Top

Bug-bounty programmes hold key to India's cyber-security setback

The country's cyber-crime rate has gone through the roof as it ranks fifth in the list of countries vulnerable to advanced cyber attacks.

Mumbai: Over the past few years, Indian companies including financial institutions and business enterprises have fallen prey to varied cyber-security attacks, leading to major monetary losses.

According to a Kaspersky Lab report, the country’s cyber-crime rate has gone through the roof and currently ranks fifth in the list of countries most vulnerable to advanced cyber attacks.

Apart from financial institutions such as banks and finance centres, government websites have also become a prime target for hackers.

One of the main reasons for these frequent as cited by security professionals can be attributed to laxity on part of these companies to constantly update their network security infrastructure.

Though foreign companies have encountered similar problems, they have applied an intelligent mechanism in form of bug bounty programmes—open to all—to identify and deal with looming threats.

However, companies in India have always been ignorant towards their security infrastructure, leaving large fissures in their security system.

To add to their woes, Bug Bounty programmes have also witnessed weak adoption in India, leading to more attacks.

While Indian companies have been reluctant, foreign entities such as Facebook and Twitter have successfully managed to lure in Indian hackers and bounty hunters.

In an earlier conversation with Deccan Chronicle, a 26-year-old ethical hobby-hacker Prashanth Bhola pointed out that companies in India still have a pessimistic approach towards the concept.

Bhola said that the scope for bug hunting in India is very less and only companies like PayTM have started following the footsteps of foreign companies such as Facebook.

In case of larger firms, Bhola said," If you are reporting a bug or loophole, there is a chance that you will be termed as a cyber-criminal. Many hackers simply do not report loopholes for just the fear of getting into legal troubles."

A Bangalore-based entrepreneur and certified ethical hacker Arnav Georgian explained that Indian companies have not yet come to grips with the concept of such programmes.

Georgian said, “Western companies have realized the importance of security while most of the Indian companies still don’t.”

Symantec’s India Managing Director Shrikant Shitole explained that Indian companies need to increase vigilance and security activity to curb these attacks.

“Enterprises are still coming to terms with the fact that a simple hack could cost them millions including their reputation, and most often they do not possess the expertise and resources to combat IT vulnerabilities,” he added.

( Source : Deccan Chronicle. )
Next Story