A cyber attack may happen within 20 days of detection of a breach in security or in hardware and it often takes nearly 200 days to upgrade the systems in the traditional set-up. This could have been done on the first day itself. And, this is where French company Thales with its specialised expertise in cyber security can come in. Identify the loopholes and take corrective action, says Marc Darmon, Executive Vice-President of Secure Communications and Information Systems at Thales.

Thales that caters to both defence and civil sectors is looking to grow its presence in India. Apart from defence, the four other verticals the company operates include space, aeronautics, ground transportation, security (including cyber security).

In an interview to BusinessLine, Darmon talks about the company’s India strategy with regard to cyber security and privacy issues. Edited excerpts:

What’s your strategy on India when it comes to digital security?

We have a very strong base. And with the 150-odd people from Guavus (a real-time big data processing company that Thales acquired), we have a data analytics platform. And, as you know data analytics forms the basis of cyber security as it allows detection of abnormal behaviour or threats.

As a business, we limit our cyber security offerings to wares we sell in India. By that I mean when we sell signalling systems to an Indian mainline or Metro Railway, we use cyber security in it a key element of our offer. But, so far, we do not address Indian companies directly to sell cyber security solutions to them. We sell only through Thales’ systems.

Why have you stayed away from direct selling of cyber security solutions to Indian companies?

India is huge market, but there are a lot of Indian companies already present in this segment.

Our cyber security business is two-fold. One is to corporations and that is only €1.5 billion; and there is also key technology that is a part of what Thales’ is doing, a part of its air traffic management systems and so on. In the case of India, we didn’t feel the need to address Indian corporations directly. It could be a partnership with Indian companies.

However, if you see (verticals like) air traffic management, defence and so on, then our cyber security solutions are already present.

So do you intend to sell standalone cyber security solutions any time soon?

Not in the very short term.

Today’s discussion on cyber security also covers third party applications that gain access to user data or breach of privacy issues. What is your take and can Thales work in preventing that?

Where data is compromised, we have a team of people who are like ghostbusters. They probe the causes of the leak and try and take preventive action. They also determine how safe the systems are, part by part. But, this is in case of a general attack.

When there is a compromise or a set of leakages, our approach is different. There is nothing to correct. Everything is working well. So what we do is redefine the security policy.

In these cases we try and determine what is the data that needs to be protected, who has access to what and what type of protections are needed. This then becomes a business of expertise and we can look at selling solutions related to encryption, diodes, software and hardware.

(The correspondent was in Paris recently at the invitation of Thales)