As we move our lives online, we see an increase of crimes in this space. The more we depend on computers and the networks that link them together, the more opportunities sprout up for the criminal mind.
If you’ve ever met a cyber forensics specialist, or the head of research lab in a security company you would have sensed the nature of a crime-fighter. All of them speak with a passion that is truly inspiring. After all, their job is about the epic clash between good and evil.
What is it?
It is one of Rakesh Goyal’s most memorable cases. He recalls when one of India’s well-known banks received a complaint from a clerk, stating that there may have been an accounting error in the charge of interest rates on overdrawn accounts. A few accounts showed the charge to be just 5 percent, when the bank’s charge was 10 percent. The resulting difference ran into several lakhs of rupees. The tedious task of checking all records was done and nothing seemed amiss. Yet the money was missing. This is the point at which Rakesh Goyal’s firm, Sysman, was called in. His firm specializes in the detection of cyber crimes.
They stumbled across the possible tool of attack when they ran a check through the 259 programs that the bank used. In this list they found nine programs that were not in the official list of software. On testing them, it was found that three of them accessed the database and produced no audit trail. The firm came up with the hypothesis that someone could have briefly reset the interest rates. The only possible time that these alien programs could have got into the bank’s network was when they did their last upgrade. This helped them zero in on the day of the attack. This also helped identify the accounts involved. The officer staffing a particular desk was questioned. They put him in a room, asked him a few questions and he cracked. It didn’t take much of an effort to make the man talk once the heavy-lifting of studying the systems was complete.
Simply put, computer / cyber security is the science of protecting the data residing on our computer systems and networks from unauthorized access, disclosure, transfer and modifications, whether accidental or intentional. It could be as simple as installing an anti-virus program on your desktop to installing firewalls and honeypots at the network level. It could also be the task of tracing the crime, such as the above example.
Why is it needed?
Just as each stride ahead in this information age enables us to transfer information more freely and have better and faster access to knowledge, security of this information also becomes a key issue. Computer security is required at all levels – personal, corporate, state or country. Protecting data in today’s environment become a greater concern and a formidable task to undertake.
A cyber-criminal or hacker could strike in many different ways. He could unleash a virus to erase your entire system, steal confidential information from your system or even break into your system and modify your files without your knowledge.
A computer security professional does a similar job, albelt ethically. He thinks like a hacker so as to find loopholes in the data and systems in the network and pre-empt a hackers moves. He then puts in place a security program to deal with the myriad of threats present for any infrastructure. There are many courses available nowadays that offer courses in “ethical hacking”.
Computer Forensics is still a rather new discipline in computer security and is a rapidly growing discipline that focuses on finding digital evidence after a computer security incident (breach) has occurred.
The role of a Computer Forensic professional is to collect and analyze digital data within an investigative process and find out exactly what happened on a digital system and who was responsible.
There are essentially four phases for recovering evidence from a computer system or storage medium.
- The identification of digital evidence
- The preservation of digital evidence for judicial security in a court of law.
- The analysis of digital evidence – the extraction, processing and interpretation of digital data
- The presentation of evidence in a court of law.
Hundred percent data security is a myth. The rapid evolution of computer technology implies that computer security professional, despite being on constant vigil, may not be able to anticipate and prevent all attacks. However, it is said that computer criminals always leave tracks; it’s only a matter of finding them. But this part is not always easy. If computer forensics collects evidence correctly, it is much easier to apprehend the attacker and the evidence stands a greater chance of being admissible in the event of a prosecution.
Some organizations have put in place an ‘Incident Response Team whose role is to investigative in case of a computer security breach; this also involves problem-solving. It includes management personnel with the authority to take action, technical personnel (computer security professional and/ or computer forensic professional) with the knowledge and expertise to diagnose rapidly and resolve problems, and communications representatives who can keep the concerned individuals and organizations informed on the status of the problem and develop public image control strategies, if necessary.
The Growth Story
According to a NASSCOM estimate, the world-wide demand for computer security professional would touch about 2,00,000 by next year. In India alone, the demand should touch a whopping 90,000 and there would be a shortfall of 35,000 to 45,000 computer security professionals.
International Data Corporation (IDC) had predicted that the worldwide information security market would increase from roughly $6.7 billion in 2000 to $21 billion by 2005. In the financial services industry alone, the spending on security-related products and services was expected to rise from $848 million in 2000 to $2.2 billion by 2005. Thus, there is a sizable requirement for cyber security products and services.
Key drivers of growth
The demand for professionals in this field is rising for two reasons:
- Increasingly data is being stored outside the organization
- Internal data theft
There has been a steady rise in cyber attacks (28 percent in the first six months of 2002). According to a survey in 2001, cyber attacks cost businesses roughly $13.2 billion in damage and clean-up costs while in the preceding year, it was $17.1 billion. Some institutions were even forced to shut down their entire networks to fix the problem.
In response to this, organization s and governments are gearing up to take necessary preventive and remedial measures. India has recognized cyber crime and necessary security actions are being taken on the government and personal, job opportunities for computer forensic and security experts will also increase. As state governments are opening cyber crime departments, this will also bring more job openings.
Why did you choose this career?
Rakesh Goyal, founder, Sysman India: serendipity chose my career for me. I did my first forensics assignment by chance in 1991 and for free. That’s when I realized that I have natural inclination towards IT forensics. It led to writing a book in 1993. Gradually, it becae IT security over a period of time. In 2004, when IS security consulting became a lucrative business, software businesses were closed and efforts were diverted towards the IT security business.
Every case is unique and a challenge. No two cases / assignments are the same. So, it is a delight for any challenge-loving person. One gets to apply all the faculties at his or her command to secure the assets or investigate the case. Investigations, the person must think laterally like Sherlock Holmes.
What are the required skill sets?
Rakesh Goyal: A number of colleges and short-term courses have been launched which train a person on different aspects of computer security and forensics. Based on the performance in exams and prior experience, certifications like CISA, CISM, CISSP are awarded. These certificates are recognized by the industry. No minimum qualification is required to appear for these exams. For entry in the profession, one just needs an IT background with understanding of C++ and JAVA and preferably, knowledge of the law and business processes.