Opportunities in Indian IT Security Market

Transcription

1 Opportunities in Indian IT Security Market Disclaimer: All information contained in this report has been obtained from sources believed to be accurate by Gyan Research and Analytics (Gyan). While reasonable care has been taken in its preparation, Gyan makes no representation or warranty, express or implied, as to the accuracy, timeliness or completeness of any such information. The information contained herein may be changed without notice. All information should be considered solely as statements of opinion and Gyan will not be liable for any loss incurred by users from any use of the publication or contents.

2 Table of Contents 1. Overview Market Size.4 3. IT Security Threats in India Cyber Hacking Structure Forms of Cyber Threats Growth Drivers Issues and Challenges Outlook 12 2 P a g e

3 1. Overview Internet penetration in India has shown rapid progress and has reached 10.2 percent in December According to a recent survey by the Telecom Regulatory Authority of India (TRAI), currently, the country has million internet subscribers. While escalating internet growth has opened up multiple opportunities for India s cyber citizens, it has simultaneously given rise to the very real threat of cyber crime. Increased penetration of IT services in Banking and Financial Services Industry (BFSI) and in the operations of small and micro business enterprises (SMBs), competition in the telecom market, hike in government spending in IT infrastructure in public sector units and the vulnerability of Indian IT infrastructure to hackers are some of the major factors that are contributing to the growth of the IT security market in India. Small and Medium Enterprises (SMEs) in India have been investing heavily in IT security software, as data theft in small enterprises could turn out to be very costly. However, investment in IT security systems is considerably low in India as compared to other developing countries. India being the leading outsourcing destination, clients in the USA and in the UK have put emphasis on using proper anti hacking strategy to protect internal data. It has been observed that most business organizations lack even the basic IT security systems in India. A report by Frost & Sullivan reveals that nearly 80 percent of Indian business enterprises have reported data theft through online hacking. The survey also indicates that as high as 90 percent of Indian companies have placed IT security as their priority investment domain and that the cost of computer crimes have reached a whopping USD 10 billion - India is ranked fifth in terms of e- commerce security breaches. Internationally, operating systems such as Linux and UNIX are considered to be effective when it comes to protecting the personal computer systems against possible threats of virus attacks. This is so because IT vulnerabilities are more common in commonly used operating systems. IT security is a major cause of concern for Indian companies, with the menace of their network being hacked constantly looming. SMBs need to develop proper IT infrastructure and Indian companies need to realize the potential threat of data theft. For this they will have to raise their level of investment in effective IT security systems. 3 P a g e

4 2. Market Size The IT security market in India is estimated to be around USD 218 IT Security Market in India (in million) million (2012), with an annual growth 250 rate of percent. According to a 217 report by Gartner in 2011, the market is expected to have a CAGR of percent from Major drivers of India s IT security market 100 are the rise in use of IT enabled services, improved internet 50 penetration and awareness of (SMBs) 0 on the importance of investing in IT security in order to prevent data theft According to a survey report by Source: Frost & Sullivan, Gartner security vendor Symantec, 67 percent of the SMBs in India consider data loss to be a major concern, and 60 percent view cyber crime as a potential business risk. The survey also revealed that SMBs believe that the installation of an IT security program that is more than a basic antivirus solution is an urgent requirement. Thus the survey clearly indicates that data security is the top priority for large enterprises and as well as for SMBs. Indian outsourcing industry has to abide by the regulations such as Sarbanes Oxley Act and Health Insurance Portability and Accountability Act (HIPPA). The Reserve Bank of India has also set up strict norms regarding data security for commercial banks. This has led to a higher adoption of security solutions in the banking domain and has contributed significantly to the overall growth of the IT security market in India. There has been a considerable change in the way IT services are being used by enterprises. For instance, security solutions such as antivirus and firewalls cannot guarantee a network system against data theft or cyber crime. This has led to changes in the demand for security solutions. The rise in the usage of virtualization and cloud computing has made network gateways to redundant. 4 P a g e

5 According to a report by Frost & Sullivan, the banking and financial India's IT Security Market Outlook (in million) 500 services market (BFSM) segment is the largest user of security solutions in India. This segment accounts for a share of 36 percent of the total IT security market in India. Further, according to the report, the SMB 150 segment is the fastest growing 100 segment in the adoption of security solutions. A rise in IT spending by 50 0 SMBs is primarily on basic IT security solutions such as a firewall, antivirus 2012F 2013F 2014F 2015F 2016F and protection for a Virtual Private Source: Gyan Research and Analytics Network (VPN) - the major domain used to communicate through a dedicated server to a corporate network. Although the IT security market demonstrates strong growth projections, spending by large enterprises continues to be quite low. It is estimated that a majority of Indian enterprises spend only around 8-10 percent of their total IT spending on IT security. On the other hand, some of the financial enterprises allocate around 25 percent to IT security. The Indian IT security market has huge opportunities for further investment as enterprises have become aware of the potential threat of data theft and are increasingly spending a major chunk of their budgetary allocation on IT security solutions. 5 P a g e

6 3. IT security Threats in India The fear of data theft has become a very real concern for most Indian organizations. Major Forms of Cyber Intrusion in India However, total spending on IT security is much lower as compared to organizations in other fast growing economies of the world. In addition, there is an absence of 30% distinguishing measures that may be 50% adopted by the companies to prevent such issues. According to the report by Frost & 17% Sullivan, 83 percent of India companies are plagued by internal security breaches 3% relating to loss of data or confidential Phishing Network Scanning information. The report highlights that 43 percent of such data loss is due to internal security breaches by employees. Further, as Source: PWC Report high as 28 percent of data theft is attributable to former employees who tend to share data of the previous organization with their current employer. The report also reveals that 42 percent of Indian enterprises suffer from financial losses due to internal security breaches and 35 percent have to deal with problems of intellectual property rights. Apart from internal breaches of security or data theft, viruses, Trojan horses and worms are the other major varieties of cyber attacks faced by leading organizations in India. Ignorance regarding data theft has propelled the growth of such cyber crimes in India. According to a report by Price Waterhouse Coopers Confederation of Indian Industries (PWC-CII), most Indian organizations are not even aware of whether their organization has been a victim of any sort of cyber attacks in the last 12 months. Further, 26 percent of Indian organization review issues related to cyber crime on an ad hoc basis and as low as 30 percent of such fraudulent activities are only detected by chance. These figures speak volumes about the unsatisfactory IT security infrastructure maintained in Indian organizations. The Annual Cyber Crime Survey published in 2011,reveals that the cyber crime cost borne by Indian companies annually, amounts to INR 341 billion. The research report also states that Indians aged 6 P a g e

7 between 18 and 31 years of age, who primarily use internet, are more prone to suffer from cyber crimes. Nearly 70 percent of adult users of internet have online adults have suffered from cyber crimes. Every second around 16 adults fall victim to cyber crime, translating into over a million victims of cyber crimes in India everyday. The major form of cyber attack is considered to be internet phishing, which constitutes 50 percent of all cyber attacks in computers and smart phone devices. 7 P a g e

8 4. Cyber Hacking Structure Cyber Crime Internet Based Crime Web Based Crime Online Hacking Website Related Crime Launch of Malicious Programmes Crime through s Epsionage Usenet Related Crimes Spamming Inter Relay Chat 8 P a g e

9 5. Forms of Cyber Threats Malware, worms, and Trojan horses These forms of viruses usually spread through s, messaging, and malicious websites. Some web domains automatically download malware and Trojan horses without the permission of users. These procedures are commonly used by hackers which are known as drive-by download. Opening of corrupt files also leads to transmission of such malicious worms and malware that tend to hack the data from the user s computer. Botnets and zombies These threats will continue to propagate as new attack techniques evolve and become accessible to audiences with less technical knowledge required to start successful attacks. Botnets are designed to steal data and at the same time improve their encryption capabilities, thus it is quite difficult to detect such attacks. Scareware Scareware is a fake security software. There exist different versions of malware, with hundreds of them being created every day. This kind of spam is mainly used by cyber criminals as they are very efficient in luring a user to share information using a dummy link. Scareware also manifests as a pop-up signaling a virus attack in the system and users are frequently lured into downloading the fake software. Attacks on client-side software Client side software is very vulnerable to virus attacks. Client-side software primarily includes media players, internet browsers, and PDF reading software. This software would continue to have vulnerabilities softwares offer easy methods to operate cyber attacks. Phishing - Phishing is the process of creating a dummy web page by hackers, in the name of financial institutions, requesting the user to provide all financial details for some reason or the other. The users are redirected to a replica of the original website of the financial institution. Thus a single submission click results in data theft. In some cases it may even result in fund transfers from the user s personal banking account. 9 P a g e

10 6. Growth Drivers Growth of internet penetration has raised the insecurity of networks. Internet users in India have become aware of data theft through the internet and are opting for concrete IT security systems Growing awareness among organizations for better and secured network Considerable rise in investment by SMBs in developing a secured IT security solution that would protect their data from being hacked Rise in the adoption of WLAN technologies like 3G and WiMax There has been a rise in the usage of smart handled devices in India. This would also require protection and propel the IT security market in India Frequent usage of storage peripherals have been one of the major factors for the growth of IT security market in India The Indian e-commerce market has being growing rapidly and there is a need to protect the payment gateway to secure online transactions Rise in usage in LAN, extranet/intranet and wireless access services Globalization and liberalization is considered to be one of the major drivers of IT security market in India. Integration of the domestic economy to the world economy has resulted in high volumes of outsourcing work to Indian firms. There is an urgent need to have a proper networking security solution 10 P a g e

11 7. Issues and Challenges Lack of awareness among clients is a major challenge that IT security vendors face in the Indian market The common tendency is to avoid up-gradation of existing IT security software Absence of any kind of regulatory compliances in terms of IT security solutions is a major hurdle IT security is not on the priority list of major Indian enterprises There is a lack of knowledge about the availability of IT security products available in the market Small enterprises hesitate to spend on IT security infrastructure. IT spending is largely restricted to spending on hardware and software solutions rather than on IT security systems Absence of strict compliances, regulations and IT laws as compared to other developed countries such as the USA, the UK and the Russia Lack of government initiatives to formulate policies dealing exclusively with IT security solutions in public sector units Absence of trained manpower with proper domain knowledge who would provide efficient IT security services Economic and budget constraints resulting in lower adoption, especially in SMBs Availability of pirated security software is a major challenge for the IT security market in India 11 P a g e

12 8. Outlook IT security is an essential constituent of an organization's IT system and the need for IT security is expected to continue to gain momentum. IT threats are becoming more sophisticated all over the world and organizations are demanding new, robust, affordable and upgraded security solutions in order to protect their confidential data. The Indian IT security market was dynamic in 2011, with a considerable rise in outsourcing work. Meanwhile, off-shore data storage continued to threaten Indian companies with possible cyber attacks. With the constant rise in the number of cyber attacks in India, large and small enterprises have become exposed to risk more than ever before. It is of utmost importance that organizations adopt concrete and coordinated strategies to secure end points in corporate network. Organizations are looking ahead to increase their productivity through uninterrupted access to network applications without sacrificing network security. The absence of proper network solution technologies is posing immense threats to the operations of organizations. Large organizations as well as SMBs are concentrating heavily on replacing the legacy of traditional end point security solutions with robust and affordable IT security systems. Highly sophisticated malware attacks have made network firewalls and antivirus softwares ineffective defense systems. Over the past few years, there has been an explosion of intrusion of malicious programs that are primarily delivered through s, which target vulnerabilities in online browsers and client side applications. Further, a constant rise in the mobile workforce in organizations has made on-premise security approach absolutely futile. Security of the domain network of an organization is no longer conceived as an effective means against cyber attacks. Mobility in workforce in an organisation is a major driver for the rise in IT security in any organization. Thus IT professionals are having a tough time protecting employees from such cyber attacks. According to the latest trend in IT security systems, companies are outsourcing their IT perimeter where confidential information for enterprise-owned servers is being stored away on cloud network. These are managed by IT security vendors. Survey reports have revealed that network solutions maintained through cloud computing has delivered better results; organizations believe their data to be secured to some extent. The rise in use of web applications allows employees to use any internet connected device from any part of the world and access applications with just a login. 12 P a g e

13 Companies need to acclimatize to the new post-perimeter world and look for security solutions that are not dependant on antivirus signatures as the means of protection from malware attacks. This will surely be advantageous to companies seeking a effective IT security solutions. It offers cloudcentric solutions that provide superior protection for mobile workers. The security system works primarily in the cloud, while providing necessary end point protection. 13 P a g e

14 GYAN RESEARCH AND ANALYTICS PVT. LTD. Corporate Office: LG 37-38, Ansal Fortune Arcade, Sector-18, Noida Delhi NCR, INDIA Phone: Regd. Office: 298-A, Pocket 2 Mayur Vihar Phase -1 Delhi , INDIA Central Delivery Centre: BD-9, Sector-1, Salt Lake City Kolkata , INDIA Phone: [email protected] Website: 14 P a g e