I remember, a very responsible person who is suppose to head Information Technology once said, "We have raised the building walls to 10 Feet and i assure the Aadhar Data is now secure"
This statement itself reflects how much we know about Cyber threats and what we know about such threats.
In the last two decades, technology has undergone a paradigm shift. Technology has played the role of an enabler in improving our daily life. Technology has its benefits, but it is not devoid of challenges. It enables health care, transportation, communication, education, entertainment, banking, etc that improves our living standards, and life expectancies. But the flip side is that it also comes along with inherent challenges of cybersecurity.
Cybersecurity poses bigger threats than any other spectrum of technology. Cybercriminals have mastered the art of driving cyber-crimes such as frauds and thefts by manipulating technology-controlled devices for their ill intentions.
Birds eye view of the Indian landscape
According to Mary Meeker’s 2019 Internet Trends Report, global internet users have touched 3.8 Bn which is more than half of the world’s population. Of these, China was found to have the largest internet user base at 21%, followed by India at 12%, and the United States at 8%. In India, the large internet user base has the power of data. As per a report by Swedish telecom equipment maker Ericsson, India has the world’s highest data usage per smartphone at an average of 9.8GB per month; this will double to 18GB by 2024. This growth and drive towards digitization have also increased vulnerability towards cyber-attacks.
As per Internet security threat report (ISTR) of Symantec 2018, India ranked third in the list of countries where the highest number of cyber threats were detected, and second in terms of targeted attacks in 2017. India was ranked second globally when it comes to spam and phishing (misleading emails, weblink etc). In recent times, with the rise in the value of crypto-currencies, a new cyber attack from crypto miners was detected in the country where criminals stole computer processing power usage from consumers and enterprises to mine digital currencies
The majority of cyber attacks are driven by motivations like intelligence gathering, disruption, sabotage, financial.
The public information in India is not as safe as it should be. We are one of the fast growing e-commerce economies, we are also one of the largest connected economies. The size of user data India offers to the world of data science is unprecedented. It generates bigger incentives for cybercriminals. It is not only about the user information in the form of public data or consumer data but the business data is also not safe. We understand that business transaction has gone digital, supply chain or the service chain is all integrated and digital, most of the financial transaction if not all is digital. In this connected economy, we need to have our information protected. The sad news is, despite an increase in large-scale cyber attacks, a majority of Indian companies seem unprepared to tackle these challenges. It will only be apt to say that it is a function of lack of awareness, interest in building a protected data architecture and practice, nature of last mile device connections, and most importantly national level architecture of cybersecurity.
In India, critical infrastructure is owned by the public sector, private sector, and the armed forces. In most of the cases, they have their own cybersecurity agencies. In most of the cases, these large enterprises don’t even have cyber security cell, and even if they have they have no defined policies, architecture, and practices; cybersecurity for them is an extension of the web development or IT support function. There is no organization security architecture that unifies organization level data or uniform national security architecture that unifies the efforts of all these agencies to assess the nature of any threat and tackle them effectively. As there is no National regulatory policy in place for cybersecurity there is a lack of awareness at both company level as well as individual level.
It is important to understand that unlike countries or states, cyberspace has no boundaries. It is important to have a progressive and structured cybersecurity policy. In absence of such policy and strict implementation of the same, we are exposing our armed forces, public and private enterprises, banking, etc. to cyber-attacks from anywhere.
This could result in security breaches at a national level, causing loss of money, property or lives. To respond to possible threats on the country’s most precious resources, there is a need for a technically equipped multi-agency organization that can base its decisions on policy inputs and a sound strategy.
There is a strong need of the agile cybersecurity policy and government needs to work on the same. The policy that is updated regularly by changing the technology landscape. Though the government is not as swift as they should have been a few Indian enterprises is working on their cybersecurity roadmap. They understand that India’s cybersecurity landscape is passing through a transformational journey. They are working on developing innovative tools to safeguard their organizations from cyber attacks and threats.
India’s cybersecurity needs are not that different from that of the rest of the world. India needs to be well prepared with cybersecurity tools and solutions not only for its domestic needs but also for the global offerings. According to a Nasscom, Data Security Council of India & PwC Report, India’s cybersecurity market for products and services will grow up to $35 billion in 10 years from the present $4.5 billion. This is yet another opportunity for the established IT players and start-ups to make maximum out of it.
The immediate opportunity for the cybersecurity experts and players includes – data protection framework for Aadhar and similar other initiatives, data protection framework for all e-commerce players, and digital banks, ML/AI-enabled solutions, IoT-enabled solutions to achieve automation and efficiency, cloud-based security model, blockchain based security model, etc. The cybersecurity experts and players who will focus on these areas of development will not only build a global business for themselves but also will help the Indian cyber security ecosystem grow and mature. This journey must be managed by professionals and supported by the government. It is the right time to have an independent governing body like Nasscom for cybersecurity.
Another post will have some details about the work done by government and what I would be doing in next few weeks.
This Article is a research paper compiled jointly by me, and one of my friend.
All Content in this article is free from any Copyright as our idea is to engage with people and spread awareness about growing Cyber Threats in India
No comments:
Post a Comment