Indian Security Scenario Changing

by Neelu Lekhi & Sunil Kumar    Dec 18, 2006

Buzzwords like Phishing, Pharming, Hacking, Malware, Trojans, Worm attacks etc., are either nails in the coffin for the consumer and the enterprise or reflective of a change in the Indian security market.

Security market in India is growing at a rapid rate thanks to the increasing attacks, and vendors are constantly trying to find solutions to tackle this.

Ricky Rajkumar, business head, Intouch World, says that the size of the anti virus (AV) market ranges from 40-60 million dollars. Web vulnerability scanning constitutes 2-3 million dollars and is rapidly growing.

About the key trends in the future, Manish Bansal, regional marketing manager, South East Asia, Websense maintains, “Trends are that web attacks are becoming increasingly malicious. The mobile workforce that is growing is susceptible to attacks. Now attacks are geared at killing data inside the enterprise. For this addressing security threats at the network level are important.”

The McAfee Virtual Criminology Report 2006 says that cybercrime has established a cult-following with online offenders who are rising almost to celebrity status within hacking communities. Organised crime is found to employ KGB-style tactics to ensnare the next generation of hackers and malware authors, such as students, graduates of IT technology, and so on. Inadequacy of company security procedures entails majority of hacking attacks from current and former employees, contractors and suppliers.

The report highlights that phishing emails have increased approximately by 25% over last year. Cybercriminals are cashing in on data that is constantly exposed, and this does not require sophisticated attack. Botnets- robot networks of illegally linked computers that can be controlled remotely - are now the preferred method for effectively executing attacks.

Kevin James Vella, VP - sales and marketing, Acunetix says, “Hackers already have a wide repertoire of attacks that they can launch against organizations including SQL Injection, Cross Site Scripting, Directory Traversal Attacks, Parameter (e.g., URL, Cookie, HTTP headers, HTML Forms) Manipulation, Authentication Attacks, Directory Enumeration and other exploits.”

About the rise of security attacks, Claims Kartik Shahani, director sales, India & SAARC, McAfee says that the rise has nothing to do with the level of security and the number of security solutions. The increase in threat is because of two reasons, one the rise in Internet users and the second is the types of communication devices, like mobile devices, PDAs, handphones, MP3 players etc., have changed and increased in number.

Shahani adds that in India, McAfee has launched a Security Risk Management (SRM) strategy, which is an ongoing process, at three centers namely Mumbai, Delhi, and Bangalore, where the company has outlined details of the SRM to its customers and partners.

Shahani adds, McAfee SRM Strategy follows a 20-80 principle, whereby 20% of the most important assets of a company are given priority in protection, whereas the remaining are protected according to requirement. For example, for a manufacturing company, their ERP and web servers would be most important, so protection of these would get priority, over other assets. This ensures that security budgets of a company are utilized more effectively.

Shashi Ullal, CEO, CSI sums up saying, “IT security has to be consciously ingrained in the mindset of management to make an effective change in boardroom decisions.”