NEW DELHI: From being individual attackers, cybercriminals are now running their operations as an organised business, pointing to the rise in efficiency of the criminal activities they carry out, CEO of Finnish cybersecurity company F-Secure, Samu Konttinen, said.

“Ransomware is by far one of the biggest problems. It is in a league of its own – nothing comes close – and unfortunately, these haunt consumers and businesses both,” Konttinen said in an exclusive chat withET.

He said ransomware operators work by encrypting or scrambling data of a business or an individual user to make it unintelligible to even its owner.

Imagine having all your files on your computer, but not being able to see any of their contents until you pay a sum to the cyber attacker, he explained. For paying the ransom, say via bitcoins, the cyber attackers guide the target through the process. “It’s almost like an honest criminal. It is important to them that people (targets) have faith. The attackers must deliver the decryption key to their targets after payment and are very careful about their reputation… because the fact is, if the word gets out, if the targets pay and still don’t get their files back, nobody will pay,” he added.

F-Secure has been focusing on the small and medium enterprise (SME) market in India – it’s fastest growing market in the Apac region. The company sees a big opportunity in the digitalisation of government and businesses in the country.

India is also trying to push biometric authentication — primarily fingerprints and iris scans — for Aadhaar-based transactions. Talking about the use of biometrics and associated devices, Konttinen said fingerprints are not fool-proof.

“The problem is for any of the fingerprint readers, they don’t understand if the holder of the fingerprint is alive. I can cut off your thumb and it most probably will open your phone,” he said.

Also, using a single fingerprint scanner for multiple scans – such as at a door or for office attendance – can it wear out. The issue of the scanner not being able to read fingerprints because of dirt or grease on fingers is another problem. A recent technology, which uses infra-red to read blood veins in the palm, is a better technology, Konttinen said. “They are as unique as a fingerprint. You only need to hold your hand above the reader.

A chopped off hand will not work,” he said. He also spoke about the lack of disclosure norms and adequate punishment for cyber breaches in India. A new regulation that will come into force from 2018 in the EU mandates tough penalties.

According to the regulation, if a company fails to notify the EU government of a data breach within 72 hours of learning about it, the non-compliant company can face fines of up to 4% of annual global turnover or 20 million euros, whichever is greater. “What has also happened very, very often is that at the end, the CEO gets fired (in case of big cyber breaches). So they are gradually beginning to understand that if you don’t take care of the cybersecurity of your company, it is your job that is on the line,” Konttinen added.
NewsletterA A

SOURCE: Economic Times