Hack It Yourself Before Getting Hacked

by Wrik Sen    Sep 28, 2016

Tishneet Arora

According to statistics from a KPMG study, 94% of businesses perceive cyber crime to be a major threat to their business, 41% even reported to the issue being a major boardroom topic of discussion, 74% of the BFSI is seen as a top target, and some 64% reveal that directors and management of the company are at their most vulnerable to various cyber crimes. While hacking itself may not be seen as something legal or ethical, but ethical hacking as an activity, is actually helping businesses come up with security solutions, and take presumptive measures to keep their businesses and the business data safe.

One such talent is Tishneet Arora, CEO- TAC Security, one of India’s youngest ethical hackers, and also the founding member of North India’s first Cyber Emergency Response Team. TAC currently helps organizations find vulnerabilities before hackers get to them, to help prepare before hand.

- Considering there are other cyber security firms around, which aspects of the service makes TAC Security stand out?  

There are many other big cyber security firms which TAC Security Solutions counts as competition. TAC has a robust business model and with the vision of securing cyberspace, ie. securing the future. Our key differentiator is in our approach. With the underlying motto of “Hack it Yourself, Before You get HACKED!”, the company provides complete vulnerability assessment solution – the process of identifying, quantifying, and prioritizing the vulnerabilities in network infrastructures. 

TAC Security is a friendly hacker that helps corporate giants recognize its weaknesses before the fraudulent hackers can use them adversely and cause harm. TAC provides network, application & web security solutions to corporate giants, Governments and Law enforcement agencies. TAC’s new service TAC-CERT (Cyber Emergency Response Team) was launched this January by Industry and Commerce Minister of Punjab. 

Some of TAC’s current client portfolio includes prominent names such as Reliance Industries Limited, Gujarat Police, Punjab Police, International Tractors Limited (Sonalika), AMUL, Avon Cycles, RALSON, and Central Bureau of Investigation (CBI) among others.

- Could you briefly outline the process of vulnerability assessment, and what it entails?

TAC Security is committed to become a homegrown company providing actual end to end solutions rather than providing a product. TAC helps organization in recognizing its weaknesses, before fraudulent hackers can use them adversely. It provides network, application & web security solutions.We provide Black Box Testing. Black box testing is a software testing technique, in which functionality of the particular software is tested without looking at the internal code structure, implementation details and knowledge of internal paths of the software. This type of testing is based entirely on the software requirements and specifications. TAC Security provides the following solutions to corporates in terms of security or vulnerability testing process:

1.  Footprinting or information gathering and analysis

2. Vulnerability Assessment or risk assessments within the network and recommending ways to mitigate

3. Penetration Testing or intensity testing

4. Collecting Evidences of attacks

5. Remedies on how to counter a cyber attack – Response planning

6. Reporting of the attack

7. Training Client’s Team to patch the vulnerabilities and response mechanism

8. Regression Audit

- What are some of the most common vulnerabilities you see in the market today, and how best could organizations prepare themselves?

These days we found that organisations are not prepared for future strains of more sophisticated ransomware as fragile infrastructure, poor network hygiene and slow detection rates are providing ample time and air cover for hackers to operate. 

Hundreds of Indian companies are unfortunate victims of “ransomware”. The country is already the 5th-most attacked country in the world and the 5th-most attacked in Asia. Over 11,000 users were attacked by TeslaCrypt ransomware during the period of March-May 2016, and ranked 1st in the list of countries attacked by it in that period. During the same period, around 600 users were attacked by Locky ransomware, and ranked 4th in the list of countries attacked by this ransomware during that time. An Android ransomware named Lockdroid is also rearing its head in the Android OS smartphone segment. Samas too has hit India.

As Ransomware become more sophisticated with time, the best way to fight ransomware attack is to stay ready and prepared. Prevention is anyway better than cure. The best approach is to back up data frequently, on a cloud storage platform, with cold storage or on an external hard drive. Also, imparting frequent training to employees and staff regularly on cyber hygiene and cyber crimes via in-house workshops, asking them to be careful against phishing emails and asking them to refrain from clicking ‘malvertisements’ or other malicious over riders that looks tempting from the outside. Paying the ransom is never an option unless there is an indispensable asset at the stake.

- How do you see the future of the industry you are in, look ahead to 2020 and 2025?

The Technology era has a lot of pros and cons, but life will be the major threat in the future rather than data breach, reputation or financial loss. We believe that the next world war will be won online, and that India’s cyber security experts will have a major role to play. The global cyber security market is projected to grow from $122.45 Billion in 2016 to $202.36 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 10.6%.

The burgeoning IoT and BYOD trends and connected number of devices and applications are subjected to Advanced Persistent Threats (APTs). Application security will score the highest CAGR in the global cyber security market over the period between 2016 and 2021.

In India, the demand for cyber security professionals and experts is on continuous rise and companies are willing to offer them as much Rs 80 lakh per annum as remuneration, a study said. A CISO report states that cyber security industry will witness blitzkrieg growth matrix in India.  As a number of transactions and interactions are increasing on the Internet, concerns for security will also increase and propel the growth of the Indian cyber security industry.