In my
recent post on quick Heal technologies (click here), I opined that Indian Government would
prefer India made cyber security products as the same would ensure that source
code and servers remain in our control. Most importantly, Govt can control and
direct Indian companies but our Govt will have minimum operating leverage over
foreign companies. This is one area where the scope for negligence is minimum
as the results of any breach will be catastrophic. So I have always felt that
for critical infrastructure and defense, Indian Govt should prefer local
products if they meet the required standards.
And our
Govt has just done this. The Ministry of Electronics and Information Technology
(MeitY) has issued a draft notification that preference shall be provided by all
procuring entities to domestically manufactured/ produced Cyber Security
Products. Although the notification has referred the June-17 notification of Department
of Industrial Policy and Promotion (DIPP) to encourage ‘Make in India’ to
enhance income and employment but I am sure the main consideration is the risk
of putting India’s cyber security in the hands of foreign entities who may have
least regard for integrity and safety of India and so any backdoor breach of
trust by these will be devastating.
The
mainstay of the notification is the emphasis on the Indian-ness of the cyber
security product. Notification has mentioned that in order to be treated as “Local
Supplier” the revenue from “Intellectual Property (IP)” licensing should accrue
to the company incorporated and registered in India. So the focus is on IP
creation which is the essence of make in India. It has further provided that
the companies should satisfy the following conditions of IP ownership:
(a) Use and
commercialize without third party consents; and
(b)
Distribute; and
(c)
Modify
Following
are the links to the news and Draft Notification:
So I think
this is a big news for Quick Heal Technologies as it satisfies all the above
conditions. Quick Heal has already partnered with Cert-In for India’s unique
first of its kind Botnet removal initiative.
Quick Heal bot removal
tool-A good branding and marketing exercise
In order to
tackle the critical situation of Botnet malware in India, IT Ministry has
launched the Cyber Swachhta Kendra. The Botnet Cleaning and Malware Analysis
Centre has been launched along the lines of the National Cyber Security Policy
of India, and is a step to create a safe and secure cyber eco system in India. The
centre is operated by the Indian Computer Emergency Response Team (CERT-In)
which operates under the Ministry of Electronics and Information Technology,
Government of India. Users affected by Botnet malware can find the information
and tools necessary to secure their devices.
The
bot removal tool has been developed by Quick Heal in collaboration with the
Cyber Swacchta Kendra and the affected user is advised to cure his device by
using free Quick Heal bot removal tool. I think this is a master step by Quick
Heal to extend its reach and Brand Strength along with establishing a strong
reputation and relationships with Indian Government.
Bots are
malware that form networks known as botnet which are used by cyber criminals in
the dark web for all type of darkness like executing dedicated denial of
service (DDoS) attacks and sending out spam emails. India ranks ninth in the
world when it comes to the origin of spam emails by volume. The entity
controlling the botnet known as botherder can use the networks of botnet to
send malicious instruction to the main server which in turn issues instructions
to all the botnet in the networks.
One of the
botnets active in India, Mirai, was responsible for the partial takedown of
multiple services, affecting users from Britain to Germany. The Mirai-botnet
attack on Dyn used 150,000 devices to generate 500GB/s of data. Estimates are
that ten times that number of devices are infected. Two weeks after the Dyn
attack, another one that reportedly had twice the amount data traffic knocked
Liberia’s Internet offline for brief periods. Security researchers speculate
that whoever was responsible was testing out their capabilities. The worrying
part is that anyone can carry out this type of attack. According to a post on
Slashdot, renting around 50,000 bots costs between $3,000-$4,000 for 2
weeks. This has significant implications
for Indians. The average amount of Internet traffic in India at any time is
near 55GB/s and peaks well below 100GB/s.
Cyber threats are getting bigger and harsh
Thieves no longer require reaching
and breaking your home security as they can use our online security weakness
anytime for theft. And they have become very smart. You know what was the
weapon of hackers of Wannacry ransomware? It was Microsoft's Windows XP
operating system…you may be surprised but this is the fact. Hackers used a security
flaw in Microsoft's Windows XP operating system, an older version that was no
longer given mainstream tech support by the US giant. And since Microsoft was
not providing any technical support the holes were open for hackers.
Wannacry affected at least 200,000
computers in 150 countries, including India, described as the largest ever of
its kind. The WanaCrypt encrypts data on a computer within seconds and displays
a message asking the user to pay a ransom of $ 300 in Bitcoins to restore
access to the device and the data inside.
Alarmingly, the attack also hit the
National Health Service of the United Kingdom, stalling surgeries and other
critical patient care activity across the British Isles, and making
confidential patient information and documents inaccessible.
On the same lines although
the support for Windows 7 was discontinued in 2015 itself, more than 60 percent
of Windows users in India, are still using the ancient Windows 7 operating
system. 7 percent of the population still continues to use Windows Xp, including
many banking ATM machines!!! India has an alarming situation when it comes to
cyber security. We tend to use ridiculously old devices, well beyond the
software support life cycles of the product.
Adobe Flash has a huge number of
vulnerabilities, so cyber criminals target it in the majority of their attacks.
By using these security holes in Flash, attackers can infect your computer with
ransomware. Oracle Java, Adobe Reader or Adobe Flash is present on 99% of
computers. That means that 99% of computer users are vulnerable to exploit kits
(software vulnerabilities).
MyDoom is considered to be the most
expensive virus in the world and in cyber security history, having caused an
estimated financial damage of $38.5 billion!
One of these essential facts is the
estimated annual cost for cyber crime committed globally which has added up to
100 billion dollars! And don’t think that all that money comes from hackers
targeting corporations, banks or wealthy celebrities. Individual users like you
and me are also targets. But many firms opt to pay the ransom in silence and
nothing comes in public as they see the outbreak of the news as big blow to
their reputation. But to some extent they are not wrong in their thinking
because if we come to know that the website of IRCTC is not secure then we may hesitate
or fear from using it.
Apart from such malware,
organizations worldwide face the risk of loss of customer data. Target, one of
the largest retailers in the US, had 80 million customer data records stolen
from them in December 2013. This breach has cost Target $291 million. Target
breach started when the password of one of their heating-cooling vendor was
compromised.
Cyber security market estimated at
$120 billion this year, more than 30 times its size just over a decade ago!!
So as shared in the earlier post
also, the cyber security risks are huge and nobody (leave alone big companies
or Government bodies) can afford to ignore this.
Cyber Insurance can
be the next big thing
As I have shared from time to time
about high growth prospectus of general insurance sector in India. I think
Cyber Insurance can be the next big thing in India. Because although cyber risk
is acknowledged as a critical threat to business today, the investments on
cyber insurance remains small. The global cyber insurance market is estimated
at $4 billion and should grow to $20 billion by 2025. The Indian cyber
insurance market stands around 50 cr currently and should see huge growth in
the future. At present after the recent attacks on debit/credit cards banks are
running for this.
Cyber insurance players include New
India, National, ICICI Lombard, Tata AIG, HDFC Ergo and Bajaj Allianz.
Quick Heal: Capable
to win the race
Quick heal has developed its very own
behavior based anti-virus technology named Dna Scan. Behavior based anti-virus
technology is a great example of Artificial intelligence where the anti-virus software
work by observing how files and programs actually run, rather than by emulating
them. The anti-virus tools seek to identify malware by watching for abnormal or
suspicious behavior, such as the sending out of multiple emails, modifying or
observing keystrokes, attempting to alter hosts files, generating autorun.inf
files on network drives or removable media, or unpacking malicious code.
So with Behavior based anti-virus it’s
possible to identify malware that was previously sitting undetected on a
protected system.
Signature-based detection mechanisms
were central to the operation of the earliest anti-virus systems and are still
an integral part of many. But this method can’t detect malicious files for
which no signatures have been recorded, or whose signatures are continually
changing like in the case of polymorphic viruses (which constantly mutate to
throw off signature-based detection). Anti-virus suites based on signature
detection are only as powerful as their current database, which is why they
need to be updated so often. On the client machine where the anti-virus
software is installed, this typically requires a lot of disk space, and a fair
amount of processing power.
So I think there is no doubt about
the capabilities of Quick Heal. Recently, QH scores 100% detection for Android (click here for news). It was also among the top 6 in AV-Test's sep-2016 review for Windows home user (Click here for news). Also Quick Heal’s recent focus on branding will
surely bear the fruits as I always feel that small Indian business houses may
prefer Quick Heal due to its reach and its capability to offer solutions and technical/crisis
support in local language. Quick Heal has unleashed strong media campaign to create brand and product awareness and it is visible across genre like Cricket (IPL) and recently on KBC (Kaun Banega Crorepati).
These days are tough for IT sector
professionals due to changing business scenarios amid high competition and the
fear of automation taking over many IT sector related jobs. But I always feel
that Cyber security will always remain human and scope of automation is
negligible. That’s why I am advising so many of my IT sector friends to focus
on Cyber-security as next big thing…and I think we can think of the same in the
stock market too.
May turnout to be a great pick at CMP
of 180.
(Views
are personal and should not be taken as a recommendation for buying or
selling a stock. Stock markets are inherently risky so kindly do your
Due Diligence before investing. I am not a certified Sebi Analyst and
holding the shares discussed in this Post)