Opinion

The chase between cyber-crime and cyber-security: What are startups doing about it?

The sensitivity towards cyber-crime is increasing. VCs are backing those startups that arrived early in the cyber-security space. In India, this industry vertical is still nascent, with around 50 security product startups.

Jay Krishnan Jul 31st 2018
Jay-Krishnan-CEO-of-T-Hub.jpg

In a world where all reality is entirely virtual, we don’t have enough tools to have a safe space online, as we do in the real world. Increasingly businesses and individuals are going online, transacting with digital money and exchanging goods and services through digital technology. However, like in real life, crime prevails, making it difficult to build trust. Cyber-crime is an almost untameable beast— at times it causes minor inconveniences; at times it even takes down entire networks.

Ransomware caused a massive revenue loss in 2017. They are malicious software that hack the victim’s data and threatens to publish unless a ransom is paid. The Yahoo hack was recently recalculated to have affected 3 billion user accounts, and that just scratched the surface of what cyber-crime is capable of damaging.

These major hacks alongside the WannaCry and Notpetya cyber-attacks have only increased in complexity and have left the digital population more worried.

The Cybersecurity Ventures report estimates that $6 trillion is the cost we would bear by 2021, if cyber-crimes persist the way they do. Cyber-attacks also have the most sensitive victims. They are primarily targeted towards healthcare, manufacturing, financial services, government, and transportation sectors. Any business or stakeholder in these sector should be worried, not only for the losses they would incur, but also for how it would put their customers in jeopardy.

In recent times, the UK and USA have made strong recommendations to the businesses in their countries to take extensive measures against cyber-crime. As far as India is concerned, there are no explicit laws in the Indian Penal Code that protect citizens from cyber-attacks.

But the protection of rights of citizens in the digital context is vaguely mentioned in the IT Act Amendment 2006. Our present laws throw no light on the emergency cyberspace that includes all aspects of theft, privacy, and cyber-related activities. Practically, without any law enforcement, it is difficult to judge or act on major threats and pitfalls in this space.

In short, the sensitivity towards cyber-crime is increasing, and VCs are now backing those startups that arrived early in the cyber-security space. In India, this industry vertical is still nascent. According to Tracxn, there are around 50 security product startups in India while the US is the home for nearly 63% of the world’s privately-owned cybersecurity companies.

Large companies like Amazon, IBM, and Microsoft are racing to defend against hackers who are posing increasingly deadly threats to their business. Cyber-criminals have become highly sophisticated, making it extremely difficult for legitimate operations to keep up. Since companies cannot cut networks and the Internet from their processes, cybersecurity products will continue to be a major need. This is where today’s startups are working to fix.

By 2022, the cyber-security market will be worth $231.94 billion:

A Markets & Markets report notes that the market which is currently worth $137.85 billion will grow at a CAGR of 11%. The entire cyber-security industry is driven by the threat of cyber-terrorism and data protection directives. IoT has growing security needs, and companies these days have their employees bring their own devices (BYOD) to work. These are the trends that make this space grow rapidly.

Checkr is a company that provides automated background checks for large corporates like Instacart and Uber. Another company HOOK runs personalized phishing tests, which aim to identify employees who may fall for scam emails and put internal data at risk. Hook runs on a pay-as-you-go business model instead of offering a traditional subscription service.

But even the current approach to tackling cyber-crimes is changing. There is a shift in the focus of startups from protection to prevention. It is possible to stop threats before they happen. Security should focus on detection, response and remediation. With the growth in ransomware and extortion tools, the ease with which criminals operate will also increase. So, companies need to prepare for this eventuality especially with the security of the cloud servers. One must also bring into place more automation in cyber-security response for things to operate at a faster pace.

A distributed blockchain network could pool together computing resources to bolster cyber-security. Once the service is decentralized, it becomes harder to identify a vector that attackers can use to take down the network. A Mumbai-based startup, Block Armour, isolates critical infrastructure in the network and provides secure access for authorized users.

There is a realistic chance that the new tech startups can reduce cybercrime. AuthBase, a Hyderabad-based startup, provides cybersecurity consultancy and web application security services to enterprises. Their services include security audits, vulnerability assessment and penetration testing (VAPT), providing security patches and custom fixes. They deliver a framework to developers for securing the applications by identifying, fixing and monitoring the web, mobile, and networks against vulnerabilities and exploits.

Currently, due to lack of awareness on cyber-crime and cyber-security, a lot of Indian companies are not serious about it. Which is why the market in India is still far behind the west. This can also be due to a lack of awareness and the absence of sound policies in place with sufficient budgets for cyber-security. This sector is emerging and will stay until the online businesses exist.

Jay Krishnan is CEO at T-Hub

Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s).