Thursday, February 2, 2017
A push towards digital economy (otherwise known as demonetization) by the Indian government is changing the way businesses and governments are run in the country. However, at the same time, these recent changes are creating vulnerabilities by moving processes online, resulting in an increased incidence of cyber-attacks among enterprises in India.
Further contributing to the problem is a lack of understanding among most Indians on how dangerous hacking can be to the reputation of an enterprise. According to various sources, between 2011 and 2015, there has been around 300% increase in reported cyber crimes among enterprises; the actual numbers though could be higher.
Consequently, it’s unsurprising to see a number of startups targeting this new business need in India. The Data Security Council of India (DSCI), an industry body on data protection, has incubated 80 cyber security startups in the past two years. According to Rama Vedashree, CEO at DSCI, cyber security is no longer a choice for companies. “It’s not a matter of whether your company will be hacked, but when and what can be done to prevent the inevitable,” she says. “Startups in this space will provide the much needed support to Indian firms in terms of enterprise security. We’re already late in the journey, but nevertheless we have made a beginning,” says Vedashree.
From 2015 to 2016, Gartner, an American technology research firm, saw a 10.6% jump in India’s enterprise security spending (hardware, software and services). It’s growing numbers like this that are pushing entrepreneurs like Pavan Kushwaha, founder at Kratikal Tech, a startup in security testing, to explore the Indian market.
“The government is advocating digital services which are becoming the hotspots for hackers,” says Kushawa. “The year 2016 saw 3.2 million debit cards getting hacked in India as the banking system relies on obsolete software and security solutions.”
Understanding the magnitude of the problem, enterprises in India are now prioritizing cyber security, which now occupies 30-40% of most overall IT budgets. Even industry veterans have seen the landscape change in the past four to five years. While businesses like banks, telecom companies and insurance firms have always been mandated to have cyber protection in place, now new-age companies (like ecommerce companies or online food portals), with their increasing online presence, also have little choice left.
Although India in recent times has launched a series of cyber security initiatives, cyber-attacks have also doubled year over year. At present, there is no national agency to assess the nature of threats and respond to them. According to a study done by IBM titled The 2016 Cost of Data Breach Study: India, the average total cost of a data breach paid by Indian companies increased by 9.5%, while the per capita cost increased by 8.7%.
The problem is not all this information is publicized, and as a result many companies aren’t aware of potential cyber security breaches. Ashish Tandon, founder and CEO at Indusface, a managed service security provider, feels it’s futile to expect big progress on this front. “Too much publicity can lead to a slowing down of the government’s digital India movement,” says Tandon. “At a time when people are getting introduced to digital payments, coverage on its negative aspects will cause a panic.”
Another challenge for cyber security startups is that gaining big firms as clients can be tough for startups. Dhruv Khanna, CEO at startup firm Data Resolve Technologies, says that sometimes it’s difficult to win a client’s trust no matter how good your product is. “Most firms, especially the big ones, would want to associate themselves with more established cyber security companies which can be challenging for startups,” says Khanna.
"Indusface has proved to be a valuable security partner with its Total Application Security solution. Their 'detect-protect-monitor' package handles security worries so we can focus on improving services for our customers. Vulnerability detection, attack blocking and near real-time reports are some of the key differentiators that we enjoy with them. The web application scanning and web protection combination ..."
"As one of the leading banks in India, securing application infrastructure is critical for us. Indusface’s Total Application Security package allows us to scan vulnerabilities continuously and prevent attacks. Indusface also provides the unique benefits of expert handling and tuning on custom rules with round-the-clock traffic monitoring and protection through on-premise appliances ..."
"Our complete ecommerce infrastructure is hosted on the cloud and we are glad to have Indusface as partner for web security. Due to their association with cloud service providers and prompt deployment options, Indusface was the preferred security choice. The on-demand and scheduled scanning helps us keep track of vulnerabilities that may otherwise damage our website or put customers at risk ..."