There have been explosive increase in cyber threats due to increasing usage of mobile, web usage and social media compounded by Internet of Things (IoT) which is another major factor that has invited various cyber threats at various sensors, terminals, and end devices.
On the other hand increasing strictness of government regulations and evolving cyber threats are forcing organizations to focus more on cyber security.
As per Forbes, the worldwide cyber security market is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020.
Companies are focusing not only on Security Solutions but also on Security Services. Among the services, managed security service is rapidly gaining traction. Managed security services help clients to prepare for cyber-attacks by understanding and managing cyber exposure, enabling them to make informed investment decisions and to put necessary, cost-effective protection in place. Shortage of talented Security Professionals is one of the other major concerns by companies that also have to be tackled.
NASSCOM envisages that India can aspire to build a cyber security product and services industry of USD 35 billion by 2025. It also intend to generate a million skilled jobs in the security space by 2025 to cater to the rising global demand of cyber security professionals.
So what is this cyber security buzz is about and what do we do to capitalize on this estimated USD 35 billion market?
What Cyber Security focuses on?
It consists of security aspects of all entities related to computer and Internet. This includes but not limited to following areas:
Cyber Crime Cyber Insurance Security Software
Managed Security Services Governance Risk Compliance Security Analytics
Application Security Mobile Security IOT Security
Cloud Security Data Breach Web Security
Open Source Security Vulnerability Management Financial Services
Cyber Intelligence Education & Training Merger & Acquisition
How do we build USD 35 billion industry by 2025?
As per current Cyber security market trend, India is far behind in terms of market share (~USD 1.1B) but it is expected to grow exponentially in the coming years. Also, Indian Government’s emphasis on E-governance and Digitization is likely to create huge requirements within India itself.
India being a world leader in IT Services industry can surely take a similar lead in Managed Security Services thereby becoming a Cyber security hub for the world. Investing in R&D and manufacturing of future Security Products (in collaboration with Indian MNCs & Indian Govt as well as foreign MNCs) and creating Security Workforce to cater demands all over the world by investing in cyber labs and promoting Education & Training with different channels are other opportunities.
There is wide scope and various ways of achieving it but key is to look out for future trends and innovations. Speed of detection, mitigation and prediction of new threats through solutions and services is going to be a key success factor of this industry.
Below are some of areas which I feel that Indian cyber security ventures should look at investing for future success.
There have been big improvements in security threat analysis, prediction, detection and prevention software solutions but still most of them are built on past exposures and reactive in nature.
As many of national critical infrastructures are now within the scope of cyber-attacks, there will be need of Live Data Analysis and detect zero day vulnerabilities & exploits and contain them immediately. This will need to incorporate features that can distinguish allowed traffic, anomalies based on past exposures (signatures/patterns) and any other traffic that doesn’t follow in these two categories which alerts for analysis and need for any containment.
Technologies and Services:
Create Labs and emphasis on the trainings on below technologies for through understanding and predicting future vulnerabilities and threats.
IP version 6
IPv6 (128 bit) is existing since long and all existing IPv4 (32 bit) utilities are compatible with IPv6. However, complete adoption or implementation is still not done widely. Obviously there are many other different vulnerabilities in IPv6 than IPv4 which are already known and expect many more to introduce in future when its default implementation is mandatory.
Addressable hard disks/storage
In IT world, information is the money and it resides in the storage unit or hard disks in the organizations. Storage technologies keep evolving continuously to cater speed, capacity and manageability of data. Storage manufacturers are working on addressable hard disks with Enterprise Storage Arrays so that each hard disk can be managed individually and remotely. There won’t be much time when these hard disks are directly accessible on the internet and targets of cyber-attacks.
Internet of Things (IOT)
There have been many developments happening in this field. Days are not too far when various product vendors start manufacturing IOT ready products for readily plug into Internet (wired or wireless). These endpoints not only be targets but can become source of attacks on other endpoints. There may be demands to monitor some or all products of a specific manufacturer within area, organizations or by manufacturer itself. Any endpoint which carries life-endangering threat e.g. wearable medical devices carriage tremendous weightage and consideration.
Though this field has taken huge momentum in other parts of the world, there is very little awareness and importance in India. In the advent of cyber-crimes and cyber-insurances, there is huge scope and shortage of expertise in forensics.
It is likely to play more vital role with increased adoption of IOT. Just consider an example where malfunctioning/compromise of one of your household unit causes malfunctioning or loss of other household unit.
Command Centers for Critical Infrastructure
It is said that next war or power war will not be field battle but is likely to be cyber war. As more and more nation’s critical infrastructure (assets, systems, networks etc.) comes under the threats of cyber-attacks, there will be immense need of monitoring and protecting these infrastructure at war foot. Ideating and innovating for such critical monitoring through command centers can be needed in future.
Cyber Laws and policies:
There is immense need of defining cyber security sector friendly policies and laws for the country and also to enable security operations for other countries from India.