At the age of 20, Sunny Vaghela had already solved over 15 cyber crime cases for the Ahmedabad Crime Branch. These include phishing cases, data thefts & espionage, credit card frauds, several Orkut fake profile impersonations, cracked email passwords, SMS spoofings and even cyber terrorism.
So, what’s more amazing? Vaghela’s young age (he’s now 23 and runs his own cyber security firm TechDefence), or the fact that rapidly rising instances of cyber crimes present talented information technology (IT) security people like him the opportunity to showcase their skills?
If the cyber world has opened up a cosmos of such opportunities as e-commerce, collaborative computing, emails, online advertising and information distribution, it has also exposed netizens to computer criminals, espionage, identity thefts, privacy invasions, illegal information exchanges and cyber terrorism.
Indeed, it’s not just about international or even nationwide cyber crimes. Netizens today are equally exposed to large-scale organised crime pertaining to IT as well as some very small, local cyber crooks that are up to no good. Vaghela recounts a case in which four girls from a well-known engineering institute in Gujarat had filed a complaint with the Ahmedabad Crime Branch, stating their fake profiles were hosted on the social networking site Orkut and that the perpetrators had even uploaded porn pictures.
Instances such as these help one understand why independent security consultants (like Vaghela) as well as IT security solutions companies are multiplying in number.
According to industry association Nasscom’s estimates, demand for cyber security professionals would be around 90,000 by this year-end in India alone, compared to around 200,000 globally. Because of the ever-evolving cyber world, employees with dynamic and adaptable security skill sets are needed all the time, creating a challenge for most employers.
That’s where Yash Kadakia, chief security consultant at Security Brigade, comes in. “You do need to understand how to repair a system that’s under attack. But you also have to know how illegal hackers can attack a system in the first place so you can prevent it from occurring,” he says.
Ethical hackers use the same techniques and tactics as those used by ‘crackers’ (illegal hackers) to breach corporate security systems. The end result is that the company is able to prevent an intrusion before it ever occurs.
Sahir Hidayatullah, a security expert with Miel eSecurity (which regularly assists the Mumbai Cybercrime Cell in its investigations), says: “We recently helped a large pharmaceutical company secure its distribution system after it was besieged with internal security breaches, causing revenue losses that the company wasn’t even aware of.” Cyber security professionals regularly come across such instances when they conduct security audits for their clients.
For individual users, the single largest attack vector to steal data is email. Crackers either break into accounts and send spam mails or sell a user’s details to other cyber criminals.
According to Deloitte’s 2010 Global Security Survey-India Report, almost half of Indian respondents experienced at least one internal security breach during the past one year in their organisations.
Websense Labs research indicates there are more than 200,000 phoney copycat sites — all using the terms Facebook, MySpace or Twitter in their URLs. With crackers taking steps to create cloned domains to circumvent security measures put in place by organisations, individual users are exposed to them more often then they realise. “This, in turn, exposes an organisation and its network to outside attack,” says Hidayatullah.
Now, demand for computer security specialists has been further boosted by the heavy investments both private businesses and government departments are making to upgrade cyber-security systems. All have realised how important it is to protect vital computer networks and electronic infrastructure from attacks.
Today, security consultants and independent ethical hackers command remuneration of about Rs 1 lakh and onwards per project, depending on the nature of the security breach. And they still cannot keep up with the demand.
Vishal Kumar, additional director at Asian School of Cyber Laws, explains: “Under Section 85 of the Information Technology Act, 2000, liabilities have been imposed on the companies, especially in case the provisions of the Act are violated. For example, if a company runs a website and pornographic content is uploaded, then the company is liable under this section!”
Any wonder then that companies are ready to spend big bucks in order to be safe than sorry?
With inputs from Katya Naidu