With the mind-numbing pace of technology and changing IT landscape cyber attacks are getting bolder and have brought the concerns of IT security across industries to the fore. Hacking, which used to be a hobby, has now become an organised industry, with the origins of attacks becoming increasingly difficult to trace.
In a tete-à-tete with BusinessLine , industry veteran Christopher Young says that India ranks relatively low in the pecking order of the origin of attacks. Young, who had previously worked with Cisco, VMware and RSA (EMC’s security division), says India will also be a beneficiary of the newly-formed Cyber Threat Alliance. Young, who now leads Intel Security Group as its Senior Vice-President and General Manager, says in the consumer space, 38 per cent of the attacks are from mobile adware. Edited excerpts.
Which are the countries from where most security breaches originate? Where does India rank in the pecking order?
The sources of attacks are difficult to trace. In case of major security breaches, the US shows up as one of the top countries from which the attacks seem to have been launched. This is because the attacker would have hijacked a server in one country, sitting in another country, and launch the attack somewhere else. So, the origin of the attack is difficult to trace.
India is actually relatively low in the origin of attacks. The two biggest attack sectors for the Indian market are information technology and financial services with 34 per cent each, followed by healthcare at 8 per cent.
Why is the IT sector the most prone to cyber attacks?
The IT sector is probably being attacked because it works with global companies around the world and has access to valuable information. It is starting to become the most critical part of the world’s economy, attracting attention. The good news is that at least the IT companies that I know of have modern security programs.
The fast pace of technology and the emerging trends such as internet of things (IoT) and cloud are also aiding malware attacks and security breaches? Where do you see most of the attacks happening?
In fact, there are three forces that shape security. The attackers are changing their attack types is the first force. Secondly, all the mega trends in IT — IoT, cloud and mobility — also drive security, because security has to go along. Mobile is a great example. In the consumer space, we see 38 per cent of attacks from mobile adware. As new technologies come out, it becomes harder and harder for people to keep patching all these. The third force is complexity and fragmentation.
Hacking has now become an organised industry?
I call that the ‘industrialisation’ of hacking. You have organised crime that has different scales — some are very large and some are very small. You have nation-state activity, hacktivists with their own agenda. Some cyber attacks are to achieve their mission statement or organised crime, but, when you bring it all together it’s moved from hacking as a hobby to hacking as an industry.
Intel is a part of the Cyber Threat Alliance. What is its need and what is the Alliance’s plan in India?
Cyber Threat Alliance is basically where four companies — Palo Alto Networks, Intel Security, Symantec and Fortinet — got together to share information, which will help our customers get a better chance to successfully identify and stop attacks. All of us sell in India and so Indian customers will also get the benefits.
On Open Source... How serious is the security breach?
If you are going to use open source, you got to test it, you got to understand what code you are putting in. Otherwise, you could end up with something that was maliciously inserted into the code base. I like open source because the community can police itself and generally speaking, it will. The other side of the coin is that if you are using open source, you have to be vigilant yourself. You can’t just assume the community is doing all these things for you.
In India, bring-your-own-device is not garnering momentum. Most corporate cite security issues?
If organisations feel they need to separate employee devices from their own devices, it’s okay. There is protection available. At Intel Security, we offer anti-malware for most devices for free. So, anyone can download free mobile anti-malware from Intel Security and protect themselves. And, that is just the first step. Over time, technology will be available to partition consumer environment versus the enterprise environment.
Apart from phishing, major incidents such as airline crashes, celebrity deaths among others are used as baits. How do you protect from these kinds of attacks?
We don’t go out and tell the Internet service providers to shut down that site or shut down that link, we will just block it for the user so that we can protect them against malicious software. Or, if the user clicks on the site, and if the malware tries to identify the executor and install itself on the machine, we will stop that from happening. So, that is how they are protected and they didn’t know it.