Not long ago, one of India’s well-known banks received a complaint from a clerk that there may have been an accounting error in the charge of interest rates on overdraft accounts. The bank usually charged an interest rate of 10%, but on a few accounts, the charge was just 5%. The difference ran into several lakhs of rupees. All records were checked and found to be accurate, but still the money was missing. The bank hired a small firm specialising in detection of cyber crimes to check if a fraud had been committed on its network. The firm checked the 259 programs that the bank used and found in the systems nine more that were not in the official list of software. Three of them that accessed the database produced no audit trail. The firm came up with the hypothesis that someone should have briefly reset the interest rates. The extra software could have been installed when the bank was upgrading its systems to newer software. The day of the fraud was identified, the accounts named and the officer staffing a certain desk questioned. It didn’t take much to extract the confession from him. The bank took remedial action without involving the police. A small firm had busted a racket that a big bank could not initially fathom. This case is illustrative of an increasing number of cyber crimes in India and abroad, which have in turn, yielded business opportunities of various hues for small entrepreneur-driven firms. Large companies have a high cost base and depend on nimble start-ups to swoop down on online criminals threatening their business. Cyber security for large and small firms is not merely important, but critical. A leading Supreme Court advocate says the market for cyber security services and products will grow 100 times within five years, due to increased adoption of technology and higher awareness and possibility of cyber crimes. For instance, if there is a major security breach in the banking industry or the stock market, the impact on the country would be devastating. The lack of security could undermine the growth and credibility of India’s outsourcing industry, which has given the country global attention and recognition. “Terrorists and criminals will continue to add their contribution to make the security business prosperous. Be prepared to plan for a long term and you will reap the benefits,” says Naa Vijayashankar, director, Cyber Law College and founder of Naavi.org, a techno legal information security consultancy based in Bangalore. As criminals become more and more tech savvy, a war has broken out between them and law keepers. Nations and companies need an army of specially trained warriors to take the attack to the criminals, Mr Naavi says. Like any other start up in a new field, investments are the key and appealing to a venture capitalist is difficult. Unless the services are institutionalised, investments are hard to come by. Saurabh Srivastav, the president of The Indus Entrepreneurs (TIE), Delhi, says that investing in the area of cyber security is finding global interest. However, he adds: “You won’t succeed unless you have a world-class product or service, as today you are competing in a global market. You can’t offer something that is simply the best in India. Cyber security is not country specific. It isn’t like banking software, where the software for an American system of banking is different from the Indian system. Cyber security is cyber security, the world over.” It is very important for entrepreneurs not to lose sight of individuals since security is important for every information user. If ‘Mobile Security’ is a target, then millions of mobile users are also the target clients. Ultimately, client selection is part of a business strategy and a good mix of mass markets which are stable but of low individual value has to be planned along with high value clientele who would obtain services on retainership. “There is plenty of scope for start up companies in the field of ‘cyber security products’.
There are several small and large software products which are required by the netizens all over the world. There could be professional services rendered on call such as ‘Security Audit’, ‘Implementation of Security Audit suggestions’ as well as ‘Certification of Information Security Status of a company,” says Mr Naavi. Like in all fresh businesses, cyber security start-ups will have their own difficulty in terms of establishing trust in the market. Being a security business ‘Trust’ is more critical in this business than in any other. The gestation period for brand building is therefore high. Additionally, users still look at ‘Security’ as an ‘Avoidable Expenditure’. Evangelising and ‘Concept Selling’ is still required. Renowned cyber lawyer Pavan Duggal calls entrepreneurship in cyber security a highly under-populated sector. “Industries still don’t see it as a necessity and therefore people don’t see it as viable business. This is because, we as Indians have a notion that information has to be shared. The idea that information has to be protected still hasn’t been ingrained.” In fact, security education is in itself a huge business opportunity, he points out. Start-up firms could start something as simple as reselling security software, but there is a large untapped demand for more sophisticated services, Duggal said. “Experts in the area of data security will be desperately needed soon. There is an increasing amount of pressure on companies from the government to ensure compliance with the IT-Act. Within five years there will be a boom. We can expect to see the industry grow to 100 times the current size,” states Mr Duggal. With 21 years of experience in the information security business, cyber detective Rakesh Goyal highlights the mindset needed for the job. He says, “Besides the technical qualifications, an understanding of the business processes of the client they are catering to and an idea of the workings of the criminal mind and criminal intent is needed.” An information technology system has over 600 risk prone areas. Four hundred of these can be plugged, while the remaining 200 need to be monitored, says Mr Goyal, founder and managing director of Sysman Computers. Therefore, he says, there is a lot of business opportunities requiring a lot of people. There is also enough room for a large number of players. According to Goyal, banking, stock broking and e-governance offer ready market for cyber security services already as they have regulatory requirements to meet. The systems in these sectors need to audited by an IT security auditor empanelled by the central government's CERT-In. In the near future, hospitals and telecommunication companies will also have an increasing need for it. Duggal says airlines may start hiring security services firm because planes are often used as a weapon by terrorists. With an array of services and products demanded for the security of an increasing number of vulnerable businesses, the cyber sky is only the limit for online security firms.
(With Jacob Cherian)