
- Online abuse and spreading false and fake information, especially on social media with wrong intent to defame an organization or insight violence and hate.
- Sale of personal data on dark-web that find their origins in socialmedia is valued close to USD 630 million every year.
- Hacking into corporate websites and networks and remotely operating them without users knowing about it. - Hacking and pilfering data including prized products and service details that come under intellectual property. - Using ransomware to hijack and shutdown websites and cyberproperties with an intent to blackmail. - Phishing. Using fake email messages to get personal information from internet users or making fake websites to fool browsers into giving personal information. - Other forms of identity thefts (other than phishing) - Denial of service attacks where sites and systems are intentionally flooded with with engineered traffic to overwhelm the former so that
- Cybercrimes that originate on social media generates over USD 3.25 billion revenues every year.
- Records pilfered online thru data breaches in the first 6 months of 2019 is pegged over 4 billion! - A report by Accenture in 2019 about phishing and social engineering mentions that close to 85% organizations have experience the same and that the volume of attacks have gone beyond 15% YOY! The same report quotes the figure of losses due to malware being above USD 2 million in 2018. From the above, it is clear that worldwide, there is an urgent need for cyber laws that have teeth. Technology in the cyberspace moves with the speed of light and needs responses which remain just as fast if not faster. One way could be with the use of AI-based system that with the backing of ML and big-data continually scans the horizon to decipher and pick out patterns and incidents which could indicate to an attack in the making or an imminent attack. - Purushottam
www.insightssuccess.in
Orrtus Technologies Innovating Education with Blockchain
C
ompanies – both established and start-ups – have been using the new and exciting Blochain technology to solve a multitude of issues that plague different sectors. One innovative company that envisions to fill in the gaps in the education and healthcare sectors using blockchain is Orrtus Technologies.
Orrtus Technologies Pvt. Ltd. is a Bengaluru-based software and R&D firm, promoted by leaders present in the international market. Equipped with state-ofthe-art infrastructure and dedicated professionals working around the clock, Orrtus brings you ‘quality of performance’. Orrtus is steadfast and optimally efficient in its operations and the company believes that technology should supplement and extend your business operations, without complexity and costs. The main focus of Orrtus is of utilising the potential of blockchain in projects and go global with the solutions. The current pandemic may have delayed the program, but the team is positive about getting back on track and go global. To gain further insights into the operations and the journey of Orrtus, we conducted an interview with Dr. Samad M Waseem, the Director of Orrtus Tech, who founded the company in the year 2018. So, without further ado, let us dive right into the interview and relish the knowledge we are about to receive. Why did you choose entrepreneurship over a
20 | January 2021
regular 9am-5pm job? It was too monotonous, following the same routine. It has always excited me to explore new challenges and endless opportunities. Tell us more about your company/startup/organization. Our company is mainly focused on education sector. We started with the traditional line of business. Later, we identified the gaps which we are catering to. Our Blockchain and AI solutions are tailored for the industry – to verify the credentials and conduct classes, examinations, and issue validated certificates. What challenges have you faced as an entrepreneur? How did you overcome them to establish yourself and the company? The biggest challenge today being an entrepreneur is that you are on your own till your hard work is proved. It is strenuous for people around you to believe in the concept. For us, we were blessed with a team who is a part of me in my past endeavour who supported me and are still standing by me. Every day comes with a new surprising challenge we go with the flow to identify the source and solve it so that we do not encounter the issue again. How do you lead your company and help it sustain in a competitive environment? We strictly follow the concept of “TEAM-players”. We do not consider any one as a leader or as a worker.
www.insightssuccess.in
3The 5 Most Trusted Cyber Security Companies to Watch
Having everyone involved in our day-to-day routines with minimum in-house competition has led to maximum achievements. We have actually felt the change in the behaviour of our team which is achieving their goals and producing the best of outputs. Personally, I have had experience with few failures before, which has taught us the real lesson which academia did not teach. We do not want to repeat the same mistake we did earlier. What is that one aspect or emotion that drives you at work or keeps you motivated? The thrill to achieve new heights and the feeling of doing what I always want to do. As a business leader, what is your opinion on the current landscape of business, given that the pandemic has been adversely affecting every industry? This Pandemic has made few people and destroyed a lot of people. My opinion would be for people to safe guard themselves as much as possible first. Then in term of business, it’s always safe to look into emerging businesses. Now since the markets are opening, the growth and opportunities are endless. Its like the world is beginning afresh. Social Media is an inseparable part of the daily life of youth. Your thoughts about it and how do you leverage its power for the company?
Dr. Samad M Waseem Director What are your future endeavours/objectives and where do you see yourself in near future? We have plans of venturing into e-commerce, airlines, the opportunities are endless as everything today is moving to traceability, reliability and transparency. So our solution has the edge and can cater to these vacuums
Social media definitely plays a very important part in every business and personal life. Our key strategist has planned and implemented a digital way to reach the institutions and the masses. www.insightssuccess.in
January 2021 | 21
DYNAMICS OF
SOCIALANDMEDIA Cyber Security About the Author – Mr. Gaurav Nikam, Founder and CEO of Digipeddle Technologies Gaurav has more than five years of professional and entrepreneurial experience. He is a professional with demonstrated history of operating in IT and services industry. He has strong business development acumen, and he is skilled in Account Management, Solution selling. Presales and Project Management.
24 | January 2021
www.insightssuccess.in
CYBER SECURITY INSIGHTS
Mr. Gaurav Nikam Founder and CEO
www.insightssuccess.in
January 2021 | 25
A
s a digital media marketing firm, we are heavy user of social media networking sites, they have applications in web-based businesses, interpersonal interactions and can be effectively utilized for advertisements. The online media gives a superior stage to organizations to draw in more clients. With the proliferation of social networking sites and the people connected to it there are many opportunities and threats arising from it. Some organizations developed it as a business opportunity; some of them brought concerns related to the privacy and security of the users. As the development of social media network has brought different advantages, it likewise has brought different security concerns. Some potential risks are as follows: • The assailants can abuse your data very easily. One can easily misuse your identity with the data given on social networking sites. • Some outsiders (third party) applications look for consent from the social media user to get to individual data for all the different games and applications. Every social media user must concede the application or a game and a specific degree of consent only if it is necessary. • Although all the social networking sites have very strong data privacy policies, user must be aware that whenever he posts or communicate something on social media, the data is accessible with the systems administrators. The administrators can save account information even after erasure. • Viruses and malware frequently discover their direction onto user’s PC through those phoney promotions. The assailant can access or take secret information by spreading spam sends and phishing attacks might happen. • User must take into consideration legal issues that can happen if one posts something that is hostile to any individual or network or nation. There are lawful dangers related to it. • It might cause actual security worries for the user, as the outsiders may get to the wandering data of the user by gathering the continuous update on the user's area.
number of assaults has expanded in this district, up 18% to 36.3 million assaults in Q3 2015 as contrasted and a similar timeframe a year ago. Though social media and cyber security may not have seen as having the same roots, but they can complement each other. In essence to make best out of social media the users must be aware about the proper habits to use social media or else one will always have threats from eavesdropper, phishing and scammers and impersonators. And in turn to make more and more awareness about cyber security in all, we have social media as a best mechanism to reach and guide. Amid all this WhatsApp’s new privacy policy talks about sharing the data with their parent Facebook. Some users already have the privacy policy notifications and there are concerns over its new privacy policy, which will be in place from February 2021. The policy is invasive and will hugely compromise user privacy. By sharing most of user’s data with Facebook, WhatsApp will enable Facebook to mine and sell that data. The implications of this are far-reaching. WhatsApp will share all the data it possesses with Facebook and companies such as Instagram, which will be used to target ads effectively. Here is an example that illustrate how this information could potentially be used, WhatsApp can sell data about persons phone battery level to Uber or Ola who can then use this data to charge a higher price for their rides when a person’s battery is dying. Another E.g., WhatsApp knows that a user walks from train station to the office every day at a certain time allowing them to serve that user with advertisements for a coffee shop within the certain radius of that journey. This is the era of Big Data Analytics. Data is the new oil. Data is the power, and it is going to be one of the crucial elements in the fight against data theft and pro cyber security concerns.
Kaspersky Lab's insights uncovered that the fraudsters mirroring Facebook client's records for almost 22% of phishing assaults in 2014. As indicated by Kaspersky Lab, phishing is a significant danger in Russia and Europe as the
26 | January 2021
www.insightssuccess.in
OVERVIEW OF
INDIAN
CYBERS PSECURITY ACE 28 | January 2021
www.insightssuccess.in
Cyber Security Decoded
I
t is not anything new that India is the world’s third-largest economy by purchasing power parity, ahead of even the likes of Japan. With an ambition to double its GDP from the present USD 2.59 trillion, Indian industry is poised to grow at unprecedented speeds. While this is all good for the country and the world, what worries experts is the fact that paralleling this increase in GDP which otherwise spreads cheers, is an equal rise in cyber-crimes and data-security breaches including incidents of ransomware, phishing, and outright data theft. One of the main reasons behind the ease with which people plan Cyber-attacks of any magnitude is the easy availability of quality data from varied sources, refined by the same set of systems and software that we use to make the right decisions. Yes, AI, Big Data, Analytics, NLP, and anything that industry and otherwise use to sharpen their analytical claws to go for the perfect kill, could be used by the dark side to do harm of equal magnitude and extent. Before moving ahead, let us take stock of the likely cyber security issues that may arise in the future, near or otherwise. - Data leaks from non-traditional sources including voice-activated systems. If you think the harmless voiceactivated TV or FM radio is only providing music and entertainment,
www.insightssuccess.in
you could be very wrong. With their numbers growing exponentially, and all manner of verbal communication taking place in offices and homes, it is just a question of time before someone inserts an inconspicuous, innocuous app in the system which listens in on all the conversations and reports the same back to the wrong set of people. With plenty of data of the right kinds, the attacker can, using any AI-backed system engineer an attack whose effects may be humongous though not immediately felt. - IoT-based devices It is nice to know that two devices speak among themselves and are doing away with the irritating, slow and sluggish human interface. Things thus speedup for everyone. Including the villains. All it needs is the one small software leak or bug. With zero or reduced human intervention, the chances of the bug getting caught and crushed reduces, given that the latter also has built-in features to camouflage and deflect identities to fool any attempts to eradicate or minimise their effects. - Misuse of AI to gather accurate information. Technology is a dual-edged sword which in the right hands can do wonders and blunders and bloopers if it goes to the wrong set of people. With the stakes getting higher each
January 2021 | 29
day in the run to get the right set of information, there is no reason that the best systems that the right guys use cannot go to those of thieves and cyber-robbers. - Remote accesses attacks A malicious action by a network on another while not itself being affected in any material ways, it employs weaknesses in the latter network to launch an attack with the intent to steal data, introduce malicious matters including software, and plainly cause damage to the targeted network. Its form include: • Domain Name System (DNS) Poisoning to misguide browsers to malicious websites. • Transmission Control Protocol (TCP) desynchronization: Packets of data get switched with wrong ones for attacker to get into a system. • Denial of Service (DoS) Attacks: Maliciously flooding a network with false requests to leet the latter preoccupied. • Internet Control Message Protocol: Error message systems of computer network gets hijacked by attacker to mount an attack. • Port Scanning: Ports open and close to send and receive data. This process can be used by hijackers to send in malicious matter. - Newer forms of phishing including kitting of sophisticated phishing software: Nothing less than 4 malwares get
30 | January 2021
created every second with the sites remaining alive ONLY for a few hours. This has caused considerable loss of trust in sites with only 65% of URLs thus considered trustworthy these days. This puts enormous burden and restricts genuine businesses from advertising their presence online. This state shall only get worse with newer forms of phishing being available on the more secretive part of the internet, the dark web. Worse, phishing is now a commoditized activity where folks can buy relevant software on the dark web for as low as USD 20 to 50! Entire look-alike websites of famous brands can be made using malicious software which also inform about the best ways of scamming people by cloning payment systems! - Smartphone-based attacks PCs are passe these days when it comes to malicious cyber-attacks because action has shifted to the ubiquitous mobile phone which are the mainstay these days when it is about browsing with over 60% online frauds taking place through mobile phones. Of these, close to 80% are the handiwork of malicious apps and NOT web-based browsers. The latter has its own issues of phishing though most folks still think apps are harmless. Well, they are not. As for the reason behind the newfound love for mobile frauds, it is due to their being far more vulnerable as users these days do financial transactions on the go while being outside the confines of their homes where most firewalls are strongest. With twofactor authentication being the norm, incidences of mobiles being stolen are also on the rise.
According to a report by PWV, India’s cyber security market which in 2019 was worth USD 1.97 billion shall grow to USD 3.05 billion by 2022, a compound annual growth rate (CAGR) of 15.6%—almost one and a half times the global rate. The report further states that the cyber security industry’s growth rates is higher than for services. Factors which contribute to its phenomenal growth include a preference to digitization and consequent data consumption means the field under attack has gone up exponentially which necessitates putting across the latest defending systems at every touchpoint. More interconnectivity between gadgets these days means there are invariable loopholes for cyberattacks and breaches. And lastly, institutional systems within the country while taking cognisance of evolving risks, are forming guidelines and directives for industry to adhere to. An interesting development in the Indian Cyber Security space as per the PWC report is the development and growth of Cyber Security Services at whose core are activities including incident response and security testing services besides security strategies, policy development and security architecture. These are expected to grow at a CAGR of 12 % for over 3 years to with a worth of USD 157 million by 2022. - Purushottam
www.insightssuccess.in