Frenzied activity in the Indian internet space, especially the mushrooming of start-ups, has brought the shortage of ethical hackers once again to the fore.
The industry estimates the availability of ethical hackers at a meagre 15,000-17,000, much in contrast against the 50,000-70,000 cyber security professionals needed per year.
An ethical hacker is a computer expert who hacks into a network to test or evaluate the vulnerabilities, but without malicious intentions.
“At this point, the security aspect is not taken seriously and many companies outsource their security needs. This brings in even more security issues,” said Siddharth Bharwani, Director at Jetking Infotrain, an IT training institute.
Rising cyber crimes
“There is a rise in cyber crimes, with the number of instances projected to be about 3 lakhs in India this year and Mumbai alone expected to record 12,000-14,000 fraudulent online payment transactions a month,” Bharwani added.
According to independent industry estimates, there are about 5 lakh ethical hackers now working across various firms in the country. A Nasscom estimate puts the requirement of cyber security professionals at one million by 2020.
IT training firms such as Jetking, Aptech and certain universities offer courses in Certified Ethical Hacker (CEH), a qualification required to assess security of computer systems. In the US, Certified Network Defence Architect (CNDA) is the base requirement for working in security roles in government agencies, which is equivalent to CEH.
However, Certified Information Systems Security Professional (CISSP), a global certification, is the most preferred one by the industry.
“In the current age, cyber security is much more than protecting the information, as it now means protecting the business and its reputation too. With cyber criminals using high-end technologies and breaches occurring at many levels, cyber security experts also need to have complex skill sets,” said Sanjoy Sen, a doctoral research scholar in corporate governance at UK-based Aston Business School.
Generally, the skill sets needed are expertise in .Net, C, C++ and high-end programming, he added.
“The shortage of cyber security professionals is despite the fact that salaries range between ₹2.5-3 lakh per year for a fresher and scales up fast to ₹5 lakh within a year or so. A professional with about 5 years of experience earns about ₹12-15 lakh,” said Anuj Kacker, Executive Director at Aptech.
What ails the industry now is the lack of right set of training institutions and general awareness of the need of these professionals, Kacker added.
India is a “strategic target” for cyber-criminals with an estimated 38 per cent of organisations exposed to targeted attacks in the first half of 2015, a report by security solutions firm FireEye said.
Experts opine that training and increase in awareness are the way ahead for the industry.