/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsHere, would mean today’s Corporate war-field. The wish of having Agatha Christie’s famous female sleuth pops up only because of the winds that blow today. Fraud, theft and burglary are almost turning into a zeitgeist, albeit in a much more sophisticated form and attacking the corporate crème-de-la-crème. One only wishes to have an Agony Aunt who could solve the toughest mysteries. Who can help out spotting the very loose door bolts and window cracks that woo today’s smart porch-climbers and actually help all those tech safe-crackers prowling around. Well it turns out that someone can don that hat for a while sure as we talk to him about the latest leakage spots in the corporate data faucets being made all the more vulnerable with suave technology threats.
So dig all these clues and traces in this interview with Rajat Khare,CEO & Director, Appin Technologies.You can find out just how recession, defence organizations and ROI mindset connect with hacking.
Coming straight to the point, how serious has the environment turned today for corporates when all one sees in the air is stuff like corporate hacking, IP thefts, firewall breaches and employee cracks? Just to what extent and which kind of data is at stake today?
The Indian IT industry has grown pretty fast but there is also a side-effect. More so, because they are not structured. Specially defence entities are getting vulnerable and so is the case with many public and private companies. In the last five years, the number of hackers has only gown. Recession, in a twist, has further diverted more people in this area. Information today resides in mobiles and computers, and what not. Now we are even moving to digital documents so risk has grown huge.
Which of the damsels is actually in distress? Is it IP data or financial data or what?
Specially at the year-end time, a lot of information comes into spotlight. Talk of consolidation, email exchanges etc and you will see that it is a very lucrative time for hackers. Customer agreements, strategic information, new initiative plans, tenders etc, all that gets eyed. Statistics show that, majority of the corporate network intrusions take place during the end of the financial year/ Annual Audits. At the time when all corporates plan their activities and budgets for the forthcoming year, their competitors keep an eye out for any information which will help them do better in the coming year. Corporates attacking their competitors has become a regular undercover practice in the corporate world.
There was a PWC 2008 study that probably pegged the cost of security loopholes to corporates in US at about $34.7 billion annually. What can Indian corporates read out of that?
It’s not a small industry in India either. I would say the cost of security oversight is almost a similar percentage. Besides Indians have a psychology of ‘fix it when it happens’. They are not as proactive as one should be. But I am very sure that government is waking up to it and investing heavily now. It’s high time actually.
So has IT enabled security or disabled security for corporates? Has outsourcing given another spin to it?
Yes, it’s very enabling but if done in the right way. If outsourcing includes a price for security, one needs to think carefully. There’s also an aspect of cost-cutting which should be looked into. The problem is because the whole fabric is structured and is dotted with security gaps. Right now, it is not as structured in India as at other places. That is a cause of concern. But at the same time, in India, it is not as unstructured as it used to be. That’s a good sign. So watch out as the threat scenario is getting on to be a more organized crime and it will be a matter of time before it turns like the US.
Talking of the ‘people’ component here, has the scenario gone dire?
Yes, even if you have the best revolver you would miss the bull’s eye if you don’t know how to shoot. It’s not that enterprises don’t buy right products, it’s that they don’t have the right people to manage them. Therefore, gun slinging is a waste there.
Does that mean more hackers are on prowl today, and with more high-key targets?
Yes. Hack Attack has become the latest buzzword with increasing number of hacking crimes, data thefts, data losses, viruses and other cyber crimes. In today's time, the confidential corporate information is the key to the success or failure of any organization. In such a scenario, the fear of data plagiarism, data theft and attacks on corporate IT systems is a concern area for most of the corporate giants.
How good enough is white-hacking as an answer?
It is an answer yes, but again, just another option. Still, it can help enterprise security a lot.
So what should corporates do?
You need to basically start taking security seriously. It’s not measurable, it can’t be analysed. There has to be a different perspective to that. Fire extinguisher for instance is a norm. You can’t have a ROI mindset to that. This is a serious time, as we are living in age where even soldiers carry chips. Security at different layers and levels is important.