Ransomware Attacks Are on the Rise, What Enterprises Can Do to Stop Future Attacks?

Ransomware is “a type of malware that prevents users from accessing their system or personal files and demands payment in order to regain access.” The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card.

Ransomware is a severe threat not only for individual users but also for corporate network environments because it allows cyber criminals to gain a lot of money in a short amount of time. While some ransomware strains demonstrate strong coding skills and great sophistication, ransomware distribution platforms allow conducting a ransomware campaign without needing to have a developer background. When browsing the dark web, it is not uncommon to find shady websites promoting ransomware-as-a-service platforms. These malicious actors offer, for a fee, the same services a legit cloud provider would, such as development, tech support, customized dashboards, etc., without any need for the attacker to know any programming languages. The cybercriminals running it offer the attackers all they need, including binaries, documentation, detailed instructions and tech support.

Ransomware attacks are often successful because corporate organizations have security gaps with their patch and configuration management policies. Most organizations apply updates and patches only after testing them in a demo environment, which might create a window of opportunity for attackers to successfully exploit a vulnerability that the latest patches would have remediated.

Recent ransomware strains like Ryuk, often delivered through large botnets such as Emotet or TrickBot, have become more sophisticated and lethal. The city of New Orleans was recently forced to declare a state of emergency after a Ryuk ransomware attack took place on December 13, 2019. The infection spread so fast and dramatically that the city was forced to order all employees to power down computers and disconnect from Wi-Fi.

Another recent ransomware attack took down a US Coast Guard base for around 30 hours and was reportedly triggered by an employee who opened an infected email.

Many surely remember the WannaCry ransomware outbreak, which successfully compromised a very large number of computers over a short time frame in May 2017. Not everyone knows, though, that Microsoft had released a patch to fix the underlying SMB vulnerability some months before this widespread infection started occurring, but most individual and corporate users had not applied this patch yet.

Had most Windows users applied the patch earlier, the WannaCry outbreak would have likely been much more contained than it actually was.


Source: https://www.cyber.nj.gov/threat-profiles/ransomware-variants/ryuk

Should You Pay the Ransom?

This is a very controversial topic. Government and law enforcement agencies mostly recommend not to pay.

An efficient and secure backup policy can minimize the risks related to a ransomware infection. If backup copies are created regularly and stored securely (including offline), the victim user/organization can have a much better chance to resolve this situation without suffering excessive damages.

However, sometimes the answer to this question cannot be so clear-cut. Much depends on how valuable the information being held for ransom is for the organization and on how much downtime an organization can afford. Even with an efficient and secure backup policy in place (and tested regularly!), there may be situations when an organization cannot afford to lose data or having its servers and workstations down, even for a limited time.

Backups are normally performed on a fixed schedule. A company having a large website, forming the bulk of its business, cannot afford to lose, for example, the transactions finalized over the day, or even over the last hour because it could mean losing millions of dollars. Additionally, if an organization’s business relies on proprietary information and said information is being held for ransom, the organization may seemingly have no other choice but to pay.

However, paying the ransom does not always guarantee that the files held for ransom will actually be decrypted.

Many ransomware attackers will provide the decryption key after receiving the related Bitcoin payment, while others do not. Sometimes a bug or some other technical issue prevents the provided decryption key from working to successfully decrypt all ransomed files. Often the decryption process, even if works, is extremely slow and unreliable.

Whether the attackers and their decryption tools release your files or not, this is definitely a situation your organization does not want to be in.

What Enterprises Can Do to Stop Future Attacks

Use Prevention vs. Detect & Respond Solutions
What good is a cybersecurity solution that detects attacks after they have happened? Or worse, misses the threat completely, like the Dominion
National or AMCA attacks. Utilizing prevention methods that can stop zeroday and other known and unknown advanced attacks is crucial for a robust security framework. A preventative approach will also take the
pressure off IT/Sec-Ops and minimize attacks due to human error.

Arm Employees with Training and the Right Set of Tools
As you noticed from the list of attacks, most attacks occur through online social engineering schemes that manipulate users to open the doors
for hackers. One of the most common examples of this is a fileless attack.
The bottom line is employees can be the first line of defense against such threats. They must learn how to spot phishing schemes, not download
attachments without context, even when sent from an existing contact.

Don’t Assume Your System is Secure; Perform Continuous Threat Monitoring
Develop an understanding of the current threat environment and take appropriate measures to protect yourself from attacks. Evaluate your
existing security solution stack and practices and periodically employ third-party pen testers to do in-depth vulnerability testing. Gain visibility across your environment, so you know what software and systems have weaknesses. Once identified, prioritize the most critical vulnerabilities so you can mitigate those first.

An average organization has more than 200 apps: there are ample opportunities for bad actors to find weaknesses, and that is just the apps IT knows about—shadow IT increases the risk. Gartner estimates a third of successful attacks next year will involve shadow IT. No organization can address all vulnerabilities, even with the best IT teams and technology in place—therefore, a preventive solution is key.

Manage Third-Party Risks
Most companies rely on a variety of vendors, suppliers, and partners—and those relationships bring unwanted exposure to the business. Even with a strong security posture, attackers can simply find the weakest link in the supply chain and use it to gain access. Segment your network and limit third party access to critical infrastructure. Establish security checks and
thresholds for partners and vendors.

Cybersecurity Should Be a Culture, Not a Practice
A strong cybersecurity culture goes beyond employee training and awareness. Everyone in the company—from the board of directors
and C-suite executive leadership to every line employee—should view themselves as a critical part of strong security defense. Board and senior leadership should make cybersecurity a priority. Executive leaders should emphasize a cybersecurity culture of “no-fear” where an employee can raise appropriate alarms if they make a mistake, instead of sweeping it under the rug from the fear of getting fired.

Devise Comprehensive Incident Response Plans
Incident response (IR) should never be treated as an ad-hoc process. Assume that your security parameters are already compromised. Your security team should already have a well-defined methodology and IR playbook that is updated continuously based on new attack vectors that can be quickly implemented to quarantine, block, or eliminate malicious network traffic.

How AppGuard Can Help

Every cybersecurity company talks about how great their products are — that’s how marketing works. But business leaders have noticed that for all the talk about how effective today’s malware detection and response software is, hackers keep finding new ways to breach the data repositories companies spend so much time and effort to protect.

AppGuard is different because our patented technology guards and isolates processes that start from an application, no matter how trustworthy they look. That’s a radically different approach than “detect and respond” cybersecurity strategies. It doesn’t rely on alerting IT or security operations teams so they can check out suspicious activities. AppGuard stops the processes before they can cause harm.

Since we don’t operate in a “detect and respond” model, AppGuard doesn’t require extensive whitelisting, updates or connection to a central server. That means human error and overworked IT/security operations teams don’t contribute to risks for AppGuard users. AppGuard delivers complete endpoint protection on a zero-trust basis.

We’re the only solution that prevents breaches from both known and unknown cyber threats, and in our nine-year history, users have never reported a breach.

AppGuard has endpoint security locked down with products designed for a range of use cases, including:

  • AppGuard Enterprise, a centrally managed, host-based endpoint protection solution that prevents malware and all advanced attacks from harming the system.
  • AppGuard Server, a zero-trust, host-based endpoint protection agent for Windows and Linux servers, centrally managed from the same system as agents for laptops and desktops.
  • AppGuard Solo, a self-managed, zero-trust, host-based endpoint protection agent for laptops and desktops that is ideal for small businesses and non-technical users.
  • AppGuard TRUSTICA Mobile & IoT, a centrally managed, host-based solution for making employee mobile devices safe to use for the enterprise without intrusive co-administration.

So, if you’re looking for an edge over competitors, take a look at AppGuard’s products. With AppGuard, you can prevent breaches from occurring while focusing on your core strengths. There’s a cybersecurity crisis — let’s not waste it. Use AppGuard to create a safer connected world.

10 Most Promising WiFi Solutions Providers in India

Inventum Technologies Featured in “10 Most Promising WiFi Solutions Providers in India 2019”

The days of inconsistent connectivity and Internet cables are in the past. Customers are now better informed and demand instant connectivity. Despite low mobile data prices, customers are turning to Wi-Fi for better and much improved experiences. This has carved a niche market for managed Wi-Fi services. Managed Wi-Fi solutions and services play a key role in better managing the user’s access and the entire lifecycle of WLAN right from designing to installing wireless systems including proactive network and infrastructure management. Adoption of cloud based Wi-Fi services is the future.

Enterprises are on a constant lookout for Wi-Fi solution providers who can keep them in pace with the changing norms. Perfectly understanding demands of the industry, CIOReview released a list of “10 Most Promising Wi-Fi Solution Providers – 2019”. These solution vendors will help in transforming business processes through their significant offerings.

Inventum Technologies is featured in CIO Review Magazine list of “10 Most Promising Wi-Fi Solutions Providers – 2019”

Perfectly poised in this market, Inventum leveraged its deep domain expertise to launch its Udaya brand of Wi-Fi 5 products that offer a fully cloud managed experience for offices and premium homes, allowing customers to use a mobile app and control everything about their Wi-Fi experience.

Ideal for enterprises, hotspots and other public networks, the Udaya series of products are all managed centrally from a public cloud including configuration, monitoring, captive portals, SMS sign-on, payment gateway interfaces and analytics. Taking serious security measures to put any apprehensions customers may have at ease, the company used its deep expertise gained from working with its telecom customers over the years and applied it to improve security and QoS where Inventum’s access points, gateways and routers are second to none along with a list of features built for the Indian market.

Incepted in 2003, the company holds a leadership positions in manufacturing routers, access points, gateways and associated software systems permitting the delivery of an end-to-end solution exclusively using Inventum products. Inventum can provide you the wireless equipment, the backend software systems, lawful interception systems, security systems and routers that are all made in India; but more importantly, Inventum can also install and operate the entire network for you.

“Inventum’s decades of experience in large public Wi-Fi projects has translated well to managed Wi-Fi projects for Co-Living, Co-Working spaces, hotels, hospitals, office campuses and the likes.”

Making a Difference

Inventum led its first large network, Tikona in 2009, where there was a 22 city roll-out, on a scale that had never been attempted before. The company was also involved in a national managed Wi-Fi network project for PVR cinemas which is one of the largest such projects across Asia. Additionally, the company takes pride in the completion of its recent project where the backend solutions were delivered to RailTel to enable Wi-Fi at 5,400 railway stations across India. Simultaneously, Inventum has implemented 15 smart City Wi-Fi projects.

CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers.

For more details on Inventum’s Wi-Fi Solutions, click here.

Full details about the 2019 Vendors list can be found at https://wifi.cioreviewindia.com/vendors/2019/1

Inventum receives WiFi Leadership Awards 2019

Inventum Technologies has been conferred with the 3nd My India WiFi India Leadership Award 2019 for  “Best WiFi OSS/BSS  Solution” at the recently concluded My India WiFi Summit & Awards 2019 at The Imperial Hotel, New Delhi on Aug. 20, 2019 organised by DigiAnalysys.

This award recognizes Inventum as one of the top most OSS/BSS Solution provider in India. This is Inventum second year in a row. Inventum had received  My India WiFi India Leadership Award 2018 for “Best Cloud WiFi Solution”.

Mr. Anil Walia (extreme left), CSMO, Inventum, receiving the award from Mr. TR Dua (centre), Director General, TAIPA  accompanied by Mr. Pradeep Kushwah (extreme right), Marketing Manager, Inventum 

The awards ceremony was attended by imminent industry leaders including Dinesh Tyagi, CEO, CSC SPV; Sarvesh Singh, CMD, BBNL; A Seshagiri Rao, CMD, TCIL; Vipin Tyagi, Executive Director, C-DOT; K Alagesan, CMD, ITI and many other dignitary.

Mr. Sachin Mehra (extreme left), CEO Inventum, receiving the award for “Best Cloud WiFi Solution” from Mr. Anuj Jain   (centre), President, Reliance Jio accompanied by Mr. Anil Walia (extreme right), CSMO, Inventum

 Speaking on the event, Mr. Anil Walia, Chief Sales Officer, Inventum, says “We are delighted to receive the My India WiFi India Leadership Award 2019 for Best WiFi OSS/BSS Solution category. This coveted award is result of our continous efforts of improving  ISPs & WISPs customers experience and  providing them a end-to-end solution.”

Inventum’s UNIFY is a complete stack of billing & operations management (B/OSS) software. The key modules for the stack includes AAA, Subscriber CRM, Financial Accounting, Prepay & Postpaid Billing, Reseller Management, Electronic Wallet System and many more.

Inventum is a leading provider of fixed & wireless data networks technology with a strong made in India portfolio. Inventum builds routers, cloud solution, security and software systems that power some of the world’s largest communication networks. Inventum products are used by mobile operators, FTTH providers, ISP, Wi-Fi hotspots, Airports, Hospitality, Convention Centres and Smart Cities.

My India WiFi India Awards were instituted by DigiAnalysys Media in 2017 to recognise and celebrate visionary enterprises across industry segments and to focus on highlighting key trends and technologies in the WiFi segment.

ISP Routers built for Africa launched at ICT Expo 2019 Kigali

A range of routers suited for the African ISP industry were launched at the recently concluded India-Africa ICT Expo 2019. Indian vendor Inventum showcased both its hardware & virtual router products at the event.

Inventum Solution for ICT Africa 2019

Inventum believes that it’s extensive experience with ISP, WISP, hotspots and Smart Cities in India will translate well for African customers who face similar challenges.

Inventum Booth at India Africa ICR 2019
Inventum at India Africa ICT 2019, Kigali, Rwanda

“We are a trusted made in India brand with 2 decades of proven experience in developing hardware and software solutions for the ISP & telecom sector which we believe is ideal for Africa…” said Mr. Anil Walia, Chief Sales Officer, Inventum.

Presently Inventum offers a range of high speed routers, BNG, WAG, cyber security and Wi-Fi access point products. The company also provides OSS/BSS, AAA, Postpaid & prepay billing products.

Inventum Participation at ICT Africa conference
Conference at India Africa ICT 2019, Kigali, Rawanda
Inventum at India-Africa ICT 2019 show held in Kigali, Rwanda

Why virtual routers?

Most of us are familiar with routers. The little black boxes sitting in the corner of our home or office with messy wires sticking out. 

What is not common knowledge is that routers come in many shapes & sizes. Home Wi-Fi routers that are good for small number of devices and large enterprise routers that serve thousands of users. Costs also vary significantly with home routers costing a few dollars while enterprise models run into the thousands. 

No matter which category of router you fall in, it’s always hard to differentiate from the myriad choices. This is where virtual routers come in, with no hardware purchase and costing next to nothing. 

What are virtual routers?

Virtual routers are software routers that use a normal PC (or server) to do their job. 

With the advent of software defined networking (SDN) many functions of the modern enterprise are being virtualised to save cost and vendor lock-in. This is also referred to as NFV or network function virtualisation. In simple terms, functions that were performed by dedicated networking devices are now performed by software running on commercial-off-the-shelf servers (COTS).

 

The VSR

Inventum’s VSR is a virtual router that can replace any hardware router. The VSR software automatically detects the PC hardware and sets it up to function as a router. Connect your Internet & LAN to the relevant ports of the PC and voila! 

Performance

Performance of your virtual router really depends on your PC hardware. Depending on the number of CPU cores, memory and network cards virtual routers can easily handle multi-gigabit traffic. Advances from Intel® in multi-core processors and the DPDK framework have enabled network fast-paths on commodity servers.

Inventum has combined these developments with its own optimised software to build virtual routers that can deliver millions of packets per second (mpps) on Intel® Atom® & Xeon® processors. 

Go Virtual

If you haven’t yet dabbled with network function virtulization (NFV) the virtual router may be the first thing to try.

Fire up a machine on the cloud or use a hypervisor on-prem, the virtual router can address every use case that a physical router can. No lock-in to proprietary hardware and no expensive maintenance contracts. 

Download and try the VSR today!

Why Free Basics & Airtel Zero are bad for India

Free-Basics
“Free Basics is the new colonialism, its the new East India Company…”, said someone on television the other night about Facebook’s charitable initiative. I’m thinking to myself, there are no free lunches, so why is this even a debate?

Free Basics is an old debate about Net Neutrality. Its been defeated by regulation in the West, but in India we like debate. Facebook has made it so easy to sign a petition supporting Free Basics that hovering over the banner in your FB feed is enough! Many have accidentally succumbed.

Policy makers, telecoms, COAI & even TRAI are favouring a trial. They cite Delhi’s odd even car trial to reduce pollution as a precedent. Exactly how toxic pollution that is killing people compares with Free Basics eludes me.

To understand Free Basics, its first important to understand the Internet eco-system.

First The Basics

I see the Internet as a large reservoir of water. There are the content providers (Facebook & Google) who pump water into the reservoir and then us, the consumers, who tap in with little pipes drawing what water we need. The plumbing is owned by the telecom operators who charge both the content providers and subscribers for their respective pipes. The content companies make money from the subscribers who receive a service that they value and life comes a full circle.

Neutrality is in the fact that everyone gets the same water, just more or less, faster or slower. Everyone pays and none of us get champagne even if we can afford it!

Strange Bed Fellows

Circa 2000, the new new content companies were fighting tooth and nail with telecom operators. They wanted lower bandwidth prices, fatter pipes, unlimited always on Internet. The underlying motive was to drive faster Internet penetration leading to greater valuations which were based on unique user visits. Slow growth in Internet connectivity directly impacted their future.

AOL’s merger with Time Warner was an attempt to solve the slow growth problem and create a behemoth that built its own pipes and content. It has since become a corporate disaster case study.

Is Free Basics a similar attempt? Of course it is, just that the theatre is the third world. India still needs to connect billions and Facebook doesn’t have the patience to wait for our telecom providers and government to deliver connectivity. It wants to guarantee it’s market dominance in India’s future. Not charity, just plain old profit motive.

What is different this time is that Indian telecom providers want to join forces with Free Basics. Let’s try and understand their game.

How Internet Providers Makes Money

The provider game is simple. Lay a big fat pipe to the reservoir, say 1 gigabit (1,000 megabits). Then we split this pipe between a 1,000 paying subscribers, each sold a 10 megabit connection. Hold on, 1,000 x 10 is 10,000 megabits or 10 gigabits, so how do we fit all of them into the original 1 gigabit reservoir pipe? By betting on the fact that not all 1,000 subscribers will download at the same time. This is what we call oversubscription and this is how we make money.

Subscribers only see the ill effects of oversubscription during peak hours when everyone starts downloading and consequently everything slows down. Oversubscription to my mind is fair game, so long as it doesn’t mess with the end deliverable.

Content Differentiation & Deep Packet Inspection (DPI)

So how does a service provider differentiate content? How does your ISP create differential pricing?

DPI technology has been widely used by ISPs and telecoms to look inside your Internet traffic. Most people don’t know that their ISP is already differentiating P2P & torrent content, throttling it down to improve oversubscription and pack in more paying customers.

Free Basics, Airtel Zero and other similar initiatives all use DPI to control ALL your flows, throttle & (eventually) charge depending on what you access.

Think of it like a new toll gate for every website you wish to go to. Its only a matter of time that premiums will be linked to peak hour traffic!

How Airtel Zero Would Make Money

Airtel Zero is simply a differential pricing game. Zero charge for curated content, delivered faster, regular charge for everything else. An express lane of sorts, for the wealthy content owners to expand their market share while telecom operators add to their profits by charging the content providers for delivery. Of course, the real game all along is control over the medium and eventually the customer.

Imagine if your electricity company could charge you on the basis of which appliance you used in your house? Large appliance makers would subsidise electricity giving them an unfair advantage in the marketplace, making it tougher  for smaller appliance companies to compete. And in time, the nexus of the appliance and electricity companies would monopolise the market, affecting all consumers.

 

How Facebook Would Make Money

If Facebook is the only channel you can watch on TV, what would advertisers be willing to pay? You do the math.

With nearly a billion people waiting to come online in India, Facebook wants to accelerate connectivity, while ensuring they become the de facto medium with a captive audience.

No thank you, but India is done with colonialism. We can pay for our citizens to come online in good time.

Conclusion

The Internet is a great leveller because you cannot differentiate upon the end use or user. Governments should focus on building affordable broadband services accessible to all citizens with a view to empower and provide a level playing field to all stakeholders. TRAI & COAI should stop pushing agendas that are less than charitable.

Telecom operators must focus on building capacity, improving service quality and ridding themselves of a monopolistic mindset. Data is growing rapidly and companies like Airtel have benefitted greatly from 3G growth. If anything, they are responsible for driving voice tariffs to global lows and now trying to slice and dice the Internet is poor strategy.

Facebook should realise that free Facebook, WhatsApp & Instagram ain’t making anyone smarter. And basics without its competitor Google is a dead give away!

 

 

Full disclosure – I work for Inventum, one of the only carrier-class Indian router manufacturers. The company provides Broadband Network Gateways (BNG), DPI appliances, Routers, Billing & Provisioning systems for telecoms and Internet Service Providers. The views expressed here are my personal experiences as an entrepreneur in the Indian high-technology space.

 

Why Most Public Wi-Fi Hotspots Fail

Public WiFi hotspots have been around for over 15 years. New ones are being created everyday… and are shut down everyday as well. Various state governments in India are in the process of setting up public hotspots as part of their smart cities initiative. The Delhi Government went one step ahead and promised 30 minutes of free Wi-Fi to everyone, everyday. It’s a noble undertaking, but unless they really think it through, it’s unlikely to be more than an election promise that was delivered, but didn’t do anyone any good. Sort of like the BRT.

To put it simply, the problem is a combination of the user experience and funding model.

Hotels that bundle the cost of Wi-Fi in the room rent or large coffee chains that simply write it off as a utility expense like electricity or air-conditioning have a very well defined business model. They know that the revenue earned from their core business (room rent, food and beverages) can be enhanced, or at least sustained by making their location more attractive to customers with free Wi-Fi. Because they know the number of rooms they have, they know the number of visitors they can expect and hence, know how much it will cost to provide a certain quality of Wi-Fi. So, if the cost vs revenue ratio is acceptable, the service is provided and everyone’s happy.

The situation with most other hotspots isn’t so straightforward. Where there’s no clear way to recover the cost of Wi-Fi from other sources, operators attempt to entice customers with a few minutes of free Wi-Fi and then pester them to make an online payment or watch an advertisement. Here’s where the problems start.

Unless we’re just hanging around an airport waiting for a flight to be called or killing time at a coffee shop, most of us don’t have more than a few minutes to spare to sync emails or search the web for a phone number or whatever.

But the experience of connecting, registering, paying, logging in and finally using most public hotspots is so cumbersome and time consuming, that most people don’t bother. Unless the Wi-Fi service is far superior (i.e. faster, cheaper, reliable and convenient), most of us would rather just use the data plan of our mobile phones and be done with it.

The customers don’t use the Wi-Fi beyond the free period and the operators don’t make any money. Everyone loses.

There are ways to make it all work and it has been done before successfully. This article mentioned that Vodafone India might be moving in the right direction. So far, nothing has been announced officially. I guess we’ll just have to wait and watch.

Digital India, an entrepreneur’s perspective

Back in 1983, I fell in love with computing on the BBC Micro & the Sinclair ZX Spectrum+. Having access to a computer was a small miracle back then. What was cooler was that the computer at school, a SCL Unicorn (clone of the BBC Micro) was made by Semiconductor Complex Limited Chandigarh, Punjab. The micro was legendary & my fellow enthusiasts may recall that today’s popular ARM architecture had its genesis on one of these very puppies.

Fast forward 30 years and India’s electronics import bill is poised to over take oil, topping $400 billion by 2020.

How did we get here? How does a nation that launches missions to Mars become a relative nobody in the high-tech electronics (ESDM) space.

The Services Gold Rush

We can’t build them, but we can programme them. And programme we did. Infosys, Wipro & HCL are stuff of legend. They got the country hard earned dollars in dark times. The brightest emigrated, most ending up in silicon valley where alongside the Chinese they dominated.

And while we got the gold, at home we forgot about the hardware bits – Research, Design, Development & real innovation. I guess that was relegated to government run ISRO, DRDO & other similar institutions.

Mamla Risky Hai (Matters of Risk)

The Israelis have made a fine art of creating, growing and then harvesting multi billion dollar tech companies. At the heart of their success lies a strong will, the right eco-system, risk capital, experience and serious R&D. The Chief Scientists’ Office (CSO) of Israel plays a central role in startups, providing capital, forging joint ventures, incubating & nurturing. Above all, the CSO is very protective of Israeli Intellectual Property.

India has no CSO equivalent, but has excellent talent (IIT aside) and daring entrepreneurs. Then why aren’t we seeing world beating Indian product companies in high tech? I believe a lot has to do with the lack of high risk capital for investment in basic research which is crucial to invention, creative destruction.

The truth is that tech services is a sure shot, building networking equipment for telecom or defence is not. Our financial apparatus including banks, private conglomerates, venture funds & the government really don’t like risk unless they can own and control it.

A conversation I had with one of India’s telecom Tzars many moons ago for for investing in telecom equipment startups summarised the sentiment “telecom is about regulation, not technology… our job is to manage regulation, sales & marketing; the tech we have outsourced to the Americans & Chinese…”.

It is no wonder then that despite being the second largest mobile market on the planet, we do not have a single Huawei, Cisco or Ericsson of our own. The gain of our mobile operators from sweetheart deals delivered by foreign vendors and their Exim banks ensured that any Indian innovation in core telecom products was killed off. A tragedy, considering a large part of our $400 bn import bill in 2020 originates from telecom. Those iPhones really add up quickly.

Risk capital is not available to Digital India entrepreneurs period. What you can get is high interest debt. Schemes of the government are dysfunctional, impractical targeting a few lacs to get you started, but how does one compete with Cisco & Huawei? Almost all tech VC funds are foreign and the flavour of the month seems to be E-Commerce. So how do $1-5 million revenue companies in Digital India access capital without pledging their homes?

Government Stimulus

Would India be a market leader in auto components had it not been for Maruti? Probably not. And what of India’s IT boom without the early income tax exemptions. And what of our crony capitalist, none of whom would have existed without government patronage.

So why is ESDM the bastard child? Maybe ESDM was missing its crony!

The most recent meaningful regulation in ESDM has been PMA. DeITy notified the Preference to Domestically Manufactured Electronics Goods (PMA) in 2013. The policy promotes Indian goods by reserving part of government tenders for local companies. No concession on specifications or quality, only exemptions from tender conditions like “must have 5,000 cr net profit for the last 3 years”; after all which Indian company has that! PMA was instantly opposed by COAI, probably because private telecom operators were made party to it. Their chief argument was that Indian companies cannot ever make telecom gear. It eludes me as to why potentially the biggest sponsors of telecom ESDM would oppose PMA. And while PMA was diluted to apply only to PSU purchases, it did yield immediate results with two silicon fabs being announced.

For me, the government’s message to foreign vendors was loud & clear – India no longer wants to sell services at $50/hour, we want a piece of the Intellectual Property pie, to be registered, manufactured & taxed here.

What Indian companies need are many more policies like PMA. More government stimulus, capital & industry sponsorship. Defence must participate too.

Make in India

Nothing is easy to make in India. Its hard enough to set up an office, let alone build a product. Being an Indian entrepreneur reminds me of the video game Asteroids, fragments of menacing celestial bodies coming at you in full force from all directions. Patience is crucial to persevere.

And then Modi’s Make in India happened, Digital India happened. He put sexy back into making hardware. He did in 3 words what we had struggled to do for decades. There is hope.

I believe the road is going to be long and arduous. We need to sort out our labour laws, manufacturing, incentives, logistics, taxes, ancillary industries, human resources, IPR laws and so much more. And while foreign vendors like Cisco are already taking advantage, its the smaller Indian entrepreneurs that need to be empowered to drive this revolution.

With Mr. Modi on his way to Silicon Valley to woo the diaspora, my question is, who is listening to the little guys at home.

 

 

Full disclosure – I work for Inventum, one of the only carrier-class Indian router makers. The company provides Broadband RAS, Service Routers, Billing & Provisioning systems for telecom, enterprises, education & hospitality. The views expressed here are my personal experiences as an entrepreneur in the Indian high-technology space.