Every 44 seconds, a cyberattack occurs, causing turmoil and commotion, these attacks are so complex and challenging to identify. The COO of Whizhack Technology, Kaushik Ray, in a conversation with ET Edge Insights speaks on emerging technologies, cyber security initiatives and strategies. Excerpts from the interview:
1. Concerns about Cyber-attacks in critical infrastructure have led to a tremendous effort in cybersecurity. AI, machine learning, and other technologies are being used by hackers to carry out increasingly complex assaults. What is the strategy being used to stop the surge in cybercrime?
I have been talking about this for a while now, the real cyber security threats are the ones faced by the critical infrastructure sector. The energy and power sector has reported some very sophisticated and complex cyber security attacks in recent times. Emergency services, water treatment plants, traffic management, and other critical infrastructure rely on operational technology solutions to function. Operational technology (OT) uses hardware and software to manage industrial equipment and systems in the energy, industrial, manufacturing, oil and gas, robotics, telecommunications, waste control, and water control industries. Cybersecurity is critical to OT systems to protect critical infrastructure. Any momentary delay or period of unplanned downtime can cause manufacturing plants, power plants, or water supply systems to shut down.
The only strategy that can work is a 360-degree approach where we have the right products for protection which mean a timely detection or pre-empting threats, timely deployment of the products and skilled work force to counter. Any one piece of the puzzle missing can lead to tremendous loss.
2. The extent of the threat to the country more so in areas of transport, power and defence – Please elaborate
Power companies have OT and IT systems converging as companies digitize and build the power sector’s version of the industrial internet of things, including the “smart grid” and the challenge is expanding exponentially, since today’s interconnected world also requires them to secure vast, far-flung, and increasingly complex global supply chains.
Power companies purchase information, hardware, software, services, and more from third parties across the globe. And threat actors can introduce compromised components into a system or network, unintentionally or by design, at any point in the system’s life cycle. This may be through software updates or “patches,” which are downloaded frequently, or through firmware that can be manipulated to include malicious codes for exploitation at a later date. Adversaries may also compromise the hardware that utilities install in their operating systems.
On October 2020, Mumbai was hit by a massive power outage by Chinese hackers, affecting railways, water supply and commercial operations, India witnessed over 18 million cyber-attacks and threats, at an average of nearly 200,000 threats every day, in the first three months of 2022, according to US-based cyber security firm, Norton. Globally, India ranks in third place, after the US & UK, in facing cyber-attacks on its critical infrastructure and digital financial systems but also on its numerous small businesses. As per a PwC study, the instances of cyberattacks on Indian enterprises surged by 117 percent in 2019 compared to the previous year. According to NASSCOM, the rising incidents of cyberattacks along with data protection and privacy laws are estimated to lead to a USD 35 billion revenue opportunity and job opportunities for millions of Indian professionals by the year 2025. Cybersecurity would account for about 10% of the revenue generated by India’s IT sector in the same year.
3. Is India Prepared to handle cyber-attacks? Where do we stand in terms of skilled workforce?
India faces significant challenges in withstanding advanced Cyber security attacks on critical infrastructure. It neither has cyber security as mainstream curriculum in major courses at school or university level. On the other hand, there is almost complete dependence on international cyber security products for implementing cyber defense that is fraught with geopolitical risks. (Skilled cybersecurity personnel are in great demand in India with 60% of organizations had unfilled cybersecurity positions, and 42% of cybersecurity teams being understaffed. Shortage of the cybersecurity workforce in India is 9% higher than the global average). This is where we sensed a massive opportunity and envisaged a holistic vertical integration. We believe WhizHack Technologies is India’s first vertically integrated cyber security organization, developing security softwares, providing managed security services and building training programs across diverse segments which delves into the gaps and challenges faced by the country both in terms of manpower, products & services.
4. What initiatives have been taken by Whizhack to protect from such attacks. What are the Cyber Security products and their deployment?
Whizhack is building a strong foundation for Cyber Security in India through development of cutting-edge cyber security products and manpower development forging strategic partnerships with educational bodies both at home and abroad. We have a partnership with Isreali outfits to develop and train a workforce. Recently we struck another one with NPTI (National Power Training Institute), setting up the Centre of Excellence (CoE) for Cyber Defence in the Power Sector. IIT Jodhpur remains a strong ally in our effort to impart Cyber Security education. WhizHack has trained thousands of students on it’s Bootcamps with IIT Jodhpur for a start in cyber security industry and it’s teenager’s program as well, the first of its kind program for school going children, to build an aptitude for ethical hacking that creates career pathway for cyber defence.
We want to be a completely self-reliant outfit to digitally secure India. We have developed ‘Made in India’ threat detection product TRACE and Zero Day cyber-attack prediction and remediation engine ZEROHACK. This is currently being used in strategic Indian defence, power sector and academic establishments in India. We have a global services team that is deployed to provide on-site resolutions of advanced attacks. Its training division uses advanced pedagogy, personalised hand-on labs and access to top faculties from IITs and industry experts in creating highly empowered cyber defenders.
5. Your thought on the weaponization of the internet and the phenomenon of the splinternet.
The current Russia-Ukraine conflict has raised the spectre of geopolitics defining weaponization of the Internet and splinternet i.e. Internet dividing due to various factors, such as technology, commerce, politics, nationalism, religion, against the original principles of Net Neutrality.
A geopolitics driven polarised World can disrupt global supply chains and it is critical, particularly in high tech areas like cyber security, to remove external dependence and rely on local product development. India is bringing in new cyber security and data governance frameworks for building a self-reliant India. A few Indian companies have made ambitious forays in building advanced cyber security products within India and will contribute towards a larger ecosystem that can withstand the power of international big tech companies.
6. Can you share your vision for the current decade, particularly in emerging technologies?
As a developing country whose economy depends on knowledge based services, India must continuously remain at the forefront of new age technologies like AI, Cyber Security, Blockchain, Data Science etc. as they would dominate business processes over the next millennium. Twenty-six centres of excellence (CoEs) have been established nationwide to create capabilities in emerging technologies. Most importantly private sector, including companies like WhizHack Technologies, have ushered in significant technology development that has produced Indian IPs that can compete with the best of global technologies and have attracted investment by global PEs, will drive India being a major player in emerging technologies
7. Can you give us an outline of how your company has handled the security solution industry’s intense competition?
The founding management team of WhizHack comes with collective global experience of over 100 years . As a result, within a short span of less than 2 years, it has become a major force in cyber security because of its ‘vertical integration’ of training, services, and product development capabilities. Most of our peers only operate in only one of the three areas thus missing out on cross leverage opportunity. We also had early backing of large PE firms, strong knowledge partnerships with IITs and Israelis and support of Government stakeholders in scaling our solution. The fact that our launch coincided with Covid that led to massive digitizations and adoption of online training, also accelerated our growth.
8. What key improvements do you believe will help enterprises deepen their engagement on making business cyber secure.
The key to attain ‘sustainable’ cyber security in Enterprises. To achieve that, enterprises need to train and empower all their employees on cyber defence and develop adaptable cyber defence systems that are locally made and serviced and have a successful track record of predicting and remediating the next generation of cyber-attacks.
Kaushik Ray, COO, Whizhack Technologies.