When you get a mail from a prince of some African nation asking for help to transfer money, Google immediately sends it to spam, knowing fully well that it is a phishing attack with someone trying to get access to your finances. While attacks have gotten much more advanced since, hackers try to now get you to reset passwords or reverify pins, IT/internet services providers are yet to get hold of such techniques. But enterprise solutions are getting the better of such coordinated attacks by forewarning companies. While security codes and antivirus softwares have their own place along with virtual private networks (VPNs), Kratikal Technologies is helping employees get smarter against phishing, spoofing and other hacks.
“We keep company employees on their toes by organising coordinated attacks and then telling them where they go wrong. For this, we have a database that tells us who got lured by such emails,” says Pavan Kushwaha, founder and CEO, Kratikal Technologies.
Besides alerting against such dangers, Kushwaha has a few other products in his arsenal—KDMARC, KPMonitor and Threat Alert button. KDMARC defends against email spoofing and disallows use of your domain email domain. KPMonitor, one of the advanced tools in the domain, helps discovery of website forgery and phishing website detection and takedown of such rogue websites. So, if someone creates a similar service or tries to copy the code, Kratikal has a way of detecting this and then shutting down the service.
“After the RBI guidelines on online security, banks are paying much more attention to us, and we are getting fair share of requests for protection and security,” says Kushwaha. Kratikal has banks and a number of private firms among its clients.
Another IT security firm, TAC Security, is doing the same but with a much wider gamut of players. It is helping organisations like National Payments Corporation of India (NPCI) ensure that security needs are met from another viewpoint. TAC may not be as user-focused as Kratikal is, but in a domain where attacks are common, and cyber safety is everything, it does serve its purpose. Its security assessments help companies aware of threats to their apps and ecosystem.
Trishneet Arora, founder, TAC Securit,y points to its the Artificial Intelligence (AI) based Vulnerability Management Platform ESOF (Enterprise Security in One Framework) that helps firms identify risks.
“Through ESOF, we currently manage more than 2 million vulnerabilities for multiple Fortune 500 companies and also protect transactions worth Rs 1 trillion annually. TAC Security also conducts end-to-end security assessment of all UPI-based applications. In addition, since 2017, we have been working closely with NPCI and have also been empanelled by CERT-In, receiving multiple appreciations from multiple government bodies for being a part of the Digital India vision,” says Arora.
Companies are warming up to the idea of startups serving their security needs. As this trend takes off, more startups are expected to enter this segment to help companies deal with such threats. However, this is also a highly innovation focused business. While TAC and Kratikal are doing well with current threats, as the security environment gets dangerous they need to keep innovating to stay relevant in the market. “You just can’t rest in this business, there is always something or the other, and you have to be on top of your game,” says Kushwaha.
While TAC and Kratikal have made a name for themselves, there are now bigger players who are coming in the field, and that can worry some of these startups as they have more money to go around and create new brands and security solutions. With security threats becoming a real risk—a report last year highlighted that India lost $18 billion due to cyberthreats—there would be enough space for more players in the segment. At present, the size of the pie is small. But as it becomes bigger, there would be a lot of space for many players to survive in the market. Some will still need to brave the tides, till more companies get serious about security.
“Recent research reports estimate that the international market for cybersecurity products will continue growing at a strong CAGR of 10.2% to create business opportunity worth $248.6 billion by 2023,”