Lucideus Tech Founder On The Security Of Aadhaar, Issues Around Cyber Security And More
Saket Modi, co-founder and CEO of Lucideus Tech, a cyber security platform and services company, has been there and done it all. A computer science engineer by education, Saket is an entrepreneur, an ethical hacker, and has also been awarded the title of “Indian Ambassador of Cyber Security in Education” at the National Education Awards 2013. He and his team were responsible for the security assessment of the BHIM Application developed by the National Payments Corporation of India and launched by Prime Minister Narendra Modi.
Over the years, Saket has won multiple leadership and innovation-centric awards: 30 under 30 by Forbes Asia Magazine in 2016; 30 under 30 by Forbes India Magazine in 2016; 35 Under 35 by Entrepreneur Magazine in 2017; 20 Under 26 by Vogue Magazine in 2017; and 21 Young Guns by iBrands 360 in 2016. He has been invited to address the boards and leadership teams of multiple Fortune 500 companies including CitiGroup, HSBC, Visa, McKinsey & Company among others.
Like knights in shining armour, Saket along with his team at Lucideus, have been instrumental in providing digital risk management services to multiple Fortune 500 companies across the globe. In a candid AMA with Inc42, Saket reveals more about the big bad world of cybercrime, why he thinks everything is hackable and how knights like him are fighting to keep the shine on in cyber security.
Here are the most interesting revelations from the session.
Question: What are your concerns about Aadhaar as a private citizen?
Saket Modi: I am running a startup which works with some phenomenal fintech companies. Considering that and how the world is embracing technology, with the government going with the Aadhaar card and the technology behind it, a technology like that doesn’t exist anywhere on the planet. This is not something which can be done by any private organisation. The integration of Aadhaar with the BHIM app enables you to make a payment using your fingerprint without the requirement of a credit or debit card or even a phone. If you think of it, it is just one step behind Amazon’s contact-less checkout options in Seattle.
The good part about Aadhaar is the availability of biometric and retina scanning and it is linked with bank accounts. So, in the future, you could walk into a retail store, pick something, and while you walk out a scanner scans your eyes and deducts the payment. There are now 500 Mn accounts that are linked to the Aadhaar card. You are talking about half a billion people able to do that in India while it is still being done as a pilot from Amazon in Seattle. This is literally leapfrogging into the future where the government finally is embracing technology. I think this needs to be supported on all fronts.
Question: Has Aadhaar’s biometric actually been bypassed? Is there any way to enroll for Aadhaar and still keep your personal information safe?
Saket Modi: Coming to hacks or challenges to this technology, I must tell you that there is nothing called non-hackable on the planet. JP Morgan spent $1 Bn on cybersecurity this year and is still being hacked. So, what I am saying is that the advantages of becoming a technology-enabled society are far more than the challenges associated with technology. So, I find this funny where we debate whether we should go the technology way. Technology is the future but I am all in for more regulations, more policies, having the kind of regulatory cyber security bodies. But Digital India should not be in question.
Let me be clear – there has not been a single incident where the biometric database of Aadhaar has been hacked. Aadhaar is an open API system. In fact, I compare it to the iStore or Apple Play Store 10 years back when they were launched newly. They enabled the entire human race with an open platform of resources to be used by developers to make their own applications.
Exactly the same way, the beauty of Aadhaar is it’s not closed. But security-wise it’s close to one of the top standard security systems.
Yes, Aadhaar card numbers have been made public but then they are like email ids. Just by having someone’s Aadhaar does not enable you to be able to do any fraud or any transaction. And remember, you were already giving your fingerprint information when you land in a foreign country. So I don’t understand why people are questioning that when the same technology is being used to bring about much more technological advancement with it. So don’t be worried about the security of your Aadhaar card information with the authorities, it is pretty safe.
Question: How do you secure yourself on the Internet?
Saket Modi: The easiest way to secure yourself on the Internet is to assume that everything that you do is already hacked. There is no technical control that I am talking about right now – I am not talking about firewalls or antiviruses. There are ways to get into a computer which is not connected to the Internet or a network also.
Question: The biggest lie on the internet: I have read and agree to the License Agreement. Your thoughts on the same?
Saket Modi: I agree with this, there is no free lunch. Don’t forget you are getting access to cutting edge technologies, thanks to the Google and Facebooks of the world. And the amount of money you have paid them directly is zero. But remember the saying that when you are getting a great product free of cost, you are the product which is being sold out there. I don’t think that there is something wrong that a Facebook or Google is doing. That is their business model and you know this very well. Think of the power, the enablement a Google/Facebook gives you today without you paying anything. So, it’s in all fairness that they make you sign the agreement which allows them to use their data as they want to. It’s not as ambiguous if you read that you will find out. I think that’s something we will have to be ok with.
Question: You have now worked extensively with the government. What do you think are the differences in working with a private company versus the government. Do they pay you on time?
Saket Modi: When you start a company you have to take a call on what segment of the market you want to target. From the very first day, we decided that we would want to be the one of the most superior names on the planet when it comes to competence around cyber security. As a result of that, the price we charge our customers is fairly expensive. We have the largest companies and banks as our clients. So, payment is not a problem as most don’t default. I have never had a default as these are generally big names that we work with. Even very big companies have their own credit period terms but then we have a finance team that chases them. I don’t have a long list of public companies I am working with.
The government, traditionally, had a problem of not wanting to work with a company whose turnover is less than, say, INR 1,000 Cr. These things were not favouring young companies like Lucideus. However, on the other side, having worked with a couple of government initiatives such as BHIM and UPI, they have been fairly open in the near past. The question was not how big your turnover is but what is it that you bring to the table, what is your technical competence. So, the entire concept of government companies working with private companies/startups is changing.
Question: Lucideus Tech managed to gain funding from some big ticket names such as Rajan Anandan. How did you swing that?
Saket Modi: We have only taken angel investment and not institutional investment. And there’s a reason behind it. Till last year, we have been growing 700% year-on-year and we were cash flow positive. This was great being a services company that we were for the last four years. However, we built this platform SAFE. Building a services or a product company is different. When I started building a product company, I realised that I needed certain people who can mentor us and for a young company like us. That’s when I tapped into and reached out some of the most senior most folks in the industry who have produced successful products used on the B2B or B2C side. Also, we were looking at people who could help us on the development side.
I mailed them or tapped them on Twitter. Fortunately, I was at that point where I was going simply ahead and finding out how many of them are on my speaking panel sessions as I have been fortunate to be a speaker at a lot of conferences across the globe. A lot of people were already chasing us for investing but when we didn’t need the money, we didn’t take it. Even with this round, we were very clear that the objective is not taking money but more importantly their guidance. The money does not have to be the ‘A factor’ always. As Lucideus is a focussed B2B top of the pyramid company, the requirement of capital is not very large for us.
Question: In many cases, people/companies don’t even know that their security has been breached. How do you think one can keep a check on this?
Saket Modi: I will share something very interesting with you based on a study last year. The most popular way in which companies get to know they are hacked is through YouTube. So imagine this, you have Chief Security Officer of large companies receiving a video link on their YouTube channel which is showing how to hack their own company. It was one of the most popular ways! So, yes, we are still living in a world where a lot of hacks are happening and people don’t know about that. However, things are changing.
That’s the reason there are companies like Lucideus and other cyber security companies where proactively we can look at and analyse and keep a tap on that.
Question: Please share your views on Cyber Insurance. Have Indian companies started adopting it after the recent ransomware attacks?
Saket Modi: Cyber insurance is coming up in a big way, considering there are companies that are basing their business model on technology these days. There is a clear interest from some of the largest companies to have cyber insurance. It’s not a new thing, it has been there before, from almost a decade, but it’s only now that companies are taking it very seriously. We work with a lot of cyber insurance companies globally in helping them assess the cyber insurance posture of a company who they are trying to cover.
We do the cyber security maturity assessment of the company and based on that and other factors such as the turnover of the company, they quote their premiums. Many regulations are also coming up – one big thing is the General Data Protection Regulation (GDPR) which will be implemented the European Union from May 15, 2018. So, any company in Europe or a company which wants to work with a European company will have to be compliant with GDPR, otherwise, your penalties can be as big as 1% of your turnover. I am very sure things like this will very soon be adopted in India too.
Question: How does life change after being a part of Forbes 30 under 30?
Saket Modi: I am a very young entrepreneur and for any young entrepreneur to be recognised on a globally accepted platform like Forbes is phenomenal. It really is a validation of the direction in which we are going. However, there is a counter side to the whole thing. Forbes recognises 30 people under 30. But I believe that if you are confident that what you are doing is good, it’s ok to be recognised, but even its absence is ok. Because you should know your worth and the impact you are creating rather than being super happy about an external validation. Because the moment something goes wrong, they will readily put you in the last 30 list also.
If you start taking the Forbes 30 list seriously, the problem is that you will also get affected if you are not in that list. Remember there have been too many entrepreneurs in that list too who have failed because their only achievement was raising money. So, I feel, these lists are a great thing to have. However, they should not divert your attention to the point where you become overwhelmed with the list. Remember the awards also have their own agenda in fostering the right kind of stories so that other people can take inspiration from them.
Ultimately, Saket Modi believes that the lists that your name features in are not the cause, just like a system called Aadhaar that is being used by half a billion Indians. The company that you build, the impact that you create, the culture that you build is the real cause. All the jazz around it is the effect. And that’s what he intends to do in the field of cyber security with Lucideus Tech.