View from India: Close-up on cyber security
India’s demonetisation policy is driving an upsurge of investment in cyber security. As people switch from cash to digital transactions there’s a realisation that everything from ATMs to mobile wallets could come under cyber attack.
Fear looms large and investment in cyber-security solutions is more visible than before. Notwithstanding that, IT firms already face security challenges related to unmanaged and unregulated IT assets usage, procurement and maintenance. Poor knowledge about cyber hygiene and hence a lack of timeliness in monitoring, detecting and removing cyber threats are other recurring factors.
Other sectors that are prone to these threats include healthcare, financial services, manufacturing, transportation and government.
CtrlS Datacenters invests in security practice as part of its planned spending in technology and global expansion. “We have collaborations in the areas of security threat intelligence including network security, endpoint security, security vulnerability management, identity access and management, web security. Sridhar Pinnapureddy, the company’s founder and CEO, says: “We have deployed world-class firewalls, UTM/IDS/IPS, security gateways for web and email traffic besides security information and event management (SIEM) technologies and distributed denial of service (DDoS) mitigation technologies.”
An Indian multinational with headquarters in Hyderabad, CtrlS Datacenters is APAC’s largest Tier 4 provider of data center and managed services – promoted by Pioneer Group and $39bn OCH ZIFF capital.
“We have large enterprises that are already leveraging our managed security services and are witnessing keen willingness to adopt our services portfolio,” adds Pinnapureddy. “In fact, according to Gartner, the managed security services market was estimated at $15.9bn in 2016 and likely to grow at a CAGR of 12 per cent until 2020 and hence we are bullish about the revenue growth in the security practice.”
CtrlS has a 24/7 security operations centre (SOC) manned by security experts keeping an eagle eye on threats, and plan the prevention through proactive processes. The SOC meets the necessary legal and regulatory requirements for security monitoring, incident response management and threat and vulnerability management through robust processes.
On its part, Microsoft India has launched its first full-scale Cybersecurity Engagement Centre (CSEC) in the country after a successful year-long pilot. According to a press release issued in December 2016, this Delhi-based first-of-its-kind centre in India will bring together Microsoft capabilities to foster deeper cyber-security collaborations with public and private sector organisations and build a trusted and secure computing environment, a critical enabler for India's digital transformation.
“India stands at an exciting threshold today as we embrace the power of mobile and cloud computing. Data is becoming the driver of growth and innovation across every sector and will catalyse the fourth industrial revolution,” stated Bhaskar Pramanik, chairman, Microsoft India. “We believe security of critical information is imperative for our corporate customers, just as it is vital to ensure security and privacy of citizen data and transactions. Our first investment towards this was setting up our local data centres in India last year, and launch of the Cybersecurity Engagement Centre is the second. Our cyber-security investments in the country underline our relentless commitment to partnering India in realising its digital vision.”
PwC, in its ‘Global Economic Crime Survey 2016 An India Perspective,’ reports that 56 per cent of the Indian respondents (who are from various industries and sectors) perceived an increased risk of cybercrime over the past two years, as compared to 53 per cent globally, and 16 per cent of the organisations had experienced cybercrime in the past two years. Only 45 per cent of the organisations have fully trained cybercrime first responders.
Clearly the need of the hour is awareness and preparedness to address cybercrime. In its effort to raise awareness, Microsoft India has rolled out Microsoft Secure, a nationwide campaign to increase awareness on cyber security to help organisations understand their security requirements better. Through its three-pronged approach of comprehensive platform, unique intelligence and partnerships, Microsoft is aiming to drive educational sessions and coaching sessions with enterprises in the country. The campaign has reached out to over 300 enterprises so far.
Cyber risk today encompasses more than just computers. Due to the rapid changes in technology and the advent of the Internet of things (IoT), there has been a sharp increase in attack activity involving interconnected devices in the cloud, including elements as diverse as cars and household devices. Contrary to common perception, today, cybercrime is no longer an IT problem, but a fundamental business problem.
Intel Security has announced its second annual cloud security report, “Building Trust in a Cloudy Sky.” This 2017 report, which surveyed over 2,000 IT professionals, outlines the current state of cloud adoption, the primary concerns with private and public cloud services, security implications and the evolving impact of Shadow IT.
As per the Intel Security report, the pressures of speed, efficiency, and cost will push more applications and data outside the trusted network and into a service provider’s clouds, where those benefits can be realised. The growth of cloud services and movement of sensitive data between private and public clouds means that those services will become increasingly valuable as targets of attack.
As enterprises cloud-enable their operations, gaps in control, visibility, identity, and security are the most likely paths to data breaches. Integrated or unified security solutions are a strong defence against these threats, giving security operations visibility across the cloud services in use and which data sets are permitted to traverse them. Organisations should make sure that they are following best practices for cloud credentials, including distinct passwords and multi-factor authentication to mitigate this risk. Security technologies such as data loss prevention (DLP), encryption, and cloud access security brokers (CASB) provide essential identification and protection for an organisation’s data and cloud services.
PwC’s ‘Global Economic Crime Survey 2016 An India Perspective’ indicates that at a time when the scope, scale and sophistication of cyber risks faced by companies continue to rise, what’s needed to combat this growing threat is not a digital strategy but a business strategy for the digital age – one more focused on managing risks than on remediating incidents. For forward-thinking organisations, this is also where the opportunity lies.
Writing in the PwC report, Murali Talasila, partner Forensic Services India, says: “With the proliferation of information on individuals and organisations across devices and social networks, there is a growing threat of misuse of such information. Intelligent minds can come up with innovative ways to combine open-source intelligence, human intelligence, social media and network information, using deeper business acumen to break into organisations and business processes. Such threats can occur in the form of fraudulent financial transactions, business downtime, targeted attacks as well as organisation-wide shutdown of networks.”