Most Indian companies have inadequate funds for cyber security: David Remnitz

David Remnitz, forensic technology and discovery services leader with Ernst & Young (EY), believes ransomware is spreading its tentacles fast. If you are a gullible customer, this malware, which encrypts all your data and causes some annoyance by hijacking the browsers and the operating systems, leaves you financially weak. In an interview with Somendra Sharma, he spoke on the threats while using e-wallet system and public Wifi. Remnitz also spoke on emerging cyber crimes affecting multinationals globally.

We are now seeing a new Digital India, where the emphasis is now on more and more digital transactions instead of cash transactions. However, with more digitisation, instances of e-wallet frauds are increasing. How can such frauds be tackled?

Major economies around the world, including Great Britain, the US, Singapore, Hong Kong had to grapple with this issue over an extended period of time. A great deal of the sophistication is now in the international banking system to be able to determine when cash can and should be used versus some form of electronic transaction has become sophisticated and well managed. When you look at the US banking system and US financial markets, the level of scrutiny and the types of activities that are monitored, there is surveillance on every activity of the economy.

Maturing economies such as India will benefit significantly from being able to model and evaluate some of the approaches of some of these more sophisticated economies have had to put into place. Whether it is a suspicious activity report, that a retail or consumer bank is generating because of some behaviour of an individual, whether it is some sort of structuring activity that a bank is picking up through the form of analysing deposits, or whether it is the cash movement from account to account, these all have electronic monitoring on top of them. Because of what you have experienced here in the form of currency take back and now the country being forced into a position where it has to rely upon a variety of electronic tools like electronic wallets and utilities. The types of enforcement and compliance opportunities become much much higher. The pain of adopting that type of monitoring system is quite apparent in that most of the population is not used to that.

The use of public WiFi is now growing in India. In the past, there have been instances that unsecured WiFi have been misused by criminal elements. What would you suggest to ensure safe usage of Wifi?

It is very hard for the average individual to determine which hotspot to connect with. Some of them look legitimate, many of them are not, and are designed to steal highly valuable data. The consumer has to be extremely cautious and well educated, and that's a big question, as we are talking about tens and millions of people who have to understand it is not okay to click on one hotspot versus the other. At the same point, it is a good responsibility of the government to be able to provide it to people who could not afford it. But, it is a double-edged sword. The users have to be educated and trained in using Wifi.

Do you think multinationals here in India invest adequately on cyber security?

We have interviewed hundreds of professionals and corporations around the world to understand their perspective on how they are investing in cyber transformation, types of concerns and priorities they have, and how high in the organisations these concerns rise. One of the key takeaway is that many of the organisations that we have spoken to still feel that they are significantly underfunded. There is a great deal of concern and investment across many of the world's top organisations including the Indian conglomerates. But at the same time, there is that sentiment that there is still not enough money being spent here by the organisations and it is yet to become the biggest issue on the block. It is about having good and proper hygiene, the right parameter of security protection, right policy and good practice. It is about benchmarking and tabletop exercises, and ensuring that you really understand the vulnerabilities you are introducing into your environment through technology.

What are the emerging cyber crimes globally that are affecting multinationals and industries?

Ransomware is surely one thing which is really been moving quiet fast. It is a malware that encrypts all your data and causes some annoyance by hijacking the browsers and hijacking the operating systems in order to earn money. It asks the user to pay money to the attacker to get data back. Imaging placing this kind of ransomware on an airline industry and put it on the flight control system, or reservation system, or health industry to put it on the patient records management platform and you pretty much can hold a business hostage by shutting off the access to this kind of information. We are seeing it worldwide. Just over the last 12 to 18 months it really has risen to a daily occurrence. It is escalating at an alarming degree. Another trend is the falsification of identities to commit financial fraud. Rise in individuals who are becoming more and more sophisticated at faking or falsifying a communication records. They make a communication look legitimate from outside that instruct that office to do something financially to wire funds from one bank account to another account. They use an electronic communication to impersonate someone who has authority and to instruct them to do something. They are being very successful.