CHENNAI: What would you do if you found a vulnerability in e-Bay India that allowed you to purchase anything you wanted from the site for just `1? S Ishwar Prasad was presented with this opportunity when he was in class 11. And while many would have been tempted to use this vulnerability for their benefit, city-based Prasad was different. The now 24-year-old cyber security researcher immediately reported this vulnerability to the shopping giant and found himself on their Hall of Fame.
That was just the beginning. He went on to find vulnerabilities in a number of sites that include companies like BlackBerry and AT&T’s Bug Bounty programmes. These programmes are offered by many websites and software developers, especially overseas, by which individuals can receive recognition and compensation for reporting bugs, especially those that exploit vulnerabilities.
Prasad was a reluctant student but he never found it tedious to spend hours in front of his computer reading up about trojans, viruses and malware. “The internet is my guru,” he said. “I began reading about trojans and other viruses extensively and trained myself for close to four years on how to find and report vulnerabilities.”
While parents generally discourage children from spending too much time in front of the TV or the computer, Prasad’s parents recognised his interest and motivated him to pursue his passion. “My parents were extremely supportive,” he said. “My father’s only condition was that I complete my degree in computer science first.”
True to his word, Prasad completed his course and immediately set up his own cyber security firm, Necurity Solutions. It has been a year and the company has protected over 100 companies from diverse industries ranging from jewellery, shipping, spirituality and medicine, from cyber attacks.
“Any place where net connections and computers are involved is vulnerable,” he said matter-of-factly. “A lot of firms completely rely on scanners, while they’re testing for vulnerabilities. This is a flawed method as hackers are real people and you need to understand a hacker’s mindset to be able to counter them.”
He points out that big companies are increasingly taking the initiative to protect themselves and their customers’ data from attack but it is the subsidiaries that often become vulnerable. “It is imperative for the Government and private companies to look at launching Bug Bounty programmes which will encourage people to report vulnerabilities and make systems more resilient.”
However, when Prasad started out, it wasn’t his age that proved to be a barrier but the lack of awareness that was the biggest obstacle he had to overcome. “When I would approach companies, many of them did not realise that there is a vast difference between cyber security and the IT department,” he said. “This has to change because often they are in denial and feel their systems are secure. So I would ask them to give me a chance to show them how they were at risk. And once I would do that, they would realise the magnitude of the problem and how someone trained in cyber security could help mitigate, if not eliminate, the risk.”
Future plans
Prasad has a vision of making India the most secure cyber space in the world. He also hopes to build a cyber army in India which is on par with those in other countries in pursuit of the same goal. He has plans to start an institute that will train and churn out the best in the business of cyber security researchers. He is also looking at expanding Necurity Solutions’ operations on a global scale while also concentrating on consolidating a strong pan-India presence