Why India Needs More Ethical Hackers In The Cyber Space

by Priyanka Pugaokar    Nov 07, 2016

Ethical Hacker

Anand Prakash, a product security engineer at FlipKart, recently won a whopping USD 15000 for reporting major security flaws in Facebook, Twitter and many other companies. Not just Anand, many qualified technocrats are entering into ethical hacking space with an aim to make it as a full-time profession. Today, there is a huge demand for ethical hackers in the market, who can not only safeguard the enterprises from organized cybercrime groups but assist them to assess their cyber security preparedness. While countries such as the USA and UK are far ahead in utilizing ethical hackers in a best way, countries like India is yet to change its perspective about the concept of white hat hackers. 

According to Data Security Council of India, the cyber security market is expected to grow to USD 35 billion by 2025. A report by NASSCOM states that the country needs at least one million skilled people by 2020. These figures are clear indication that the country has a huge scarcity of qualified cyber security professionals and the need is going to become severe with cyber criminals increasingly targeting enterprises and government establishments. 

Scope Of Ethical Hacking 

With the growing number of threats, it is becoming difficult for companies to protect their critical data and systems from the external threats. This has created a huge demand for ethical hackers who can help them in securing their operations and offer them a third person view of their security systems. Ethical hacking is the process of trying to break into a company’s security system and expose the loop holes, with their permission. Ethical hackers use a series of tests such as penetration testing, vulnerability testing, etc. to understand the integrity and confidentiality of the company’s data. They also test for the accessibility and availability of the information. 

“In the wake of digital transformation, cyber security has become a major issue and hence, more and more companies are hiring specialists of ethical hacking to protect themselves from cyber criminals. If you compare the industry to what it was a decade back, things look much more positive now. Banks, financial institutions are hiring a white hat or ethical hackers to protect their systems, networks, applications and more”, said Rahul Tyagi, VP - Training, Lucideus.

While automation is axing jobs of lower end and mid-level engineers worldwide, cyber security is a stream which has remained unaffected. Due to high demand, the average starting salary for ethical hackers ranges from average INR 4 lakh to INR 5 lakh. MNCs are ready to offer even more handsome incentives to professional cyber security agencies. Hence, ethical hacking is emerging not as a growing but also a money making career for youngsters who are willing to get into the cyberspace.  

Also Read: India not likely to meet cyber security workforce target

Ethical Hacking: Myth v/s Reality 

The concept of ethical hacking is more mature in the developed countries like USA and UK, however, in India, hacking is still largely seen in a negative shade. However, with the rising awareness and the rise in bug bounty programs, ethical hacking is gaining momentum in the country. In the wake of large scale data breaches, enterprises today are willing to conduct third party security analysis. The private sector companies are more open for the third party security analysis, while the companies in the PSU sector are still reluctant to go for a third party security check. The demand for ethical hackers is on high in sectors like banking, finance, retail, etc., which are on the top of the list of cyber crooks. Hence, there is a definite scope for ethical hackers in the coming years. 

“A need for qualified cyber security professionals is becoming challenging for enterprises. Enterprises cannot have an in-house army of cyber security specialists. BFSI, retail, manufacturing, healthcare companies are willing to outsource some of the specialized functions with clear deliverables to third party security analysts. And are looking for experts rather than building an army of cyber security professionals”, said Ashish Thapar, Managing Principal - Investigative Response at Verizon Enterprise Solutions. 

Outsourcing ethical hacking is a convenient way for organizations to get an unbiased third-party perspective of their security architecture. However, the role of ethical hackers today is not restricted only to analysis of cyber security preparedness of establishments. Going one step ahead, also work as a consultant to various organizations and assist them defining their security frameworks.

“It requires passion and an urge for continuous learning in the field of cyber security. There is a lot of scope in understanding the area of ethical hacking as it is a vast ocean of hardware, software, applications, etc. India has a potential to serve as a cyber security services hub to the world. However, there is a huge scope for improvement in this regard”, said Suresh Menon, Managing Partner, Leonis Consultancy LLP. 

Also Read: Are CIOs Ready For Cybersecurity Preparedness?

Dearth Of Cyber Security Institutes 

Considering cyber security is a niche specialized industry, the demand for the right talent is quite high. Presently, one of the major challenges in the industry is the lack of skilled resources. It is a bitter reality that despite of growing menace of cybercrimes, India is an acute shortage of qualified and talented cyber-watchdogs. The demand for a number of ethical hackers is growing, but there is a dearth of institutes which offer hacking courses. At present there are very few educational institutes which offer cyber security courses. These courses are largely unstructured and more focused on theory. There are no standard practices for practical training in most of such institutes. Secondly, cyber security courses are comparatively expensive due to which many computer science students do not opt for cyber security education. 

“We do not have a defined syllabus for cyber security education. There are various institutes that offer unstructured courses and certifications. It is very important for enterprises as well as educational institutes to assert what they really want to achieve. There are various niche areas within the cyber security, such as network security, malware reverse engineering, vulnerability assessment, penetration testing to name a few. Therefore, generic certification may not be handy and one will really have to have deep practices within cyber security to achieve required skill sets”, said Thapar.

The National Cyber Security Policy 2013 introduced by Dr. Gulshan Rai, laid down the vision to create a task force of 5,00,000 cyber security professionals in next five years. However, very little development has been done to increase the force of cyber security professionals. Good cyber security institutes and dedicated efforts from the government are very critical to build a cyber-army to fight the advanced cyber threats efficiently. 

“In an era where, hackers are using sophisticated tools and technology, it is difficult for cyber security professionals to match up to those sophisticated attacks. This is simply because the security professional has to deal with a huge amount of technology stack to secure, whereas the hacker needs to find one flaw in the entire technology stack. Having the right trained professionals, is the need of the hour”, said Tyagi. 

Many security firms and agencies have come forward to address the scarcity of cyber security professionals in the country and offering various programs and training assistance to students. “We at Lucideus have started a campaign named ‘SecureDigitalIndia’ wherein we are reaching out to more than 10,000 students across the country and providing them details with what they need to do to enter this field and become successful. We also run our own hands on practical based training programs in our office itself”, said Tyagi.

Also Read: Ten things you should know about India’s Cyber Security Policy

Govt Plays Key Role 

In a bid to fight cyber crimes efficiently, the Government introduced National Cyber Security Policy 2013. The policy crafted under the leadership of Dr. Gulshan Rai, the National Cyber Security Coordinator of the Government of India, laid down an ambitious plan of action that aimed at making cyber security one of the top most priorities of the country. Unfortunately, the Act created with a vision to define standard cyber security practices, somewhere lacked behind in achieving its goals. However, in the wake of large targeted attacks, the government has now started taking cyber security practices, somewhere lacked behind in achieving its goals. However, in wake of large targeted attacks, the government has now started taking cyber security seriously. 

The government in association with security vendors and nodal agencies has also stepped up its effort to uplift cyber-security standards in the country. Prime Minister’s Office (PMO) has appointed Gulshan Rai as the first CISO of India. Apart from that state government are taking special efforts to build their cyber security capabilities in association with CERT-in. 

Similarly, the private sector companies are also taking proactive steps to help the government build cyber security arms. NASSCOM and Symantec have collaborated to build cyber security skills in India. Similarly, Microsoft India has launched a full-scale cyber security Engagement Centre (CSEC) in the country. Not only MNCs, but cyber security startups and consulting agencies are also willing to give their contribution in awareness campaigns. 

With the ‘Digital India’ program, there will a huge proliferation of IT infrastructure in the country. This automation are going to help to drive growth of India and will create a need for cyber security professionals. Hence, ethical hackers have a very bright future in India. However, it requires dedicated efforts from the government and security firms to encourage ethical hackers and recognize them as an important stakeholder in the cyber security world. 

(Image Courtesy: SJ Tech Videos)