India’s largest telcos have ramped up security infrastructure to guard against hackers and cyber-attacks amid increasing focus on digitisation
India’s largest telcos have ramped up security infrastructure to guard against hackers and cyber-attacks amid increasing focus on digitisation, but experts stress that multiple aspects of a telecom network could be exploited by such criminals.
According to Gartner, enterprise security spending (hardware, software and services) in India is on pace to reach $1.12 billion in 2016, up 10.6% from $1.01 billion in 2015.
“We deflect close to 10 million threats per day to our network across India,” said Vodafone India, the country’s second largest telco, in an emailed response to queries from ET. It plans to launch its payments bank by March 2017.
Vodafone, which operates mobile wallet M-Pesa, said it is constantly finetuning security. For this, it uses cyber intelligence from internal and external sources as well as data mining and analytics processes identical to big data analysis.
Market leader Bharti Airtel, which started its payments bank last month, said it too has beefed up security. “For securing financial transactions, we already have PCI/DSS certification for all payments we get on Airtel. This has been extended to the payments bank,” it said.
The telco is also collaborating closely with regulators, the government and industry bodies to detect attacks at emergent stage.
Airtel said it is helping customers — both feature and smartphone users — with advanced anti-money laundering and fraud management technologies that can help detect issues real time. It also employs ethical hackers who break into protected systems and networks to assess security.
According to a study by industry body Assocham and research firm EY, mobile frauds are an area of great concern for companies as 40-45% of financial transactions are via mobile devices. This threat is expected grow to 60-65% by 2017.
Experts say that despite heavy investment, aspects such as applications and services provided on top of the network are more prone to attacks.
“I think there is a lot of scope for improvement, particularly when we are talking about privacy of individuals, money involved, applications residing on top of hardware. More often than not, these are vulnerable and that’s where security is required,” said Amresh Nandan, research director for communications service provider technology at research firm Gartner.
In India, some of the ways data is collected from customers are themselves not safe, allowing access to cyber criminals.
Nandan said most ways to acquire customer data — much of which still requires paperwork and photocopies of identity proofs — and how this data is stored are not very clear.
Lack of strong data protection and privacy laws further compounds the problem for end users.
Saket Modi, CEO of cyber security company Lucideus, pegged telecom majors more secure on an average that fintech companies. “In the case of telcos, in general, people are not publicly exposed to base stations or network switches in a telecom network. It is relatively difficult to find vulnerabilities,” though this does not make a network “unhackable.”
Most cyber attacks on telecom majors internationally involve customer data breach, leading to hefty fines paid by the companies.
“It is a common misunderstanding that hacking requires sophisticated tools and highly complex skills. Since no organisation can exist in isolation, we have to tackle these security threats to protect the organisation and our customers,” said Vodafone.
Cybersecurity has taken centrestage after the recent cyber-attacks on Twitter accounts and emails of public figures, and the increasing use of e-payments and online transactions being encouraged by the government post demonetisation.