Wednesday, 27 September 2017

Quick Heal Technologies Ltd: Don't loose the Faith So Quick-2nd Part

In my recent post on quick Heal technologies (click here), I opined that Indian Government would prefer India made cyber security products as the same would ensure that source code and servers remain in our control. Most importantly, Govt can control and direct Indian companies but our Govt will have minimum operating leverage over foreign companies. This is one area where the scope for negligence is minimum as the results of any breach will be catastrophic. So I have always felt that for critical infrastructure and defense, Indian Govt should prefer local products if they meet the required standards.

And our Govt has just done this. The Ministry of Electronics and Information Technology (MeitY) has issued a draft notification that preference shall be provided by all procuring entities to domestically manufactured/ produced Cyber Security Products. Although the notification has referred the June-17 notification of Department of Industrial Policy and Promotion (DIPP) to encourage ‘Make in India’ to enhance income and employment but I am sure the main consideration is the risk of putting India’s cyber security in the hands of foreign entities who may have least regard for integrity and safety of India and so any backdoor breach of trust by these will be devastating.

The mainstay of the notification is the emphasis on the Indian-ness of the cyber security product. Notification has mentioned that in order to be treated as “Local Supplier” the revenue from “Intellectual Property (IP)” licensing should accrue to the company incorporated and registered in India. So the focus is on IP creation which is the essence of make in India. It has further provided that the companies should satisfy the following conditions of IP ownership:

(a) Use and commercialize without third party consents; and
(b) Distribute; and 
(c) Modify  

Following are the links to the news and Draft Notification:

So I think this is a big news for Quick Heal Technologies as it satisfies all the above conditions. Quick Heal has already partnered with Cert-In for India’s unique first of its kind Botnet removal initiative.

Quick Heal bot removal tool-A good branding and marketing exercise

In order to tackle the critical situation of Botnet malware in India, IT Ministry has launched the Cyber Swachhta Kendra. The Botnet Cleaning and Malware Analysis Centre has been launched along the lines of the National Cyber Security Policy of India, and is a step to create a safe and secure cyber eco system in India. The centre is operated by the Indian Computer Emergency Response Team (CERT-In) which operates under the Ministry of Electronics and Information Technology, Government of India. Users affected by Botnet malware can find the information and tools necessary to secure their devices.

The bot removal tool has been developed by Quick Heal in collaboration with the Cyber Swacchta Kendra and the affected user is advised to cure his device by using free Quick Heal bot removal tool. I think this is a master step by Quick Heal to extend its reach and Brand Strength along with establishing a strong reputation and relationships with Indian Government.

Bots are malware that form networks known as botnet which are used by cyber criminals in the dark web for all type of darkness like executing dedicated denial of service (DDoS) attacks and sending out spam emails. India ranks ninth in the world when it comes to the origin of spam emails by volume. The entity controlling the botnet known as botherder can use the networks of botnet to send malicious instruction to the main server which in turn issues instructions to all the botnet in the networks.

One of the botnets active in India, Mirai, was responsible for the partial takedown of multiple services, affecting users from Britain to Germany. The Mirai-botnet attack on Dyn used 150,000 devices to generate 500GB/s of data. Estimates are that ten times that number of devices are infected. Two weeks after the Dyn attack, another one that reportedly had twice the amount data traffic knocked Liberia’s Internet offline for brief periods. Security researchers speculate that whoever was responsible was testing out their capabilities. The worrying part is that anyone can carry out this type of attack. According to a post on Slashdot, renting around 50,000 bots costs between $3,000-$4,000 for 2 weeks.  This has significant implications for Indians. The average amount of Internet traffic in India at any time is near 55GB/s and peaks well below 100GB/s.

Cyber threats are getting bigger and harsh

Thieves no longer require reaching and breaking your home security as they can use our online security weakness anytime for theft. And they have become very smart. You know what was the weapon of hackers of Wannacry ransomware? It was Microsoft's Windows XP operating system…you may be surprised but this is the fact. Hackers used a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream tech support by the US giant. And since Microsoft was not providing any technical support the holes were open for hackers.

Wannacry affected at least 200,000 computers in 150 countries, including India, described as the largest ever of its kind. The WanaCrypt encrypts data on a computer within seconds and displays a message asking the user to pay a ransom of $ 300 in Bitcoins to restore access to the device and the data inside.

Alarmingly, the attack also hit the National Health Service of the United Kingdom, stalling surgeries and other critical patient care activity across the British Isles, and making confidential patient information and documents inaccessible.

On the same lines although the support for Windows 7 was discontinued in 2015 itself, more than 60 percent of Windows users in India, are still using the ancient Windows 7 operating system. 7 percent of the population still continues to use Windows Xp, including many banking ATM machines!!! India has an alarming situation when it comes to cyber security. We tend to use ridiculously old devices, well beyond the software support life cycles of the product.

Adobe Flash has a huge number of vulnerabilities, so cyber criminals target it in the majority of their attacks. By using these security holes in Flash, attackers can infect your computer with ransomware. Oracle Java, Adobe Reader or Adobe Flash is present on 99% of computers. That means that 99% of computer users are vulnerable to exploit kits (software vulnerabilities).

MyDoom is considered to be the most expensive virus in the world and in cyber security history, having caused an estimated financial damage of $38.5 billion!

One of these essential facts is the estimated annual cost for cyber crime committed globally which has added up to 100 billion dollars! And don’t think that all that money comes from hackers targeting corporations, banks or wealthy celebrities. Individual users like you and me are also targets. But many firms opt to pay the ransom in silence and nothing comes in public as they see the outbreak of the news as big blow to their reputation. But to some extent they are not wrong in their thinking because if we come to know that the website of IRCTC is not secure then we may hesitate or fear from using it.

Apart from such malware, organizations worldwide face the risk of loss of customer data. Target, one of the largest retailers in the US, had 80 million customer data records stolen from them in December 2013. This breach has cost Target $291 million. Target breach started when the password of one of their heating-cooling vendor was compromised.

Cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago!!

So as shared in the earlier post also, the cyber security risks are huge and nobody (leave alone big companies or Government bodies) can afford to ignore this.

Cyber Insurance can be the next big thing

As I have shared from time to time about high growth prospectus of general insurance sector in India. I think Cyber Insurance can be the next big thing in India. Because although cyber risk is acknowledged as a critical threat to business today, the investments on cyber insurance remains small. The global cyber insurance market is estimated at $4 billion and should grow to $20 billion by 2025. The Indian cyber insurance market stands around 50 cr currently and should see huge growth in the future. At present after the recent attacks on debit/credit cards banks are running for this. 

Cyber insurance players include New India, National, ICICI Lombard, Tata AIG, HDFC Ergo and Bajaj Allianz.

Quick Heal: Capable to win the race

Quick heal has developed its very own behavior based anti-virus technology named Dna Scan. Behavior based anti-virus technology is a great example of Artificial intelligence where the anti-virus software work by observing how files and programs actually run, rather than by emulating them. The anti-virus tools seek to identify malware by watching for abnormal or suspicious behavior, such as the sending out of multiple emails, modifying or observing keystrokes, attempting to alter hosts files, generating autorun.inf files on network drives or removable media, or unpacking malicious code.

So with Behavior based anti-virus it’s possible to identify malware that was previously sitting undetected on a protected system.

Signature-based detection mechanisms were central to the operation of the earliest anti-virus systems and are still an integral part of many. But this method can’t detect malicious files for which no signatures have been recorded, or whose signatures are continually changing like in the case of polymorphic viruses (which constantly mutate to throw off signature-based detection). Anti-virus suites based on signature detection are only as powerful as their current database, which is why they need to be updated so often. On the client machine where the anti-virus software is installed, this typically requires a lot of disk space, and a fair amount of processing power.

So I think there is no doubt about the capabilities of Quick Heal. Recently, QH scores 100% detection for Android (click here for news). It was also among the top 6 in AV-Test's sep-2016 review for Windows home user (Click here for news). Also Quick Heal’s recent focus on branding will surely bear the fruits as I always feel that small Indian business houses may prefer Quick Heal due to its reach and its capability to offer solutions and technical/crisis support in local language. Quick Heal has unleashed strong media campaign to create brand and product awareness and it is visible across genre like Cricket (IPL) and recently on KBC (Kaun Banega Crorepati).

These days are tough for IT sector professionals due to changing business scenarios amid high competition and the fear of automation taking over many IT sector related jobs. But I always feel that Cyber security will always remain human and scope of automation is negligible. That’s why I am advising so many of my IT sector friends to focus on Cyber-security as next big thing…and I think we can think of the same in the stock market too.

May turnout to be a great pick at CMP of 180.

(Views are personal and should not be taken as a recommendation for buying or selling a stock. Stock markets are inherently risky so kindly do your Due Diligence before investing. I am not a certified Sebi Analyst and holding the shares discussed in this Post)

No comments:

Post a Comment