Cyber security has become one of key concerns for enterprises in India with more number of devices being connected to the Internet, increasing the threat of newer attacks. The volume of transactions on the Internet from the e-commerce companies or the plans of a digital India has only
increased awareness level of these potential threats. Chris Young, senior vice-president and general manager, Intel Security Group tells PP Thimmaya that Indian enterprises are geared up to meet these challenges and are taking a proactive approach to cyber security. Excerpts:
Could you provide us with a brief profile of Intel Security Group?
Intel Security brings together the experience and expertise of McAfee, a dedicated security company, with the performance and innovation of Intel. Intel Security’s mission is to give everyone the confidence to live and work safely and securely in the digital world by developing products that feature seamlessly integrated security; built in by design to better protect every layer of computing: from chip to cloud and from devices to the data they hold. With its Security Connected strategy innovative approach to hardware-enhanced security, and global threat intelligence, Intel Security is deeply focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile
devices for business and personal use around the world.
Do you expect cyber security attacks to be more dangerous in the years to come?
I think attackers have already developed a level of sophistication that is well beyond the hobby-hacker of the past. To give you an example, according to Intel Security Labs, of all the Indian organisations that have experienced security incidents in recent times, 34% were financial services organisations and 34% were IT companies. So we are clearly seeing a streak of organised and targeted crime as was also evident from some of the high-profile security incidents that took place in 2014. For example, with the advent of the Internet of Things (IoT), the attack surface has expanded exponentially, thus making our environment potentially more vulnerable.
In the Indian context, we are dealing with a lot of new economy enterprises such as e-commerce and adding a layer of complexity from a security perspective is the fact that mobile shopper penetration in India ranks 3rd among emerging markets. So yes, I do think that attacks could be potentially more dangerous but the good news is that awareness levels have increased too.
Take for instance the Indian government’s digital initiatives, which are a great example of wanting to digitise responsibly. With a sizeable cyber-security budget being envisaged by the Narendra Modi government, I think it’s a great start and I am seeing that within private enterprises in the country as well. On another note, security technologies are evolving as well and at Intel Security we are working on innovations that combine the powers of Intel’s hardware prowess with McAfee’s security expertise.
How are Indian enterprises gearing up to meet the challenges of security threats?
I have met with numerous customers and have been encouraged by their level of understanding and their demands of their security infrastructure. Indian enterprises are world-class; their chief information officers and chief information security officers talk the same language as global counterparts. In fact, a lot of the talk around making security a boardroom conversation is already a reality in India. So I am confident that Indian enterprises are not only geared to meet security challenges but beat them with their proactive approach.
What challenges do you see from a security threat perspective in the framework of Internet of Things?
As it stands, the industry at large is still fairly uncertain about the impact that IoT could have on the security posture of an individual, organisation or even a nation and that uncertainty makes the situation more dangerous. The challenge lies in embedded systems that are now increasingly connecting to the internet. Gartner estimates that IoT devices installed base (excluding PCs, tablets and smartphones), will grow to 26 billion units in 2020, up from 0.9 billion in 2009. What is happening is that the definition of what is sensitive information is changing as well. IoT devices today are able to gather information that was probably un-aggregated previously and their ability to connect to the internet makes them vulnerable to cyber criminals.
How can the retail consumers be educated further on these security threats?
According to recent survey done by us, almost half of the Indian respondents said they personally own 3 to 4 devices in their homes. Now compare this with our labs data —48% of attacks against average end-users in India are auto-run worms that exploit minor vulnerabilities for which patches are easily available.
On the other hand, mobile tends to be more evolved; 38% of attacks on Indian mobile users are mobile adware so attackers are exploiting new technology as well. Given this device explosion and the growing sophistication of threats, there is a need to have cross device security.
Overall however, from an end consumer standpoint, I believe that there is still a fair amount of work to be done in terms of getting the basics right. Awareness and education needs to be a public-private partnership model with a focus on grassroots education and embedding cyber-education into the education system as well.