Arthur W. Coviello is the Executive Vice-President of EMC Corporation and Executive Chairman, RSA Security who serves as a co-chair of National Cyber Security Summit's Corporate Governance Task Force, a public-private initiative co-organised by US Department of Homeland Security and leading industry associations, spoke to Business Line about changing paradigms in security, policies and the newer types of cyber attacks.
Is fraud detection and prevention software keeping up with sophistication of fraudsters?
Criminals have started collaborating with rogue nation states, buying and selling information and even subcontracted some of their capabilities. Governments and corporates will continue to grapple with this. On the one hand, there is a shortage of skilled talent in cyber security and on the other, organisations have left with no choice but to fortify their tech infrastructure.
Even the US Government establishments are compromised. In such a scenario, could the logic of more connected machines, resulting in more frauds deter security uptake?
Yes, but that is the fact of modern existence. You also need to look at the other side of the coin. Connectivity allows new types of interactions in our society and economy, helps starting up new business, increases efficiency, levels the playing field etc. Even in olden times just cocooning oneself against the world did not help, like the case of the Trojan war. However, it demands a renewed examination of roles and responsibilities and organisations need to keep in mind that in the never ending war for control of the network, the battle must be fought on many different fronts. All organisations are part of the greater ecosystem of information exchange and it is everyone's responsibility to build and protect that exchange.
In India, which area will witness fraud – PCs or mobile phones?
Both are vulnerable to fraud. If you look at the US, back in the 90s, there were instances of cyber frauds but the scale and the intentions were not comparable to the ones we witness nowadays. So, it is up to the organisations to determine that. For example, a bank or a telecom carrier will have to decide where to put more emphasis for fraud detection and control, based on where their information resides.
Do you thing Reserve Bank of India’s mandate for digital certification enough to ward off threats?
The RBI has always been in the forefront with regard to security.
However, like other business things, you can’t throw your head back and say that the job is done. In the last few years, criminals are having financial intent and in a lot of cases they are trying to disrupt an economy (through broadband outage, stealing government data etc.)