Information on security sector


Even as the Indian economy touches new highs, data-related crime is keeping pace. Industries such as IT, Telecom and BFSI have gone on red alert. But what makes it really difficult for the good guys to wage war on the baddies is the fact that manipulation of information has taken on a variety of forms worldwide. Common forms of online data crimes are phishing, pharming, spyware, adware and spam, but definition can be stretched to a number of other acts of crime. “Corporate espionage, stealing of IPR, ideas, launch plans, cyber theft, theft of HNI details, money laundering, using Internet for terrorist related activities or contraband sales, solicitation for prostitution etc., etc., The list is endless.

Any activity that qualifies as a crime in the real world can be done more efficiently in the cyber world.

Hackers and renegade programs are getting more ingenious as well. ‘Malware’ 9malicious software has the potential to devastate an organization’s networks and bring them crashing down. Even worse is the effect they can have on a company’s brand image and credibility.

The 2006 Global Information Security Survey published by Accenture and Information week reports

(a) 24% of IT professionals in India say their organizations are more vulnerable to security dangers than a year ago.
(b) 57% of respondents in India said they expect to spend more on security technology than last year.
(c) They all agree that security complexity and security policy enforcement are major priorities.

All of this points to the urgency of taking preventive action against offenders –and fast!

Indian corporations haven’t traditionally paid too much attention to security and restricting access to sensitive information or perhaps they couldn’t predict the scale on which this ‘cyber war’ would occur. A recent KPMG study reveals a shocking fact that more than 70% of Indian corporate companies still do not have a formal security policy.

Some of the sectors most susceptible to attack are IT, financial services, telecom and e-commerce (buy-and-sell websites), owing to the sensitive nature of information that passes under the hands of the people working in these sectors.

Some organizations take the fight against information loss very seriously. Microsoft, for example, has privacy officers who ensure that customer data is collected and saved legally and with the full awareness of the customer. Their privacy officers create and enforce policies to prevent malicious intent. They work with everyone and not merely the customer facing staff.

The Pricewaterhouse Coopers Global Economic Crime Survey 2005 showed that 54% of respondents (major Indian corporations) had become victims of economic crime in the two years to 2005—compared to 24% in the previous survey.

More alarmingly nearly one third of these cases were detected by chance so the known crimes may only represent the tip of the iceberg. The rise in data crimes has also provided a boost to the security sector in India. The last known growth in the Indian information security sector was 53% in 2004-2005(including security related products and services). Companies like McAfee, Symantec, RSA Security and Trend Micro are constantly finding out new ways to protect access control and data protection solutions for the market. McAfee for example, has risk managers who work with IT executives to foresee and counter threats to their company.

The sector is also growing in terms of employment opportunities. There will be an increasing need for CA’s business process consultants research experts, defense personnel, and financial risk and compliance professionals too. We typically hire people with certifications like CISA, CISSP, ISO27001, CEH, Forensics or any other that has to do with Information Security. And keeping in mind the low number of professionals in this field, the growth path is fast as compared to any other field.

At the end of the day, the battle for rightful control of cyberspace will have to be taken up on different levels: increasing IT investment, instituting rock-solid policies to safeguard intellectual assets, sewing up loopholes by using appropriate anti-theft software and making every employee accountable for data protection.