there. “Even after taking down the
botnet, the systems on the other side
of the network gateway don’t know
that the source of the infection is gone.
So the machines affected by malware
still try and communicate with the
source, which tells us how many
systems are still out there that are
impacted by malware. We compile this
data for our cyber threat intelligence
programme,” Chandra explains.t
here is huge buzz around
the new tech favourite,
blockchain, a cloud-based
distributed database used
to maintain a continuously growing
list of records (called blocks), with
each block containing a time stamp
and a link to the previous block. One
of its key purposes is to enhance
security and transparency in processes
like financial transactions and supply
chain management. IBM India, in
fact, is working with the Mahindra
Group to create a solution for the
latter. “As a diverse federation of
businesses ranging from agriculture
to aerospace, Mahindra is uniquely
positioned to leverage the benefits
of a blockchain-enabled solution
for supply chain finance in India.
This initiative aligns perfectly with
Mahindra’s tech and innovation-
driven growth strategy,” Anish Shah,
group president of strategy and
a member of the group executive
board at Mahindra & Mahindra, said
in a blogpost on IBM’s website.
“Security has very high mindshare
with customers, but very poor
wallet share,” says Karan Bajwa,
who recently took over as managing
director of IBM India. While that is
a challenge for the country, it is also
an opportunity for players like IBM
and Microsoft to build awareness
and get customers to spend more on
cybersecurity. Vital institutions like
BSE have already bitten the bullet
and entrusted third-party firms like
IBM to develop an integrated security
solution for them on a turnkey basis.
Companies like IBM and Microsoft34 | forbes india August 4, 2017“cybersecurity will
always be a focus
area for us.”
Anant Maheshwari, president,
Microsoft Corp Indiahave tried to shake the prevalent
mindset among Indian businesses that
a public cloud is unsafe by focusing
on the fact that data is stored across
multiple locations in a completely
secure manner and that it is the full-
time responsibility of the company
that owns the cloud platform to
ensure its dependability. They have
seen some success with organisations,
especially financial institutions
like HDFC Bank and State Bank of
India, migrating some portion of
their operations to a public cloud.E
nterprises are doing their
bit for cybersecurity, but
policy measures also need
to be revised to make these
efforts more meaningful. For instance,
there is no provision in general law for
cybersecurity breaches to be publicly
disclosed, unlike in the US. This
explains why cases like those involving
Zomato and Union Bank of India are
rarely reported. Sharing intelligence
around cyber threats helps companies
prepare for such eventualities better
but many prefer to not report such
incidents for fear of embarrassment
and backlash from shareholders.“We [the industry] don’t like to share
our problems with each other too
much but that will change with time,”
Zomato’s Goyal tells Forbes India.
The financial services space in
India appears to be better off with
the Reserve Bank of India having
issued a circular, in June 2016, on the
cybersecurity framework at banks
with some elaborate guidelines.
The circular asks banks to put in
place a board-approved cybersecurity
policy and crisis management
plan; arrange for continuous
surveillance and upgrade of
network infrastructure and most
importantly, report cybersecurity
incidents with the regulator.
The Indian government also
appears to be warming up to the
idea of having more well-defined
cybersecurity policies in the country.
“A focus on cybersecurity is a critical
component of the Digital India
road map. The government’s focus
is evident with the creation of a
National Cyber Security Policy and a
National Cyber Coordination Centre,”
says Maheshwari. “I would also
like to compliment the government
in having set up a Cyber Swachhta
Kendra in CERT-In (India Computer
Emergency Response Team), which
will focus on fighting malware in the
country. I see a tremendous amount
of eagerness in the government on
adopting new-age technologies.”
Robert Mueller, the former
director of the Federal Bureau of
Investigation in the US, had famously
said in 2012: “There are only two
types of companies: Those that have
been hacked and those that will be.”
As ominous as those words sound,
successive cyber incidents that
come to light bear out their truth.
Safeguarding one’s digital ecosystem
is much like protecting one’s home.
While it doesn’t guarantee averting
a break-in, putting a lock on the
door is always a good idea.
(With inputs from Harichandan Arakali,
Anshul Dhamija and
Paramita Chatterjee)Cover Story / CyberSeCurity