» Business » Ethical hackers plug into growing demand from India Inc

Ethical hackers plug into growing demand from India Inc

By Priyanka Joshi in Mumbai
May 26, 2008 08:40 IST
Get Rediff News in your Inbox:

Raghu Raman knows all the tricks that hackers employ. He can talk his way into secure buildings, exploit holes in Internet security or gaps in internal company systems to grab control of computers.

Raman's hacking expertise is much in demand -- and not from criminal elements. Indian firms and multinationals like ABN Amro Bank, Aditya Birla Group, Bank of Maharashtra, Bombay Dyeing, HSBC, ICICI Bank, Indiabulls, Centurion BOP, Citibank, India Infoline, Ispat Industries and Kotak Group proactively seek his services.

Raman categorises himself as a 'blue hat hacker' -- someone from outside the company, like a computer security consulting firm, used to bug-test a system or software. And he is proven in his capacity, being the CEO of the Mahindra Special Services Group -- a subsidiary of the Mahindra group of companies.

"It's kind of fun to find things that aren't supposed to be found," admitted Raman, who has personally uncovered security loopholes, both physical and digital, for many organisations. "We get the thrill that a lot of hackers do, without that 'going-to-jail' part," he added.

Raman's team of 80 such security consultants daily explore security gaps that can be accessed from inside client companies, as well as those that may come from external gateways such as the Internet.

His is not a lone case in point. Rajat Khare, CEO & director, Appin Security Group, is doing brisk business too. "Companies and government have begun involving ethical hackers to find out the methodology and loopholes hackers use to get into their applications, network and servers. If you want to protect yourself from big criminals, you need to have someone who can think like them and predict their moves," he explained.

His company, a leading training and consultancy with around 50 security labs across the country, has done multiple security exercises with government outfits and private sector.

MSSG research reveals that in the absence of robust monitoring, only 10 per cent of the security breaches are detected. Of this, only 10 per cent are reported, since stakeholders have no incentive to report and worry about adverse publicity.

Security experts point out that just as security breaches don't happen in 10 seconds, securing a system also requires a couple of weeks and watchful eyes of security consultants.

"We hire ethical hackers and they are extremely important to us. Our research and development, internal security and client projects are delivered by ethical hackers," said Khare. "We give them vigorous training to make them strong consultants and managers."

"It's easy to explain why the demand for ethical hackers is growing. As companies become more networked and their work increasingly revolves around the Internet, their vulnerability is also growing," noted Raman.

Vijay Mukhi, an independent security consultant, agreed. Mukhi teaches employees of around a dozen-odd Indian organisations and multinationals. "I train more than 20,000 people every year and I can see the interest levels growing among organisations to train their workers in security and risk management courses," he said.

Currently, banking and outsourcing organisations are the ones paying a great deal of attention to security, but Mukhi said the emerging demand lies in the fast-growing businesses like retail, insurance, telecom and  pharmaceuticals.

"Half the time, customers come back and say 'why would somebody want to do that?'" he noted. It's time they woke up, he added.


  • A white hat hacker or ethical hacker is someone who breaks security but does so for non-malicious reasons
  • A grey hat hacker is a hacker of ambiguous ethics and/or borderline legality
  • A blue hat hacker is someone from outside computer security consulting firms who is used to bug-test a system before its launch
  • A black hat hacker is someone who subverts computer security without authorisation or who uses technology for subverse activities
  • A script kiddie is a person, usually not an expert in computer security, who breaks into computer systems by using pre-packaged automated tools written by others
  • A hacktivist is a hacker who uses technology to announce a political message.

  • Get Rediff News in your Inbox:
    Priyanka Joshi in Mumbai
    Source: source

    Moneywiz Live!