India not protected against hacking: NAG

India, despite making progress in various sectors, has a long way to go before it can claim to be immune against hacking. Vineet Kumar, Founder & CEO, National Anti-Hacking Group spoke to BE about this.

Q) What are the major threats faced by business in India due to cyber crime?

A) Hackers and criminals are constantly becoming internet security savvy and using IT enabled methods to attack their target organisations. Attacks these days can be as simple as defacing a company’s website or as complicated as stealing trade secrets and intellectual property. Indian businesses, as of now have been extremely slow in their adoption of appropriate and recommended IT security measures. As a result, a large part of corporate India is extremely exposed and vulnerable to national and international threats from criminal organisations, anti-national groups, etc.

The threats faced by India Inc are: financial damage/theft, theft of proprietary process/formula/techniques, theft of sensitive information/knowledge, theft of organisational secrets, compromise of customer/user data, etc.

Q) Have we done an assessment and prioritisation of critical infrastructures that need protection from cyber crime and cyber terrorism?

A) A certain amount of effort is definitely put in place by various Indian government organisations that work very hard to protect the nation. However, there is certainly a long way to go before we can comfortably say that the nation and its IT assets are relatively protected. We hear about attackers breaking into Indian orga-nisations/government everyday and the worrying fact of the matter is: We are only hearing 1% of what is really happening.

Q) How much are we investing in developing the skills and infrastructure needed for meeting the new threats of cyber crime?

A) Much lesser than what is required. India Inc is always about the bottom line, and as long as “it works” right now while spending the minimum amount, that is generally good enough. The problem with this approach is that we are causing a lot of long-term harm. Our focus should be on training and development of students, employees, etc to understand security concerns and face them head-on. The human element is known as the weakest factor in security and therefore education and development is the key to building a secure organisation.

Q) How much companies on an average lose due to cyber crime and are the investments made to counter it in proportion to the loss?

A) Indian companies only really act after an attack has taken place. Most of the focus of the investment is on identifying the criminal and covering up the damage. Real investments to build good long-term security are rare. According to Symantec, Indian organisations lost over `58, 00,000 revenue in an average in 2009 due to security breaches.

Additionally, 66% of organisations experienced cyber security breaches in the same year. Besides, Indian enterprises lost an average of ` 94, 56,216 in organisation, customer and employee data in the same year and an average of ` 84, 57,037 in productivity.

Q) How are we protected against hacking?

A) In short I would say, we are not protected.

Copyright@Business Economics October 31 2010