What key security trends you would like to highlight that influenced the Indian endpoint security market in 2015?
Altaf Halde: When we started the financial year 2015, our detection rate was nearly 3,25,000 threats on a daily basis. The threat figures have certainly gone up. Most of the cyber crimes happened in the country had some financial aspects. We witnessed a lot of incidents of financial embezzlement and frauds in online transactions. We also witnessed the mobile security gaining importance among the users in 2015. Kaspersky observed that a lot of people downloading applications for security on smart phones, tablets and mobile devices. But these were all bundled versions or trial versions which come with the new hardware. There were very less people who actually paid money to get a full version of anti-virus. However, the good thing is that people have now started thinking about the weakest link in our computing environment and that is smart phones.
The high profile cyber threats such as Heartbleed, Shellshock, POODLE and Cryptolocker not only created havoc in thousands of organizations in 2015, but exposed vulnerability and lack of preparedness of enterprises. What has been the impact of these malware/ viruses on the Indian enterprises?
Altaf Halde: The Cryptolocker malware or the Cryptolocker variant has the maximum number of impacts on companies and individuals. Cryptolocker has affected not only the laptops and computers, but the smart phones. We have come across the incidence where Cryptolocker variant has corrupted the data on a smart phones and hackers demanded ransom to decrypt it. From India perspective, we have come across incidents where a lot of people have been affected by Cryptolocker, despite of using best anti-virus.
People store personal or confidential information on the laptop. Most of the times they do not patch their machine with the latest Microsoft updates or Java updates. Secondly, the antivirus product they use doesn’t update on a regular basis. The authors of the Cryptolocker kind of malware are always on the lookout for machines and users who have compromised the devices. So, they find out the weakest link and infect the device with a malware. The Malware writers of Cryptolocker etc. are getting smarter and in such cases education becomes very important.
Cyber incidents have not only risen sharply in 2015, but also lean more towards cyber crimes with financial motives. What are the implications of crimes like Corporate espionage, Man in the Middle attacks and illegal use of bitcoins on the enterprises?
Altaf Halde: We came across one malware called ‘DarkHotel’ which targets C level executives in the countries like India because they are the easiest to target. The C Suite executives sometimes ask some kind of security bypass from the security policies of the organization. Therefore, they are more susceptible to these kinds of attacks. The writers of DarkHotel malware give a screen which looks like a normal hotel screen to the C level executive when he checks in particular hotel. The person is asked to enter the details and once he provides all the information the hacker steals the information. It is one of the examples of ‘Man in the Middle attacks’ which targets top executives of large enterprises. Similarly, the Cryptolocker payments are happening through bitcoins. The bitcoins are going to be used by all the bad guys because they don’t want to come on the radar of official financial transactions.
According to the recent report of KPMG on Cyber security scenario in India, more than 50 percent of cyber crimes go unreported. Do you think that under reporting of cyber attacks are increasing complexity of cyber crimes?
Altaf Halde: People don’t report because they do not want to compromise their dignity in the society. The data security laws are very strict, in the western countries. There, whenever any kind of scam happens, even the small things like the loss of a laptop, they have to advertise it. Unfortunately, it is not happening in India. Many companies buy the anti-virus license to show to the auditors, but they don’t actually install it. We will not follow such things, till there are compliances in place. There should be an authority in the country which will take care of such kind of compliances.
How Kaspersky is sensitizing end users and enterprises on these advanced cyber threats? What security solutions you have introduced to combat cyber criminals?
Altaf Halde: We have both proactive and reactive methods to address the cyber security issue. First, I will talk about the reactive method. In reactive method, if anybody in the world gets infected by malware or virus he sends the sample to Kaspersky. Kaspersky checks it for a virus and update it as a new update signature for a particular virus. Our software has got the capability of looking out for polymorphic virus. We have an encryption tool and if the device gets stolen no one can encrypt the data.
Secondly, we have Kaspersky security network. Whenever, any person logs into it, he becomes the part of the entire Kaspersky Security Network. So, once we detect any virus, it does not only update the person, but sends updates to all the Kaspersky security network members. So, if the virus is being detected in US the person sitting in Mumbai gets its update proactively.
The third one is that we make sure that our users are educated and aware on what is happening in the cyber world. We have got our own internal mechanism where we send out regular newsletters to students and people.
Kaspersky is betting big on the Smart Cities and Digital India initiatives by the Government of India. What will be your pitch to take Kaspersky security solutions to government bodies, industries and organizations?
Altaf Halde: We started speaking to all the government authorities eight months back. Surprisingly, the security for smart cities for these government officials was restricted only to Wi-Fi security. The easiest way to get the smart city down is not attacking the Wi-Fi or CCTV system. A hacker may attack the power mechanism to put the smart city down. We have come across the incidences where power grids have been hacked. Therefore, we have brought a solution called Critical Infrastructure Protection (CIP) which is applicable to all industries. In fact a month back, we managed to get the rate contract for Directorate General of Supplies & Disposals. So, once we have our product empanel in that, the central and state government authorities will be free to buy the software without going for a tender process. This strategic partnership has opened up doors for us and going forward, we will use this as our biggest tool to approach the government agencies.
According to market reports, Kaspersky has decided to enter into a strategic partnership with a listed business management firm in India to sell it the ‘critical infrastructure prevention (CIP) Suite. Please provide more information about this partnership.
Altaf Halde: I will not be able to provide more information on this partnership at a moment as we are in the process of finalizing the agreement with the organization. It is the only company which has set up a critical infrastructure division and we will provide them solutions. It will be a consultancy kind of approach.
How was the FY 2015 for Kaspersky in terms of growth and expansion? What will be your key focus areas in the FY 2016?
Altaf Halde: The FY 2015 was very good for Kaspersky in terms of business in India. We managed to achieve double digit growth in both the consumer and enterprise segment. We have seen a very high jump happening in the enterprise segment and the growth has been over thousand users. One of the reasons for this growth is that customers who have been using traditional endpoint security products are now looking out for other options as well. Enterprise segment will be our focus area in 2016 not only in India but in the entire South Asia region. At the same time, mobile security will be our biggest contributor in the business. We want to get into the threat intelligence services and, therefore, we may look out for new partners who are in the service business. We are also planning to increase our staff in 2016.