Why ethical hackers are in strong demandMumbai, Jan 30(AZINS)  What according to you has caused the shortage of ethical hackers?

According to NASSCOM, at present we only have about 50,000 cyber security professionals in India. And India requires 5 million cyber security professionals by 2020 to meet local and export market demand. Ideally, we should be training 77,000 ethical hackers per year. But the current supply is only of a mere 15,000 professionals mainly due to the lack of specialized courses and poor infrastructure.

It is a myth that most Ethical Hackers are self-taught. Receiving training from a professional mentor with authorized courseware makes the world of difference. A certified qualification ensures that the candidate has a sweeping knowledge of all the potential threats and is up to date with all the necessary trends he needs to know. There is a thin line distinguishing ethical hacking from illegal hacking. It is doubtful that basement hackers would ever be equipped or take the trouble to go through cyber laws governing the internet. Additionally, a qualification also adds weight to one’s resume and makes it easier to land a job.

Even the best hackers, who took an early interest in hacking, turn to one form of education or the other to pick up the tricks of the trade. With the stark picture of the skill gap becoming more prominent day by day, institutes and educational bodies have set up courses with wholesome curriculum to fast track and systemize the grooming and job readiness of these employees.

At present you can find a video online to learn just about anything you want to. However, it is practical exposure and actual hands on experience which differentiates those who have the knowledge from those who have the knowledge and can apply it in real life situations. Most professional hackers gain some form of formal hacking education, since their job is not just about hacking a network, but instead to prevent anyone else from exploiting the vulnerability.

Do you see the demand rising even further?

Yes, of course. Cloud computing is the fastest growth driving arena in the IT industry. All the IT giants are setting up Data centers across India and are scaling up their capacity. With Government of India initiatives like "Digital India" gathering strength, a lot of important information is going to be available online. It is all the more vital to keep this information safe. It is estimated that nearly 1.7 crore jobs will be created due to this initiative of which a large chunk will be for Security professionals.

10 years from now, many of us who are careless with our cyber security measures are bound to experience a future shock. For e.g. Self-driving cars are in works to become mainstream. Imagine being trapped in a car being operated by someone a hundred kilometers away. It is a frightening prospect. Imagine all your documents being available online and the data vanishing and being held for a ransom. Those are the kinds of threats we will face in the future and requires a large talent pool to prevent such incidents.

As for the ethical hacking workforce, companies will start integrating it as an essential department of their businesses. Cyber security will become a facet that no company would be able to overlook. People will start demanding more personalized services. We could even see the rise of 'Digital Insurance' being offered by insurance companies. Incidents like those of Jennifer Lawrence who was subjected to having her personal data leaked have triggered more people to hire personal ethical hackers to safeguard their digital content. This will only boost the demand for such professionals.

What are the consequences of not being equipped to handle cyber-attacks?

Even though we tend to only hear about the high profile attacks in the news, Cyber-attacks have become increasingly common and more sophisticated.
Even the U.S. government is still reeling from the attacks by hackers from China and Russia who managed to steal classified information. Attacks and leaks by some the nation’s most popular apps and websites just last year have brought the threat to India Inc.’s attention. A report recently found that India ranks among the top 10 ransom attacks in the world. Cyber-security is no longer a luxury for firms to have on board. It is a given. For firms who cannot guarantee data integrity will see an exodus of users to rivals who can.
Sensitive information such as medical records, power plant controls, the country’s covert operations files, missile weapon system, etc. are all at risk if we do not have a competent workforce in place to deal with such threats.

What is HIPAA compliance and why do companies need to get compliance?

HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by the US Congress in 1996, a key component of which is to protect and handle confidential health information of America. America does not allow vendors that are not HIPAA certified to conduct business with US entities.

India on the other hand does not have any such compliance act in place and we follow an indifferent attitude when it comes to privacy. A report by McKinsey revealed that almost 70% of the firms in India were susceptible to cyber-attacks. A recent incident where a firm was forced to shell out a large sum of money to regain control of its data was the latest in the string of incident that have left Indian firms red faced when it comes to cyber security issues.

Banks and telecom firms dodging most basic security norms such as KYC norms has resulted in easy escape routes for hackers. Hence the effort to safeguard data must be proactive and not reactive in nature.

What are the significant components of HIPAA Security compliance?

The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared.