India, which needs 77,000 ethical hackers, has just 22,000. Here demand beats supply
By Ritwik Mukherjee: To be forewarned is to be forearmed. Before you know how best to tackle your adversary - or catch a spy, if you will - you have to know who the offender is. Which is why old police investigators, reminiscing about their conquests, are wont to say that to catch a criminal, you have to think like one. In today’s burgeoning, jiving digital world, criminal activities are no longer confined to the old cop and robber routine. In this dazzling stratosphere of information technology, cyber criminals hack into unsuspecting systems with the malicious intent to steal crucial information and data. Alas, there appears to be just one way to counter them - ethical hacking. "Ethical hacking is a term used to describe hacking mostly executed by companies or individuals to recognise potential threats on a computer or network,’’ says Amit Nath, country head, India and Saarc of the Helsinki-headquartered and Nasdaq-listed, F-Secure, an anti-virus, cloud content and computer security company. With rising incidents of cyber attacks on individuals, government, companies and organisations, ethical hacking involves breaking into systems and servers with the sole objective of making them more secure and uncover vulnerabilities that can be enhanced to act as a shield against cyber attacks. Apart from providing protection from cyber criminals, the ethical hacker also plays a pivotal role in other aspects of enterprise security such as encryptions, security protocols and firewalls. Welcome to the rarified world of ethical hackers. According to a recent Nasscom study, India is in dire need of such hackers, precisely about 77,000 every year. In contrast, there are only 22,000 professional hackers in the country - a clear and prescient case of demand outstripping supply. Their need is being increasingly felt, because according to the same study, India has to combat not less than $8 billion in annual losses to various cyber threats. In the wake of this, a number of institutes are developing degree and certificate courses in IT and systems security and developing professionals well versed with hacking techniques. In such a situation, obviously, hacking ceases to be a dirty word. In fact, placed in the right perspective, it may be good, the act of a savior in an increasingly complex, criminal cyber world, notes Asoke K Laha, managing director and CEO, InterraIT. “The hackers can be called crackers too, since they break into foreign systems and applications. As per recent studies in hacking worldwide, there are four distinct categories here: hactivism or politically-motivated hacking, hobbyist hacking – hackers who do it as a hobby, for fun or knowledge sharing and research, security hacking – those intent on discovering security vulnerabilities and writing code fixes and hacking for commercial gain – those artists who break into banks and other institutions for financial gain. Whichever way you look at it, computer security has become a universal concern, especially after September 11, 2001, and the publication of the Hacker Manifesto in 1986 was a watershed. Causal curious hacking in public or private networks is severely discouraged and viewed suspiciously by law enforcement and vigilance agencies worldwide,” points out Laha. A recent Gartner report suggests that worldwide spending on information security is estimated to touch $71.1 billion by the end of 2014 and $76.9 billion by 2015. Happily, these figures are also a perfect demonstration of the job potential in the futuristic world of internet and cyber security. This phenomenon becomes even more pronounced because of the virtual war that is being launched at various levels globally against cyber criminals and cyber crimes. For instance, McAfee, now part of Intel Security, and Europol's European Cybercrime Centre (EC3), have signed a memorandum of understanding (MoU) that brings together Intel Security expertise with EC3’s law enforcement skills in the war against cyber crime. Intel Security and EC3’s combined resources and expertise will offer increased defence against this growing menace. The agreement enables the two entities to engage in joint operations to address identified cyber criminal campaigns, and allows for participation in events to share best practices as well as the ability to exchange non-operational data related to cyber crime. This particular MoU will also allow for Intel Security to provide specific technical information on cyber-attacks to Europol. “No one entity can combat cyber crime,” avers Raj Samani, chief technology officer for EMEA at Intel Security and special advisor to the Europol Cybercrime Centre on internet security,’’ who adds, “I’m excited to work with the excellent team Europol and contribute my expertise so that we can together effectively address the cyber crime problem.” Troels Oerting, head of the EC3, says in a written communiqué, “Such tasks cannot be undertaken by law enforcement alone and requires a much broader approach. Intel Security has assisted EC3 in the past and, with the signing of this MoU, our cooperation will continue to benefit all law-abiding users of the internet, to the disadvantage of cyber criminals.” The growing importance of crusaders against cyber criminals or ethical hackers, can therefore, be hardly over-emphasised. Little surprise then that the information security industry is undergoing a current worldwide growth rate of 21 per cent, no less! InterraIT’s Laha, also national president of Indo-American Chamber of Commerce, believes ethical hacking has emerged as a $3.8 billion industry in the US alone and India, understandably, is fast catching up. Here too, the need for information security for security compliance has been made mandatory for all companies with an IT backbone. The requirement for such expertise is especially higher in organisations in the IT/ITeS space. However, internet security is no longer a grave concern for IT companies alone. Today, every business has some form of online presence and therefore cyber security has become a key focus area cutting across sectors. When it comes to India, in particular, with more and more people turning gadget-friendly, the country has emerged as a vast potential for e-commerce and online financial transactions. Online payments come with the risk of sharing sensitive data, which might be misused. Hence it is pivotal for netizens to embrace universities and institutions that provide formal training in ethical hacking, feel risk analysis experts at Deloitte and KPMG. Points out Laha, “This new breed of hackers uses their craft for public good and vigilance leading to more value creation in public and the cyber world. They often use their evil weaponry for openness and transparency, social utility and creative activism. Governments and agencies are also looking at hacking in a completely new light. Unless we have trained, proactive, investigative and passionate hackers, we cannot take on the growing threats of terrorism, espionage and rights violation. We need many more trained, innovative hackers who can serve the society more effectively as poachers turned gamekeepers,” he said. Experts, however, say hackers have problems of their own. Technology is influencing hacking in a big way. The concern for privacy, security and confidentiality is resulting in the growth of security hardware, software, and systems worldwide. The increasing sophistication presents a growing challenge for hackers as well. Education and social awareness campaigns have been launched against them. A large number of hacktivists and hobbyists are beefing up their defences to avoid prosecution. Many have channeled their energies and enlarged their activities by joining computer security departments, setting up their own security firms or contributing to open source software space to develop something that is useful for peers and clients. Ethical hackers are employed by the company in an attempt to bypass the security systems of the company and search for any weak points that could be exploited by malicious hackers. They have a legal agreement with the company or the individual to execute the penetration. But more importantly, it is providing increasingly larger career opportunities for those taking it up as a profession. IT biggies, Wipro, IBM, Infosys, Reliance and Airtel, have started looking out for efficient hacking professionals; naturally, they have no choice. Interestingly, many ethical hackers are turning solo, venturing out on their own in consulting businesses rather than being empanelled full-time with any organisation as this arrangement works out to be more lucrative. Responding to this growing need, while some leading companies have started grooming ethical hackers through in-house orientation courses, a number of institutes have sprung up which formally impart the art of legal hacking. In addition, there are online courses on display. Ethical Hacking Training Institute, New Delhi, School of Vocational Education and Training, Indira Gandhi National Open University (IGNOU), Indian School of Ethical Hacking, Kolkata, NIIT and International Council of Electronic Commerce Consultants (EC-Council), are some examples of these institutes. After pursuing a B.Tech or B.Sc course from an institute, it could be easier to opt for ethical hacking at the post-graduate level; of course you need a solid grounding in computer sciences. But an ethical hacker needs certain strong individual traits. If what Bikash Barai, an IIT Kharagpur alumnus and founder-CEO of iViz Security says, is anything to go by, a good ethical hacker needs to have very good eye for detail and the ability to back a hunch. Typically, they should love solving puzzles, have very high perseverance and can visualise worst-case scenarios. That’s quite a comprehensive list of qualities required to become an ethical hacker either. But then, so are the demands of this burgeoning business. Source: migitalfc.com, Reference-Image: flickr.com
|
