Imagine teams of people from different cultures working with each other day and night across 24 time zones. These virtual teams are the backbone of global businesses. They can tackle complex and strategic issues, helping their company to become more responsive to markets and customers. They are containers for innovative thinking, by which their company can leap ahead of its competitors.Gautam Kheria joined a large manufacturing company 11 years ago. He has managed some of his company’s most complex projects and won two national awards for being an outstanding team leader. Gautam follows four principles: His people know exactly what the team is expected to deliver, and by when; Each person knows what she or he will be asked to contribute — in terms of expertise and administrative support; Communication lines are always open, and team members are well-informed about how problems will be solved and decisions made; Time is made to have fun, so people on his team get to know and enjoy each other.Last year, the board of directors decided to expand globally, acquiring manufacturing sites in countries in Latin America and Africa. Gautam was tapped to work with site managers at three facilities outside India and five facilities in India. His three-year mandate was to orchestrate technology transfers across the eight sites and to create shared knowledge about brand-building.What an immense, complex responsibility! This was not about managing a cooperative group of managers in one country, as he had in the past. This was about creatinga a sense of collective responsibility among managers who did not know each other; and most likely, they did not experience the same loyalty toward the company that he did.Gautam realised that the site managers would have to get out of region-based silos, do some forward thinking, work with teammates with different backgrounds, motivations, and values, and meet production deadlines too. Could he make this happen?Gautam’s team management was not the best. He made mistakes, but he learned too. In his interim report, he wrote up three tips for working effectively on a culturally diverse, geographically dispersed team.Secure support from senior stakeholders, including one’s boss, in advance. To forge trust and commitment, team-members must meet face-to-face at least once every year. This is especially important in the first six months after the team is launched. But funds for travel or multi-point video-conferencing are not enough. Without resources for expert inputs about cultural differences and team development, the group could fumble.Encourage proficient use of multiple modes of communication. Yesteryear’s phone-calls and email are no longer the only options. Now there is the company’s video-conferencing, slide-sharing, and intranet systems; skype; and voice and text messages beeping for attention.But using communication technologies is still an art. Airing a disagreement on email is pointless — better to pick up the phone. Asking for an instantly messaged yes or no is a clever way to include team members for making a decision — but multi-point video-conferencing will draw out opinions far more effectively. It is the mind and heart connection across these channels that matters.Allocate sufficient time to work through the logistics of virtual meetings. The 24-7 work of virtual teams has turned the pace of senior managers’ lives from hectic into frantic. Pre-dawn meetings from some regions of the world pile on top of dinner and middle-of-the-night meetings in other regions. It takes ingenuity and perseverance to distribute the inconvenience of round-the-clock meetings in a fair way, and show respect for the multiple commitments of team members. Technology too is not fail-safe — often meeting participants wait while staff figures out how to re-connect locations or reduce distortion.Without pre-planning, logistical and technical glitches become irksome and encroach on creativity and productivity.Gautam’s tips are quintessential for managing virtual global teams. Business growth accelerates if natural, technological and human resources are properly integrated. New regional markets open up if localised information, knowledge, and insights are used. Innovation happens if team interactions are a dynamic mélange of opinions and perspectives. Without doubt, such effective teams add unprecedented value to their organisation.Meena Wilson is Senior Faculty at the Center for Creative Leadership (CCL) and author of Developing Tomorrow’s Leaders Today: Insights from Corporate India (Wiley, 2010).
Read More
Almost two years after it last made such a move, the Reserve Bank of India (RBI) has done it again — cut the corpus banks have to mandatorily invest in government securities (G-Secs) as a proportion of their funds to 23 per cent, a cut of 100 basis points (bps).But before you cheer this cut in the statutory liquidity ratio (SLR) which will infuse nearly Rs 62,000 in funds into the banking system, look at the message sent out by the central bank. That it will not oblige a government which refuses to take hard, corrective measures on the fiscal and fuel price fronts with interest rate cuts. It has maintained the repo rate — the rate at which banks borrow from the central bank — at eight per cent; the cash reserve ratio (CRR) — funds impounded with the central bank — stays at 4.75 per cent.On the reasons for the SLR cut, RBI governor D Subbarao said: “The reduction of SLR is to ensure liquidity pressures do not constrain the flow of credit to the productive sectors of the economy. This will allow banks to shift their portfolio in favour of the private sector”.Yet, a caveat would be in order here. As Krishnamurthy Subramanian, assistant professor of finance, Indian School of Business, says: “Conceptually, a decrease in SLR reduces the amount that banks have to hold in G-Secs. Every rupee that need not be invested in GoISec can be used for lending to the corporate sector. However, given most banks hold SLR considerably above the mandated requirement, it is unlikely that the decrease in SLR will have a substantial increase in corporate lending. I, therefore, expect any growth acceleration due to the SLR decrease to be quite muted and, if at all, with a considerable lag.” Banks now hold about 28 per cent by way of SLR at the systemic level.Do Your Part Of The DealIt’s the central bank’s way of making it clear that it will ensure liquidity for the private sector; they need not fear a crowding out on account of the government’s appetite for funds. The reduction in SLR also means that much less by way of an assured captive investor base for G-Secs.Says Chanda Kochhar, managing director & CEO, ICICI Bank: “The reduction of one per cent in the SLR will help to make credit available to retail and corporate borrowers and also keep interest rates under control. RBI has sought to anchor inflationary expectations while ensuring liquidity to facilitate credit availability”.According to Leif Eskesen, HSBC’s Chief Economist for India & ASEAN, “the RBI deserves kudos for making a tough but right decision, under difficult circumstances. Nail-biting global economic conditions have compelled central banks in advanced and emerging economies to cut rates, and moderate domestic economic growth has drummed up pressures on the RBI to act. However, the RBI kept cool and stayed focused on its objective, which helps cement its credibility”.He adds “global economic conditions are a worry, but it's premature for the RBI to act in response to these. If global conditions remain weak or weaken even further, that day may, of course, come. If it indeed does, it is better for the RBI to have preserved the little powder they currently have left”.More Bother On InflationHeadline wholesale price inflation (WPI) rose to 7.7 per cent in May from 7.5 per cent in April; it has moderated to 7.3 per cent in June 2012. “The stickiness in inflation, despite the significant growth slowdown, was largely on account of high primary food inflation, which was in double-digits during the first quarter of this year driven by a spike in vegetable prices and sustained high inflation in protein items”, pointed out Subbarao. Fuel group inflation fell to 11.5 per cent in May from 12.1 per cent in April and to 10.3 per cent in June but the reversal in crude oil prices in recent weeks to $103 a barrel is a worry.The RBI pointed to the several upside risks which have arisen:A deficient and uneven monsoon so far; it can have an adverse impact on food inflation.Global crude prices remain elevated. The rupee’s depreciation has added to import prices which in turn has put pressure on domestic fuel pricesThere has been no fuel price hike. Going forward, the embedded risks of suppressed inflation could impact our fuel prices.Non-food manufactured products inflation has not moderated in line with the slowdown in growthAnd finally, input price pressures on account of exchange rate movement and infrastructural bottlenecks in coal, minerals and power may exert upward pressure on non-food manufactured products inflationAnd in view of the recent trends in food inflation, trends in global commodity prices and the likely demand scenario, the baseline projection for WPI inflation for March 2013 has been raised to seven per cent from the April projection of 6.5 per cent.You can kiss all hopes of a rate cut goodbye for some time to come.
Read More
The stockmarket may go down further but there is value in the Indian equity market and that is the reason why for some time now Sudip Bandyopadhyay has been advising his clients to slowly move their money into select stocks in the FMCG, IT and pharmaceutical companies. "We are advising clients to invest 30 per cent of their money into equities, followed by 20 per cent in gold and to keep the rest 50 per cent in fixed income which can be moved easily into equities as and when we find the opportunity," says Bandyopadhyay.Talking to Businessworld, Bandyopadhyay says he concern about the Indian market stems from the inaction of the government due to policy inertia. As for global financial market, he is more worried about the euro zone rather than the US and China. He feels problems are addressed quickly in both US and China, compared to euro zone which has too many political leaders taking too long to decide for addressing the problems. It could be another 6-8 months before something concrete emerges from the euro zone, says Bandyopadhyay. Excerpts from the conversation:What is your take on the Indian equity market at a time when the Sensex is holding well above the 16,500-16,800 levels? Do you think it is a good time for investors to book profit (if any) or losses and stay on the sidelines as there is a lack of trigger in the market? And why?The equity market continues to remain extremely volatile and we feel that, by and large, it will be better to stay on the sidelines in the absence of any positive trigger. Global economic scenario remains uncertain with Greece and Spain continuing to face problems. Signals of slowdown from US and China is also making investors uneasy. On top of that, the domestic macro economic situation remains unfavourable due to policy inertia, high cost of funds and deficit in monsoon. Factors which may change any of the above are not yet visible. Under the circumstances, it is advisable to be cautious and only take exposure in select high growth companies. Bottom-up approach of stock picking should be adopted. Do you think RBI governor will bite the bullet and cut rates on 31 July 2012? What is your view take of the forthcoming RBI policy and why?It is unlikely that RBI will reduce rates considering their focus on controlling inflation at the cost of growth. Though unfortunately, the high interest rate medicine has not worked over the last two years, RBI continues to believe in the same. In spite of continuously increasing interest rates over the last two years (barring a few marginal reductions), RBI has failed to tame inflation and has only succeeded in bringing down the economic growth from around 9 per cent to around 6 per cent. High interest rate has acted as a dampener for incremental economic activities leading to slowdown in every sector of the economy. However, the single-minded focus of the central bank in controlling inflation at any cost and also the use of a single weapon (i.e. continuously increasing interest rates) have led to a stagflation like scenario, in India. The rupee is at an all-time high. What is your view on the currency and its impact on the equity market, economy and inflation? What are your concerns for the Indian equity market?The sharp depreciation of rupee has adversely affected both economy and the capital markets. While relative inflation between economies determines appreciation and/or depreciation in currencies, unbridled sharp movements deteriorate market confidence in a country's monetary management. Unfortunately, initial inaction of the RBI, once the currency started deteriorating, was primarily responsible for its sharp depreciation. Unless rupee stabilises, foreign investors will be skeptical about investing in Indian markets as their capital market gains can very easily get wiped out through currency depreciation. In the next 6-12 months, I see the Indian rupee hovering in the range of Rs 52-54 against the US dollar.Do you think RBI should be interfering in the currency market?RBI should definitely interfere in the currency market. The central bank in every country has a role to protect unbridled movements in the currency. Unless the central bank steps in and ensures that the currency is in consonance with its true relative value, the market will lose confidence in the currency. Thus even more than action, the intention of central banks articulated through their pronouncements, is more important signal to the market.What is your view on the overall financial market? Do you think the crisis in Europe as well as US is behind us and why?Global financial markets continue to remain choppy. Our view is that the same volatile situation will prevail for some more time. The crisis in Europe, US and also China is definitely not behind us. The problem is structural and one cannot hope to solve the same overnight.What is your view on gold and crude oil? Both are tending to rise from its near time lows. Do you see them rising further and why?Our view of gold is positive. We believe that gold will touch over the next 3 -5 years the $2,500-per ounce level. Apart from investment buying and speculation, the central banks across the world are increasing their gold reserves. This will lead to a secular uptrend in gold prices. Our view on oil is not bullish. Significant discovery of alternate reserves of gas (shale block) in North America has led to reduction in demand for oil. Fresh oil discoveries have also helped this cause. We see the long term effective price of oil at around $100 per barrel (Brent crude).In the current market, where will you advice investors to invest? Don't you think it's better to be sector and market-cap agnostic in this market or stick to the large-cap stocks. What's your view? Which are the sectors ones you are avoiding? Our view in the current market is better to be stock specific. It should also be sector specific.We believe that time for value buying has not yet come and the markets may further correct from their current levels. Investors should stick to growth stocks, available at attractive prices. As for sectors, one should look at Pharma, FMCG and IT. These stocks may be available at attractive prices across large cap, mid-cap and small cap universe. We have been avoiding metals, infrastructure, capital goods and real estate stocks for the last one year.
Read More
Even though Symantec with its online security solutions brand, Norton, has been present in the Indian market for a number of years now, it is only this year (FY 2012-13) that the software security major is aggressively focusing on reaping high growth returns from India, harnessing the "opportunity that 1.2 billion (potential consumers) possibly provide." And it is the twin phenomena — a quantum leap in mobile internet (m-commerce) usage and a steep rise in the number of cyber crimes in India — which is fuelling this ambition. Incidentally, instances of cyber crime in India are substantially higher than its global counterparts. In fact, the Norton Crime Report 2011 documents that the country lost a whopping Rs 34,110 crore last year and 80 per cent of internet users were affected by it. While 60 per cent were victims of viruses and malware attacks, 20 per cent became the targets of online scams and 19 per cent suffered due to phishing.However, "the sets of cyber crimes that Indians fall prey to are also fortunately the most preventable, says Effendy Ibrahim, Norton Internet Safety Advocate and Director, Asia, Symantec. Globally, Symantec claims to have blocked 5 billion internet security threats last year; which translates into about 17 threats per second. "In the past people would say if you go to a website and don't download anything you're safe. That is not true today, there could be reputed sites where as soon as you enter a malware starts to download," informs Ibrahim. In India, 1 in 4 malware attacks are bot infections: they comprise malware that lodge themselves in a PC and do nothing till they receive a command from their master to either send back data or use the computing power of the machine to send out spam, for instance. This menace is fast engulfing Indian tier 2 cities as well. Today cyber criminals are not sending viruses just to infect machines; they instruct printers to keep on printing, target personal information, logins, passwords and also selectively erase data.All factors taken into account, Symantec considers the need to invest in India is imminent. At present, the company has more than 3,500 employees across the country. They have a security response — one of the 11 around the world — in Pune (set up in 2006). In addition, the company has security operation centres in Chennai and R&D centres in Pune, Chennai, and Bengaluru. Ibrahim quotes that 35 per cent of Symantec's R&D comes from India and Pune is their biggest innovation centre. Thirteen per cent of the annual revenue is earmarked for research.With their infrastructure in place, the company aims to double the number of consumers and triple the numbers of channel partners (currently 155) to improve their distribution network by also tying up with major mobile product distributors across. Apart from large format retail stores, such as Tata Croma, Symantec has, over the last few months established partnerships with e-tailers such as Flipkart.com and others. Effendy Ibrahim "Currently we are in talks with a number of government organisations to encourage their employees to use Norton products," states Ibrahim while refraining to divulge the names of companies in question. A multi-city road show to 20 top cities in India (distribution centres that need to be explored further) is also on the cards. With more than 50 per cent people confused or unwilling to invest in online security, the challenge, according to Symantec, is in convincing people to move beyond remedial measures (from cyber crime affliction) and investing in long-term solutions. Key To IntegrationIt is estimated that an average Indian spends 30 hours a week using the internet as against the global figure of 24 hours a week. Among them 48 per cent access the internet through their mobiles. The Norton Mobile survey 2012 finds 3 out of 5 Indians susceptible to cybercrime on their cell phones. Yet even as there is an alarming 93 per cent increase in mobile threats, the actual number continues to be dwarfed by other online security breaches. Even as ramping up mobile security products is very much the plan, (Norton India survey, February 2012) data has yielded that almost half the population (of respondents) would welcome a simple security solution that they can use across devices and platforms; from Macbooks to Android smartphones and Windows PCs. "In the current scenario, if you want to protect all your data, you would have to buy a separate security product for each device which is costly and cumbersome. With Norton's multi-device product, a single subscription can protect any type of device. Six months down the line if you choose to replace your Windows PC with an Android tablet, you can move your licence from your PC to the new tablet in a very flexible manner," Ibrahim explains. The product, Norton 360 Everywhere, will be launched in India over the next few months and will cover Windows and Android at the moment. The second phase will include iOS as well and that is likely to happen towards the end of this year. As of now Symantec remains silent about the prince point of this product as well.Symantec is keen on promoting free software such as Norton Safeware: a software that determines whether or not a website is safe to visit even before it is opened, Norton Security Scan and Norton Power Eraser (for infected computer systems). When it comes to mobile security, Ibrahim is emphatic in mentioning that "our mobile security products are not antivirus software per se, that is only one of the features of our mobile security products." Mobile security is oriented around anti theft, more photos on mobile than pc, data protection, the ability to lock your phone, wipe data, anti phishing for mobile and privacy features, among others. Norton Mobile Security for Android devices, is available on GooglePlay Store and any of the others Norton mobile software are accessible on Apple and Samsung app stores. One of the new features the company is working on, at present, is recovery of contacts ( from phone memory) in the event of mobile theft. Globally a partner of Samsung, Symantec is now working towards collaborating with major telecom service providers in India.
Read More
Thanks to the fierce pulls and pressures from civil society groups, domestic pharmaceutical industry and the global drug multinationals in different directions, uncertainties surrounding India's policy outlook on foreign direct investment (FDI) in domestic pharmaceutical sector is far from over.Nine months after Prime Minister Manmohan Singh and his senior cabinet colleagues decided to give Competition Commission of India (CCI) the key responsibility of monitoring foreign direct investment (FDI) inflow in brown-field pharmaceutical projects, India's policy outlook on pharma FDI is back to the drawing board.A new committee set up by the government to understand the progress of the implementation of the proposed changes in the pharma FDI policy has now favoured the Foreign Investment Promotion Board (FIPB) of the commerce ministry over CCI to clear brown-field investments in pharmaceuticals. The earlier decision was to ask CCI to approve all brown-field FDIs in pharma sector irrespective of its size. The new proposal is to allow investments up to 49 per cent without any restriction.Though the proposal to allow FDI up to 49 per cent in brownfield projects through automatic route was seen as a relaxation of the government's more stringent plan, the drug industry is awaiting the conditionality attached to this decision to understand its real implication.Ranjit Shahani, president, Organisation of Pharmaceutical Producers of India (OPPI) said that any policy which restricts freedom of trade and investment will further restrict capital flows. He felt that the current position of the committee "will not only have a chilling effect on FDI flows to the Pharma Industry but will also have a serious knock-on effect in other Industries – particularly since it is a reversal of a policy liberalisation which took place only 10 years ago"."Today, when the world is looking at India to kickstart the economy following changes at the centre this certainly is a retrograde step. We are seeing ghosts where there are no ghosts", Shahani said in an emailed response.According to officials, even when up to 49 per cent investment in domestic drug companies get cleared automatically, the foreign partner that will gain substantial shareholding in the company will have to assure the government that none of the essential drugs produced by the Indian company will be discontinued after the foreign investment. "They may also be asked to invest 5 per cent of their turnover in research and development relating to drug that address India specific health problems", the official said.The representatives of the domestic industry, who have been actively lobbying to restrict FDI in pharma – and thereby resist takeover attempts by foreign drug companies – expressed happiness over the government move, despite an apparent attempt to retain control only on transactions that result in majority stake sale."This is a good development because any restriction on brown field pharma projects will result in more Greenfield investments. It will create new assets in the country", D G Shah, secretary general, of Indian Pharmaceutical Alliance, the association of domestic drug firms, said.In a letter to Prime Minister on July 24, civil society thinktank, the Centre for Trade and Development (Centad), wanted the pharmaceutical sector to be considered as a strategic sector. It wanted a ban on all FDI investments in brown-field pharmaceutical sector.FDI in pharmaceuticals used to be unrestricted for almost a decade until the government decided to limit 100 per cent FDI to Greenfield investments and roping CCI to clear all brown field proposals last year.A six-month transition period was provided to CCI to equip itself and until then, FIPB was asked to clear all brownfield investments in the pharma sector. It was expected that during this period, CCI will put in necessary enabling regulations for effective oversight on mergers and acquisitions to ensure that there is a balance between public health concerns and attracting FDI in the pharma sector.CCI is yet to be empowered to do this job and FIPB continues to handle the task of clearing brown-field pharma investments even today.
Read More
Symantec Corp on 21 August announced the India findings of its first-ever State of Information Survey. According to the survey, business data in Indian organisations is expected to grow 67 per cent in the next 12 months. From confidential customer information and intellectual property, to financial transactions, Indian organisations possess massive amounts of information that not only enable them to be competitive and efficient – but also stay in business. In fact, the survey revealed that digital information makes up 51 per cent of an organisation’s total value. However, with information spiralling rapidly, 60 per cent Indian businesses are struggling to effectively manage and protect their digital information. “Our survey shows that only 15 per cent of businesses in India can confidently use their business information without being either too permissive or too restrictive about its access,” says Anand Naik, managing director, sales, India and SAARC, Symantec, “Without the ability to properly protect their information assets, this data can become a liability. To counter this, businesses in India need to put in place a plan to manage their data assets so they can have a true competitive advantage.”Information Is ExpensiveBusinesses of all sizes are dealing with enormous amounts of data. The total size of information stored today by all businesses globally is 2.2 zettabytes. Small to medium sized businesses (SMBs) on average have 563 terabytes of data, compared with the average enterprise that has 100,000 terabytes. The survey also reveals that information is expected to grow 67 percent over the next year for enterprises and 178 per cent for SMBs.Globally, on average, enterprises spend $38 million annually on information, while SMBs spend $332,000. However, the yearly cost per employee for SMBs globally is a lot higher at $3,670, versus $3,297 for enterprise. For example, a typical 50-employee small business spends $183,500 on information management, whereas a typical large enterprise with 2,500 employees would spend $8.2 million.The survey found that a huge 89 per cent of Indian organisations have lost information in the past year.These incidents have a significant impact: 31 per cent of Indian organisations revealed that losing some/all of their information could lead to decreased revenues, apart from loss of customers (34 per cent), increased expenses (33 per cent) and brand damage (35 per cent). Furthermore, 31 per cent of respondents were unable to comply with government regulations and 40 per cent faced similar challenges with external legal requirements around information management in the past year.Protection Measures are Falling ShortWith so much at stake, protecting information should be a top priority, yet businesses are still struggling. In the last year, besides 89 per cent of organisations losing information, 94 per cent of businesses in India have had confidential information exposed outside of the company, and 31 per cent have experienced compliance failures related to information. Another challenge is the amount of duplicate information businesses are storing – an average of 38 per cent of data is duplicated. Storage utilisation is also low, at only 23 per cent within the firewall and 20 per cent outside.All these risks and inefficiencies result in businesses spending more than necessary on storing and protecting their information. A key issue identified by 30 per cent of businesses in India is information sprawl – the overwhelming growth of information that is unorganised, difficult to access and often duplicated elsewhere.To help businesses more effectively protect their information, Symantec has the following recommendations: Focus on the information, not the device or data center: With BYOD and cloud, information is no longer within the four walls of a company. Protection must focus on the information, not the device or data center.Not all information is equal: Business must be able to separate useless data from valuable business information and protect it accordingly. Be efficient: Deduplication and archiving help companies protect more, but store less to keep pace with exponential data growth.Consistency is key: It is important to set consistent policies for information that can be enforced wherever it’s located… physical, virtual and cloud environments.Stay agile: Plan for your future information needs by implementing a flexible infrastructure to support continued growth.
Read More
Astrological predictions are woven into the social fabric of India. The need to know the future based on celestial constellation cuts across region, religion, gender and age. Almost everyone has at one time of the other sought the advice of an astrologer to take a quick look into the future. A positive future is well regarded. But immediate mitigatory steps are taken for a dim future. The believers hope that wearing certain types of stones and orchestrating special prayers will blow away the dark clouds in the years to come. So it is apt that some future scenarios for India's growth be developed. This has been done periodically by organisations that have used empirical and not celestial data to extrapolate the growth curve options for India. I will take two such examples. One was done about six years ago by the World Economic Forum (WEF). And the second was made public last month by Planning Commission. Both of them have concluded that there are three possible scenarios where India could be in about ten years from now. The great, the ugly and the confused. Let me start with the one that was done in 2006 by WEF. One was called Bolly World. In this scenario, the "initial economic success becomes unsustainable, and domestic social and demographic pressures soon trigger an economic crisis." The second scenario was Pahale India or India First. This describes a potential scenario where "leaders put India first, above personal and sector interests. Broad based, high growth benefits majority and sustains internal economic development, while enhancing global economic integration." The perfect scenario. The final scenario was called Atakta Bharat or India Getting Stuck. This was seen as a less benign future. It describes "an India getting stuck without direction reflecting the lack of unified action and absence of effective leadership that in this scenario create a continuous and cumulative source of problems for India."About 5 years have passed since the scenarios were built. And it is not difficult to see where India stands today. The fresh scenario building done by the Planning Commission this years is eerily similar. The three scenarios are Muddling Along, Falling Apart and The Flotilla Advances. Again one does not need to read star alignment of the cosmos to get a sense of three directions India could head in. The first scenario called Muddling Along is described thus. "…where the system is crying for reform and some reforms are initiated. However, these are piecemeal, do not address core governance issues, and therefore are not effective…Small enterprises are sought to be encouraged, but the agenda of big business dominates."The scenario has likened India to a flotilla of several boats that represent cast, class and regional interests. A flotilla would move together only if these boats keep together. The second scenario is called Falling Apart. Here "India is stuck in centralised governance…wealth is distributed through subsidies. The resulting impatience and political logjam put India under severe stress, with several factions threatening to disassociate from the political union." In the flotilla, the ships keep colliding. And nobody moves ahead. The third scenario is most positive and is labeled The Flotilla Advances. In this scenario, federal and local governance systems work together to help everyone reach their aspiration. Government processes and regulatory systems become more efficient to achieve economic reforms. The Center for Study of Science Technology and Policy (CSTEP), a not-for-profit policy research think-tank in Bangalore, helped build the scenarios which were reinforced with inputs from civil society organizations, experts, government officials and academics. Such exercises are important as they allow policy makers to step away from daily file pushing and take a bird's eye view of the country. Legislators, policy makers, officials in states and centre would do well to study this. It will give everybody a sense of where the country is headed. And what needs to be done to choose the best direction. While there is much to be pessimistic about the future of India, there is much that can be done to prevent the worst scenarios. The first critical step though is to contemplate the future through such scenarios. And then to plan the present.As any astrologer will say, it is really about taking proactive steps to craft the desired future. (Pranjal Sharma is a senior business writer. He can be contacted at pranjalx@gmail.com)
Read More
The one thing that people want to protect today is the data that they have. It could be on a mobile device, a laptop, a tablet or on the company's server. However, protecting it has become all the more difficult. That's where Verizon Business comes in. It brings out an annual Data Breach Investigation Report (DBIR) in conjunction with experts including the United States Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police. The DBIR report spans 855 data breaches across 174 million stolen records. A. Bryan Sartin, Director, Investigative Response, Verizon Business was in India to attend the Nasscom Security Summit. Sartin spoke to BW's Anup Jayaram on the issues in securing data and where India is today.Excerpts:Can you tell us what Verizon Business does on security? How is that important for India now?I head a specialty team in Verizon called the RISK team. That stands for Research, Investigations, Solutions and Knowledge. We have two very specific areas of focus in Verizon. One is, investigations—digital forensics, computers and response, electronic discovery, IT investigations when security is undermined, when security becomes a problem for Verizon customers or for anyone in the world, public or private sector. We are the world's leading non-military IT investigation team. So we are called to perform investigations and coordinate with law enforcement.Our second objective is all about intelligence. We see what happens when security becomes a problem and we go case by case picking up artifacts of intelligence, converting that into knowledge, particularly security knowledge. We hope to drive that back into the ground, make our people smarter and drive that back to customers.That's one of the reasons I am here. India is a very hot market investigations-wise. There's a tremendous amount of demand for response to electronic crimes, cyber crimes. So we have investigations going on here in India right now. I am not here for supervisory capacity but also speaking to customers. There are a few of them. There is a lot of action here both on the civil and the criminal side. Our electronics discovery business which is litigation support for civil matters has always been a big area. Starting last year, data breach investigations in India have picked up a lot for us.Any particular reason for that?I think so yes. At an overarching level, we are seeing some trends. There is a general trend in electronic crimes, away from financially motivated crimes towards "hactivism" and specially cyber espionage and cyber warfare. Cyber espionage in particular is a crime that targets intellectual property. India is heavy in intellectual property. As India grows, intellectual property here will also grow. I would say, based on the demand we see in India now, this is one of the top two or three sources of electronic crime.What's the kind of electronic crime that you have seen?The worst in terms of uninteresting and least sophistication are financial crimes. Historically, 90 per cent of all the crime we saw was financially motivated. Those were attacks against banks and insurers, big retailers and targeting consumer records. Ten years ago, we used to see very sophisticated attacks in that arena. But, they have not become more sophisticated. They have in fact become less sophisticated over time. We still see more financial crimes than others. Criminals are picking small targets like hotels, pharmacies, restaurants. That's the boring side. We see the same old stuff over and over again.On the other end of the spectrum, hacktivism has been an amazing adversary over the last year with groups like Anonymous. That's a totally different kind of adversary. Instead of being entities closely affiliated to crime, these are anyone not already affiliated to a group. All of us might be Anonymous and not know about it. The nature of these crimes is revenge. They are retaliatory crimes. They are politically motivated and they are to damage the reputation of the victim. And there are thousands of ways to do that. Hacking and stealing data is just one of those. And because of that helping customers understand the nature of the threat, how to detect it, how to prevent it. That's a big focus for us. You can deface someone's website site. You can get into their e-mail system and find embarrassing things and post them online. We have always seen proprietary kind of data posted online. That's clearly an indication that your security is not so effective. What's the strangest case that you have seen?In a real twist, we had a major hactivism case in the US this past year where credit card information was stolen and the perpetrators took credit cards and made donations to charities in the victims' names. And pretty sizeable donations in some cases. One of the interesting twists that came out of that was when many of the victims found out what was done with their money were very reluctant to retract the donation even though it was made illegally. That's a funny twist. Isn't it!!Recently Yahoo had some IDs hacked into…That's right. The information that you read online made it sound like a sequel injection attack. I am very surprised that it happened. You must have seen in our DBIR, that SQL injection was big three or four years ago. At one point it accounted for 80 per cent of stolen records. It was discovered as a threat in 1998. So, it's been there for over 10 years. It is one of the easiest attacks to detect when it is happening against your systems and networks. It is one of the easiest vulnerabilities to diagnose. You can even do it with a few keystrokes. So to see an entity like that suffer a SQL injection attack in this day and age is a little bit shocking. What didn't shock me is how weak password security is. Apparently, so many of those passwords were posted online. Massive quantities of passwords were common to many websites. And as I understand there were many people who used the same password there and on Google mail. Talk about weak password security.That facilitates account takeover. Password security is something most enterprises across the globe have figured out very well. But it needs a lot more. Around 70 per cent of all data breaches, the initial point of entry is remote access. The top five actions that lead to a threat to data, whether you talk about small victims, large victims, you talk about cyber warfare situations, weak passwords security factors into a lot of those.How do you analyse the data breaches that you detect?We build attribution tables from every data breach that we investigate. It is the science behind tracking and collecting artifacts and intelligence from each case. About two-thirds of the cases, we can say specifically who is behind the breach even down to the individuals' name. We know their aliases; we know the outlets through which they buy stolen data. Often, we know data breaches they have been affiliated to in the past. Using attribution tables, help us tie-up tools, methods and techniques, down to names of adversaries, and build tables linking individuals to crimes. We do that to set the stage for prosecution. But the more we exchange that kind of intelligence with enforcement agencies and governments around the globe, the better we will get.Are people finally prosecuted for such crimes?In fact, very, very often. It is far more often than most people think. Internationally there is a perception, especially in India, that these kinds of crimes never lead to arrests, especially when the perpetrator is outside of India. If the attack comes from China, the US or Mexico, people don't think it leads to something. But they do. That's part of the problem. The public is so interested in the victims, who is getting hacked? And they are interested in whether their data was stolen. People seem to be less interested in criminals being brought to justice for some reason. That's unfortunate.That reminds me of the fact that these days is something that is factored into hacktivism is personal information. It is not PII (personal identifiable information); it is as much about that data that people make available willingly online on platforms like Facebook, MySpace and LinkedIn profiles.What problems arise from such data posted online? Sartin: The RISK Man (BW Pic by Bivash Banerjee) Let me give you an example of what I was referring to. There was a big data breach, intellectual property that was stolen. This made headlines all around the globe. In the investigation we found exactly how it started. The criminal sent eight emails, eight different messages. They included a PDF attachment and there was malware implanted in the header. If someone opened it, it would execute on their system. Only one of the eight victims fell to it and she had some interesting hobbies. One of them was knitting. She had one of these knitting blogs where she would spend an hour a day in her office reading blogs.She was a technical person by the way, a member of the security department of that company. She was a trainer. She went around to different company offices and teaching people things like don't tape you password on the keyboard. She receives an email from her favourite knitting blog and it had an attachment which appeared to be a platinum membership subscription. She had never received an email from the knitting blog. And all of a sudden when she sees that, all the security training goes right out of the window. She opens the attachment and there was no text inside the attachment. It's blank.Being the technical person she was, she forwarded the mail to the webmaster of the favourite knitting blog and said this is obviously corrupted in transit. So could you please resend it? It spread from there.How big a threat are data breaches to the world?They haven't been so big a threat historically. If you look at the number of crimes targeting consumer behaviour, debit cards historically were a big target. In most countries there is this concept of zero liability for the loss, so long as the card holder reports the fraud. The victims really have been banks and the merchants rather than the individuals.Cyber warfare targets are very, very different. Instead of being the retailer, the restaurant or the healthcare company, it is the power plants, the water districts, the manufacturing companies, it's the critical infrastructure inside a given country. Most countries around the world, India included, are looking at better ways to secure the nation's assets. They have to prioritize and protect themselves from possibly the most threatening situations, which are things that affect large swathes of voters. Ultimately, water districts and things that take the power grid offline are worst case scenarios. The migration from cyber crimes to cyber warfare and cyber espionage affect the individual consumer more than it has done historically.Do you see IT security becoming a bigger threat as we go along?It's getting bigger as we go along. You look at mobility –machine to machine type, the diversified supply chain management and things like that. Mobile workforce and work from home employees. The need for security is becoming more acute, the awareness of that need is becoming more acute. In the last 10 years things have really changed. Security is not something in a box that once you do you have it. It's not out a technology but about a process.There was a mindset shift change about 5-6 years ago. Up until then, people thought good security was about protecting everything in the network. Nowadays, people are realising, security is more about data, more than about networks and tangible things. You are responsible for the data as a security professional, whether it is within the confines of your network or outside. With mobile forces being what they are, with tablet computers and smart phones, we are poking more holes in an out of that perimeter. So security needs to change.What about when senior official lose their laptops?When people leave Blackberry's in taxicabs and laptops at train stations, there are easy ways to control this. Disk encryption on the laptop is not difficult. Once the content is encrypted you can't use it. If I tell IT and security that I have lost my device, they can instantly wipe it remotely. There are little smart steps that people can take to mitigate the risk.There is the other issue of convenience these days with tablets connecting to the company's network. You see CIOs pointing out that end users simply want it to do their job. They need to access their email anywhere in the world with their smart phones. But, they also know that they do not have a good means of securing those devices. So its convenience versus good security, and right now it is convenience that is ahead.In India I see some very positive and compelling developments. It is very common in the US. India and the US are very much in the same place. There is a concern over the need for cyber intelligence. You see our data risk report. Take for example that crimes don't happen in minutes. They happen over weeks, months and years. On average it is seven months from point of entry to the time that the victim finds out. In 90 per cent of the times, the victim does not find out on their own but from a third party. Those are shocking statistics. They actually get worse every year, not better. You get a feeling that people are fighting modern era crimes with tools that are from the early 90s. The path forward is cyber intelligence and the sharing of intelligence.
Read More
