Investment in cyber security is need of the hour for E-comm

cyber securityAs our online lives are continuing to expand, from transactions to bill payments, to important personal communications, so is the threat to data integrity and privacy. With some recent high profile international breaches, cyber security has become a pain point for business and governments alike. Our challenge as information security and digital forensics experts is to stay one step ahead, with newer forms of threats emerging every day.

One of the cases I remember from the early days in my career was that of a pharmaceutical client. The company had sent their NEFT details to a vendor for some payments transfer. However, by the time the email reached the vendor, the NEFT details were modified. Further investigation proved the presence of malware which was communicating with a server in China. While this particular case may be considered particularly challenging for your average consumer, truth is that almost 90% of cybercrimes can be prevented by simply being more aware and following the most basic cyber security practices. However, I have found both to be severely lacking, both at an individual and institutional level.

Cyber Security Mechanisms at Snapdeal
At Snapdeal, we are committed to providing secure platforms to our consumers and employees alike. Some of the measures we undertake to ensure this include:

  1. On-going monitoring and improvement of our systems to ensure stronger encryption, multi-factor authentication, and data protection during transit, work seamlessly 24/7/365 with no downtime.
  2. Every single software release is rigorously tested on key security parameters to ensure there is no information leak. Separate teams work on our mobile and web products to ensure complete coverage
  3. We regularly release advisories for our employees as well as our sellers on any expected threats, or malwares going around, ways to stay protected and, restoration options, in case infected.
  4. Customer, employee, and seller awareness sessions are conducted on an ongoing basis. While this sounds rather simplistic, we find the most security awareness lacking even in the savviest of Snapdeal users.
  5. We also get frequent checks conducted from expert external security agencies

    Want to be a cyber-security professional?
    — Cyber security professionals need ace programming skills, ensure your expertise.
    — Be part of open source communities to stay updated.Null is the biggest Indian
    cyber-security platform, with active chapters in each major Indian city.
    — Practice as much as you can, be prepared to learn, un-learn and re-learn every
    — Follow key industry blogs, participate in forums and training events like  Nullcon,
    c0c0n, DSCI, Hakon

The Road Ahead for Information Security professionals in India
As a field, Information Security has simply exploded and will continue to do so in the coming years. Digital Forensics is here to stay. Very soon, all major cities will have a Digital Forensics Lab set up by government. Many state police departments have already established state of the art forensics cyber labs. Businesses are also investing serious monies in building robust security programs. The big concern however is a woeful lack of seasoned professionals in this domain. According to some estimates India currently has only about 50,000 Information Security experts, while the actual need is expected to grow beyond one million by 2020.

To meet this demand, the Indian education system needs a major overhaul. Structured programs need to be introduced; currently most initiatives are more ad-hoc and of a learn-on-the-job nature. Recently however Nasscom has tied up with Symantec to develop certification programs for information security professionals. Likewise, the Data Security Council of India and the Sector Skill Council are working towards creating an extensive cyber security training program. But when and how these programs will reach our universities is yet to be seen.

Pin it

Varun Nair is a part of the Information Security division at Snapdeal. He has core interests in Forensics and Malware Analysis. Prior to joining Snapdeal, he has worked closely on information security with leading multi-media, telecom, and tech-start-up companies.

Back to top