In May 2016, the personal data of about 1 Cr IRCTC users was feared to have been leaked from the website’s server. The Maharashtra cyber cell had also informed IRCTC about a potential data theft of its user registration details.
In October 2016, about 3.2 Mn debit cards were compromised, as a result of a massive data breach that reportedly originated in malware introduced in the systems of Hitachi Payment Services. This breach enabled fraudsters to steal information allowing them to steal funds.
As per a Nasscom report released in December 2016, Growing Cyber Security Industry, Roadmap for India the global cyber security market is expected to reach approximately $190 Bn by 2025 from $85 Bn in 2016. The report further states that the growth will be driven primarily by increasing digitisation and smartphone penetration, leading to newer attack surfaces and ever-increasing number and sophistication of cyber threats.
With advancements in technology, threats of cybersecurity breaches are also rising. The industry, as well as the country, needs competence and compliance in “Security Architecture.” Taking this fact into consideration, CISO introduced SACON – India’s only Security Architecture Conference. This year, the conference will be organised on May 12-13, 2017 in Pune.
The CISO Platform is a community of senior IT security executives aiming to collaborate share knowledge and intelligence to fight the growing cyber security threats. It works to help create best practices, frameworks, and playbooks for securing the ecosystem. The platform has 4,000+ Global CISOs and 60,000 subscribers in the community.
Before participating in the conference, users can take up a free course to get insights on how to build a startup’s security architecture.
The past sessions (Bengaluru – July 12, 2016 and Goa – October 20-21, 2016) saw the participation of Paul Wright, Author of Big Data Security; Kenneth Bradberry, CTO of Xerox; Reinhold Wochner, Lead Of Digital Security, Raiffeisen Bank International; Menny Barzilay, Ex-CISO, Israeli Defense; and Matt Suiche, Speaker & Review Board Member of BlackHat Conference as speakers.
This year’s edition will see industry stalwarts like Bikash Barai (co-founder, FireCompass) take centre stage at SACON 2017. Bikash is also an international speaker at RSA USA, Interop Vegas etc. and co-founder of iViZ – a security product company, now a part of Synopsys.
Apart from this Raj Gopalakrishna (co-founder, Acalvio); Arnab Chatterjee, Former Architect BT (UK); Ajin Abhraham, Immunio; Shomiron Das Gupta, founder, NetMonastery; Sachin Deodhar, founder Deepsense Labs; Nilanjan De, co-founder FireCompass will also be part of SACON 2017’s lineup.
Inc42 caught up with Bikash Barai to elicit more details about the conference and the state of cyber security in India.
This interview has been edited for brevity and clarity.
Inc42: Why are conferences like SACON important for the Indian startup community?
Bikash: India is going through a startup revolution, especially, in the areas of fintech and online commerce. The increase in online business will lead to increased online risks. The maturity of the Indian startup ecosystem, in terms of security, is very low. In fact, as per the maturity study by CISO platform, online startups in India ranks amongst the lowest (7th). IT/ITES, telecom companies and large banks are among top three, according the study.
Conferences like SACON are very critical to spreading this awareness. Security is a very vast field with more than 100 types of different technologies or markets inside it. Just application security (one of 100 markets) has around 70+ possible various activities. Typically startups cover a few of them like ethical hacking but other critical aspects like third-party risk management etc. are missed out on totally.
Inc42: What is your opinion about cybersecurity startups in India?
Bikash: There are very few cybersecurity product startups in India. The focus is more on security services startups. India is over-reliant on international products for our national security. This exposes us to tremendous security risk, as a country. We need more product companies in the security space. There are a few, successful security product companies like Cyberoam, Pawaa (acquired by Cisco), Uniken, Seclore etc. We need more such security startups from India to protect our country and the industry.
Inc42: What are the key areas in cybersecurity which need focus?
Bikash: Firstly, we need to think beyond ethical hacking. Ethical hacking is an important initial step but we need more. Security is not just about securing, it is also about building a strong response programme to face a situation of crisis. We need to build this security considering we will be hacked and yet we should not be out of business. We need to have technologies for detection, prevention, response as well as prediction. And it is not just technologies, we need to have a strong process and a team to augment technologies and products.
Inc42: What kind of opportunities and audience are you looking for at the conference?
Bikash: We have been a community focussed on the CISOs of enterprises. Recently, we decided to help the startup ecosystem, so we created a free cyber security clinic for startups. This is a half-a-day programme, which shall be beneficial for startup CTOs, Head of Engineering or technical leadership team. We also have a 2-day security architecture conference for those who are serious about security architecture.
This year, the conference will address how organisations can implement a formal ‘Threat Hunting’ programme to discover sophisticated attackers, who’ve already bypassed network defences. Apart from this, there will be sessions related to deceiving the attacker and luring them into traps to identify them and analyse their techniques and other related sessions.
Apart from the sessions, a workshop will be conducted to work on building security technology stacks for startups and SMBs based on their specific environments. This workshop will help in reducing security risks in a cost-effective manner and building a security roadmap.