Page Nav

Hide

Gradient Skin

Gradient_Skin

Breaking

latest

‘India has an acute shortage of ethical hackers’

Kolkata: The Indian School of Ethical Hacking (ISOEH) is the training wing of ISOAH Data Securities Pvt. Ltd. With several years of experien...


Kolkata: The Indian School of Ethical Hacking (ISOEH) is the training wing of ISOAH Data Securities Pvt. Ltd. With several years of experience in the IT security industry it has been working with governments, law enforcement agencies, and corporate clients. They have felt the lack of well-trained individuals in the IT security industry. This school is an effort to impart in-depth IT security know-how to fresher engineers as well as senior working professionals. At ISOEH, training is imparted by only Ethical Hackers & Penetration Testers, who are associated with the IT security industry over the last 10 years. A conversation with Sandeep Sengupta, lead auditor/tutor, ISOEH, revealed some interesting information about the school and its work

1.   What is ethical hacking vis-a-vis hacking? 

Ethical hacking (done by white hat hackers) is a testing network, software, mobile app and any IT or OT infrastructure for cybersecurity vulnerability. This happens when the owner or custodians of such organisations invite an ethical hacker for testing the system, so that they can close the gap proactively. Bad hackers or unethical hackers or black hat hackers are the group of techies who hack into the same systems without permission to steal data which they can then sell to potential buyers in illegal markets on the dark web. Nowadays, we also have state sponsored hackers from rogue countries who are trying to steal data from rival countries to weaken their defence strategies, economy and growth. These hackers take an active role in cyber warfare, which we assume has already started. World War III will be fought with keyboard and mouse.

2.   Who are the most vulnerable to hacking and why? 

Every company, every individual, every PSU. We are under constant attack. Companies like Air India and Dominos lost their customer data to hackers. This private and confidential data of Indian citizens are sold in the black market to marketing companies. As for Air India hack, it might get into the hands of any terrorist group who will come to know the coordinates and travel plans of our govt employees, defence personnel, Diplomates, ministers; who usually travel by Air India. This is not good for national security.

As for PSU, the most vulnerable sector is the power grid, followed by Banking systems, national stock markets, telecom companies, logistics companies, railways, etc. We have seen rising attacks on powergrid all over the world. If a rogue country can take down the power grid for sufficient time, that will cause significant damage to national security.

Individually, vulnerable people are senior citizens and kids. Senior citizens are not tech-savvy. They are finding it difficult to cope up with digital India. They are the most vulnerable to prevailing scams, bank fraud. etc. The minor kids, who are on social media, are vulnerable to paedophiles, cyberbullying, blue whale challenges, etc.

3. Can you throw some more light on the various ethical hacking workshops held by you for police, senior citizens, students?

We organised regular workshops for law enforcement agencies like CID, Kolkata police to make them familiar with the latest cyber security vulnerabilities, recommendations, fraud detection, and monitoring techniques. We conducted a 3-month course for CID forensic LAB staff. Also conducted a 2-month cyber security course for sales tax cyber team & also for CRPF officials. Also conducted cyber security awareness sessions for HIDCO officials, NKDA, STPI, Nasscom, CII, BCCI, BNCCI, etc.

Accompanied CID team in forensic data collection for German Case against tech Process Company in Sector 5, on request from Mr. Sanjay Singh (ADG, CID).

Trained Kolkata Police, Anti-Cyber-crime Cell, Lalbazaar HQ (21.06.2014)

Trained CRPF high officials on Ethical Hacking & Digital Forensic

Trained Nepal Police on Digital Forensic – February 2017

Organized workshop at US Consulate (Kolkata) on Identity Theft – 18.03.2016.

Conducted a cyber-security workshop at STPI on the eve of Digital India Week – 02.07.2015.

Conducted workshop at BSNL Kolkata HO on Information Security – 16.01.2016.

Speaker at CeBIT International conference on 16.02.2015 – topic – IT Security

Speaker at CII Annual Events - ICT East in August 2014 till August 2019. Topic – Information Security

Speaker at FICCI, Annual Consumer Rights Day, Kolkata (14.03.2014) – IT Security

Organized workshops on IT Security at Nasscom – 19.03.2015 & 06.01.2016.

Speaker at ISACA Kolkata Chapter on “Cyber Security” – 15.11.2014 onwards.

4.   What kind of training is imparted in ethical hacking sessions?

Depends on the background of the person. If the person is BTech / BCA / BSc (or equivalent postgrad); we teach him cyber security audit (penetration testing). If the person is MBA / BBA, we teach him ITGC process audit or ISO 27001. If the person is CA, Lawyer, police officer; we teach him Digital Forensics. We have a few short-term 3-month courses, to 1-year diploma, 1.5 years PG Diploma, 3 years BSc Hons Bachelor Degree (UGC approved), 2 years MSC Degree (UGC approved). We have global certificates on cyber security like CEH v11 (Certified ethical hacker), CHFI, Licensed Penetration Tester, SOC / SIEM, etc. We are one of the biggest & oldest cyber security training institutes in India.
5. How can the common citizen protect himself/herself against hacking especially now when everything from banking, purchasing, studying, and consulting doctors has gone online?

They need to follow some basic cyber hygiene. 

a) Never share OTP with anyone over the phone call.

b) Never put your password or confidential information on a website which doesn't start with https (secured site in URL)

c) Never install the software ANYDESK & TeamViewer in mobile

d) Always opt for Cash on Delivery for unknown ecommerce websites

e) In Facebook & Gmail, go to settings --> Security --> activate 2 factor authentication (OTP)

f) Check any news from fact checker sites before forwarding --> https://toolbox.google.com/factcheck/explorer

A complete list of do & don't can be found here - https://www.isoeh.com/handbook.pdf 

6.   Some quick tips on how do we save out mobiles, tablets, laptops, and desktops from getting hacked

a) Install an antivirus or security tool

b) Do not install unknown apps in mobile

c) if you install an app, do not give permission to SMS (you are giving permission to OTP)

d) If you have already given permission to OTP, go to settings --> App permission --> Remove permission from SMS.

e) Use PIN for whatsapp. Lock screen

f) Do not sell your mobile. Using forensic tools all your photos can be recovered even after deleting them or factory reset.

g) Do not click on unknown whatsapp links or email attachments. May lead to ransomware.

h) Do not use passwords on http sites. Only https sites to be trusted.

7.   How far is ethical hacking viable as a career option for our citizens? 

India has an acute shortage of ethical hackers. As per Nasscom survey, India needs 5 lakh cyber security professionals over the coming 5 years. At this moment, we have only 60-70,000 professionals. This has led to major hacking in Domino, Air India, etc. With more and more ethical hackers, Indian corporations can protect themselves from cyber crime. And our country will be better equipped against hackers from foreign countries. 

8. Any message you would like to give to our readers? 

There will be no job crunch in the Cyber Security domain. Fresher students are being offered 2 lakh per month salary. Join BSc Cyber Security or Digital Forensics Hons course after class XII. Help the corporations to stay safe. Help India to enhance national security. Earn the best possible salary and highest respect. 

 

 

No comments