MUMBAI: Indian enterprises are getting more proactive about protecting their data and systems using better and advanced technologies as well as by looking outside the company for expert help.
The move, industry insiders say, is prompted by the recent revelations of the US government's widespread snooping over the internet and communication networks. For a foolproof approach to cyber security, Indian companies are incorporating data analytics and real-time detection to augment the traditional antivirus firewall systems that block unauthorised access into corporate networks.
These companies are also now more open to outsource parts of their security to experts instead of relying on internal talent alone. "In the past 6-8 months companies that were earlier looking at point to point security solutions are now looking at complete security incident event management solutions and security operation centres, which takes an integrated view of security across the enterprise," said Shree Parthasarathy, senior director of enterprise risk services at Deloitte.
According to security software maker Symantec, India is among the top five countries in terms of highest incidents of cybercrime. Parthasarathy attributed the change in the security stance to regulations by the Reserve Bank of India, as well as increasing threat levels in the country.
He added that more companies are looking at outsourced or hybrid managed security services — provided by third parties — to manage their cybersecurity infrastructure.
In October, ET reported that Reliance Industries, one of India's largest business conglomerates led by billionaire Mukesh Ambani, is looking to aggressively build out its cybersecurity network to protect itself besides looking to sell those security solutions. Service providers did not disclose names of Indian companies that have been sprucing up their defences, citing non-disclosure agreements.
The change in stance is boosting the market for security vendors. The size of the information security market in India in 2012 was Rs 1,200 crore and that is expected to grow 18% to Rs 1,415 crore in 2013, according to Pricewaterhouse-Coopers.
"There are a lot of questions that are about the kinds of devices that are coming from other countries. Do those devices have bits of software in them, we didn't ask for? They are asking the question, 'Is someone already inside?'" said Hugh Thompson, chief security strategist at Blue Coat, a security solutions provider benefiting from the increased interest, some of which it said is sparked by news of the US government's electronic surveillance programme PRISM. Thompson added that companies are looking at adding forensics or getting in consultants to check their systems for threats that may not have been detected earlier.
Blue Coat has about 400 customers in India.
"Companies have finally realised that security is not about putting a big lock on their door. So while traditionally a lot of spending has been on end-point management, now we are seeing a percentage of spending moving to detecting and addressing threats," said Diwakar Dayal, who leads security sales for Cisco in South Asia. Companies are also using what Cisco calls "global threat intelligence" to protect themselves by blacklisting information requests from certain internet addresses if a large proportion of potentially dangerous traffic originates from those addresses.
The changes at the technology level are only a reflection of companies paying greater attention to security, as fallouts from a possible attack become increasingly severe and expensive. "We have seen that security is becoming a boardroom discussion today. There is also a new position called the 'chief risk officer' (CRO) being institutionalised whereby chief information security officers are being made to report to the CRO, especially among conglomerates and public sector banks," said Jagdish Mahapatra, managing director for India and SAARC at security technology company McAfee.