Hackers — allegedly belonging to the Chinese group, Evil Shadow Team — recently struck at www.microsoftstore.co.in, stealing login ids and passwords of people who had used the website for shopping for Microsoft products. But, though this may be a frightening scenario for large IT companies like Microsoft or indeed political parties, it is an opportunity for 24-year-old Sunny Vaghela.
An ethical hacker himself, Vaghela is an “information security and cyber crime consultant” and has assisted nine state police departments in solving complex cyber crime cases. A graduate from Nirma University, the young professional runs Tech Defence, a start-up serving Indian and international markets.
Burgeoning cyber crime cases show that digital nations like India need to secure their critical assets due to the increasing interdependency in the global digital arena. Symantec’s Internet Security Threat Report XVI states that an average of 2,60,000 identities were exposed per data breach in 2010. India ranked sixth for overall malicious activity and second for malicious code (any programming code capable of causing harm to legitimate data) globally in 2010, with six of the top 10 worms that are powerful enough to disable security processes in the country.
“There is specific need for specialised talent in every domain related to security. Even the USA estimates to have only about 1,000 qualified people compared to a force of 20,000 to 30,000 skilled experts. Similar estimations aren’t carried out in India yet but we are well short of what we can call ‘adequacy’ in skilled manpower of cyber security professionals,” says Dr Kamlesh Bajaj, CEO, Data Security Council of India of NASSCOM.
For India this surely spells opportunities for its students. “With increased compliances focusing on cyber security that have been mandated by the Indian cyberlaw, companies are now looking to employ more cyber security professionals. All institutions and industries dealing with sensitive personal data or information, including banking, financial, insurance and healthcare are depending on these professionals to save their systems,” says Pavan Duggal, an advocate at the Supreme Court of India and president of Cyberlaw Asia.
For those keen to join exotic clubs like cyber forensics or cyber law, courses such as the Information Security Education & Awareness (ISEA) Program of DIT are underway to train over 30,000 security professionals through different programmes.
The need for cyber warriors shouldn’t be linked to the emergence of cyber criminals, says Dr Bajaj. “Cyber warriors as part of a cyber army are required to play both offence and defence. Offensive and defensive capabilities both go hand in hand — without working on offence, it may not be possible to have a sound defence. These warriors must preferably be part of agencies that are controllable, for example, intelligence and military, with ownership of every action,” he adds.
For Vaghela too, cyber security is a domain that can be drilled down to a very granular level. It requires dedicated skills, a deep understanding of domain, technical competency, usage of tools and updates from global counterparts. “This is one sector where one needn’t have years of experience, but just a passion to decode things. By the end of a hack, you actually feel like a warrior on a hunt,” he sums up.