Raghu Raman knows all the tricks that hackers employ. He can talk his way into secure buildings, exploit holes in Internet security or gaps in internal company systems to grab control of computers.
Raman's hacking expertise is much in demand -- and not from criminal elements. Indian firms and multinationals like ABN Amro Bank, Aditya Birla Group, Bank of Maharashtra, Bombay Dyeing, HSBC, ICICI Bank, Indiabulls, Centurion BOP, Citibank, India Infoline, Ispat Industries and Kotak Group proactively seek his services.
Raman categorises himself as a 'blue hat hacker' -- someone from outside the company, like a computer security consulting firm, used to bug-test a system or software. And he is proven in his capacity, being the CEO of the Mahindra Special Services Group -- a subsidiary of the Mahindra group of companies.
"It's kind of fun to find things that aren't supposed to be found," admitted Raman, who has personally uncovered security loopholes, both physical and digital, for many organisations. "We get the thrill that a lot of hackers do, without that 'going-to-jail' part," he added.
Raman's team of 80 such security consultants daily explore security gaps that can be accessed from inside client companies, as well as those that may come from external gateways such as the Internet.
His is not a lone case in point. Rajat Khare, CEO & director, Appin Security Group, is doing brisk business too. "Companies and government have begun involving ethical hackers to find out the methodology and loopholes hackers use to get into their applications, network and servers. If you want to protect yourself from big criminals, you need to have someone who can think like them and predict their moves," he explained.
His company, a leading training and consultancy with around 50 security labs across the country, has done multiple security exercises with government outfits and private sector.
MSSG research reveals that in the absence of robust monitoring, only 10 per cent of the security breaches are detected. Of this, only 10 per cent are reported, since stakeholders have no incentive to report and worry about adverse publicity.
Security experts point out that just as security breaches don't happen in 10 seconds, securing a system also requires a couple of weeks and watchful eyes of security consultants.
"We hire ethical hackers and they are extremely important to us. Our research and development, internal security and client projects are delivered by ethical hackers," said Khare. "We give them vigorous training to make them strong consultants and managers."
"It's easy to explain why the demand for ethical hackers is growing. As companies become more networked and their work increasingly revolves around the Internet, their vulnerability is also growing," noted Raman.
Vijay Mukhi, an independent security consultant, agreed. Mukhi teaches employees of around a dozen-odd Indian organisations and multinationals. "I train more than 20,000 people every year and I can see the interest levels growing among organisations to train their workers in security and risk management courses," he said.
Currently, banking and outsourcing organisations are the ones paying a great deal of attention to security, but Mukhi said the emerging demand lies in the fast-growing businesses like retail, insurance, telecom and pharmaceuticals.
"Half the time, customers come back and say 'why would somebody want to do that?'" he noted. It's time they woke up, he added.