A:The kind of intrusions and hacking that we are talking about is already happening in the Western countries. In India, customers lack the confidence in carrying out online banking as they think that the medium is still not secure. This is the reason that the online attacks in banking are lesser in India and not because the IT systems are secure. So we can say that India is safe today because online transactions in India are not in great numbers as of now. But as banks evolve by providing safer and secured platforms to consumers, and as more customers start banking online, hackers will surely direct their attacks on such systems. Take the example of Brazil - a country with one of the highest number of online bankers in the world. But it is also the place where the highest number of security breaches take place. This is because it is a challenge  for hackers to break into the systems of such banks that has a large number of online users. The other clear motive fot the hackers is money. However, in the next two to three years, as banks in India cut down on paper and as more users start transacting online, we will see hackers diverting their attention towards India.

A:There is a huge disconnect between the technology implemented within banking enterprises and the kind of services that they provide to their external customers. There are two areas where security comes into action. The first is security within an organisation (for internal users) and the other is security for customers (external users). Employees can misuse or steal the data due to various factors and we have seen many instances where such instances have taken place. Now these employees have access to all the customer data. So banks need to conduct audits on a continous basis to ensure that customer data is safeguarded. This is one of the best ways to ensure that the internal employees of a banking organisation do not commit crime. The customers on the other hand access a bank’s system to avail services. Many banks have introduced ‘two-factor authentication’ to verify  the credentials of their customers. These are some of the important things that banks have initiated to increase customer confidence but there is still a lot to be done. For example, if we look in the US, we will not find banks sending out advertising emailers to customers. It is primarily because this medium is also used by hackers. How do you expect a customer to differentiate between an email sent by the bank or by a hacker? In India, there are some banking organisations who on one hand educate their customers not to open these mails and on the other hand they themselves send such advertising mails. We have intercepted many genuine mailers from banks thinking that they could be phishing attacks. We end up blocking at least 20 percent genuine mailers sent by the bank themselves. So in this case, these banks are breaking the rules to engage customers and this is a wrong way of doing business. Banks in the US and the Europe do not follow this kind of pattern. In order to advertise to the customer, they use a third-party provider and do not carry out these messaging by themselves. In India, most of the banks do not follow this method. These are practices that needs to be corrected by the banking enterprises and I am surprised why this is not yet happening. This kind of callous behaviour will only harm the image of the banks. We, as information security providers, offer technology solutions to protect from grave security threats but if this is what some banks continue to practice, we can just watch them go down.

A:(Laughs and takes a pause) Well, I will not comment on the report but I will surely say that we invest a lot of time, efforts and money in research and development of the security products that we offer to the end users. We should understand that it takes a lot of effort to protect a fool, but it takes a lesser effort to protect a smart guy. I know of a few cases wherein the enterprises have not patched their systems for the last four years. When I asked them, they had no convincing answer. Either they did not have the tools or they did not have a proper mechanism to audit  what is happening inside their networks. When such a thing happens, any amount of money that a security product/service company pours into research and development goes waste. I again refer to the example of banks sending mailers to their customers before.

A:Security is one of the most evolving fields as far as technology is concerned. On its own, security does not play any role, but it is always linked up to the emerging devices, technologies, interfaces and protocols. Social networking has emerged as a medium that can reach out to a huge number of users and so there are people who want this medium to remain as porous and insecure as possible. We have already seen instances of Twitter and Facebook attacks. Few years back, the only threats that we faced were in the form of virus or worms as far as the end-point devices were concerned and we had intrusions on the periphery of the corporate network that connected to the Internet. So a firewall and an anti virus solution sufficed the need to protect corporate data. But over a period of time as the Internet has evolved, the security landscape has also evolved drastically. Today every device that you carry (like like mobile phones and laptops) has the function to store and communicate data. They become potential targets for hackers. So enterprises can no longer look at protecting just the servers or workstations. With the growing number of devices, the security cloud has become larger, complex and difficult to monitor and protect. We are already seeing the movement of PCs giving way to thin clients or virtual desktops. Virtualisation is one area that will have a significant impact and influence the security landscape in the coming years. ashwani.mishra@9dot9.in