By Anmol Mathur, VP & Head, Engineering & Technology
The pandemic proved to be a threat for India’s cybersecurity that led to the leaks of Covid-19 test results and a cyberattack on systems of an airline service provider that resulted in the leakage of personal data of 4.5 million passengers. According to a study by US cyber tech firm CrowdStrike, on an average, companies across the world take seven days to respond to cybersecurity breaches, in contrast, Indian companies take around nine days. These statistics push India to the bottom of the list when it comes to dealing with cybersecurity threats and attacks.
What’s upping India’s cybersecurity threat?
India is one of the fastest-growing markets for digital technologies fuelling government’s push towards actualising its Digital India mission. Whether creating broadband highways or rolling out services such as DigiLocker and e-governance schemes like the Jan Dhan Yojana, the government has pushed for as much digital adoption as possible over the past five years.
India now has over 1.15 billion phones and more than 700 million internet users and makes it a large pool of digitally vulnerable targets. The pandemic has only exacerbated this problem as it resulted in an even heavier dependence on digital technologies. From payments to e-shopping to WFH, the pandemic led to greater adoption of interconnected devices and hybrid work networks. Consequently, this vast and rapid expansion of digital assets have increased the surface area for cyber-attacks by malicious actors and adversaries. The recent spate of attacks on electricity grids and financial institutions should alert us to the true possibility of potentially dangerous scenarios in the future.
You have successfully cast your vote
Cyber threats are of varied nature and some of the key notable ones would be i) Malware, Viruses, Trojans, spywares, ii) Backdoors, which allow remote access, iii) DDoS (Distributed Denial of Service), which floods servers and networks and makes them unusable, iv) DNS (Domain Named System) poisoning attacks, which compromises the DNS and redirect websites to malicious sites.
What makes it so hard to implement a cohesive cybersecurity policy?
One of the hardest problems for policymakers to navigate is that cybersecurity laws involve several different moving parts. Whether it is the problem of hardware and software being of foreign origin or the terabytes of data that is parked on servers outside India, lawmakers face a slew of hurdles while trying to draw up concrete policies. Additionally, the rush towards digitisation in almost every sector has led to increased collaborations with application service providers. This is done to provide customers with the best apps and services in the shortest possible time, however, due diligence is often overlooked in the process. Also, much of the infrastructure that needs to come under the ambit of the law belongs to the private sector, crippling lawmakers’ ability to implement policies that secure the digital environment.
While India Cyber Security Strategy is in the works, there is a need for certain non-negotiable elements in our overall approach to fighting cybercrime in India. To begin with, we need a single nodal agency to enforce strict laws and penalise entities if they fail to step up their cybersecurity investments – much like what the RBI does with financial institutions and banks. Currently, there are multiple government agencies, both at the state and national level and there is a dire need to combine all these independent taskforces to create synergy. We need a national cybercrime cell that can leverage resources to tackle threats and breaches.
Additionally, business organisations and companies must also bear some of the responsibility of creating defences against acts of cybercrime. Human error is the leading cause of data breaches and Companies must train their employees to be vigilant and avoid becoming vulnerable targets for cyber-criminals. Strict SOPs can be put in place by company HR departments. Organisations must also bring on board cybercrime experts to put in place guidelines and SOPs in case of a cybersecurity threat. Additionally, corporates must look at conducting regular threat analyses – such reports can help build increased awareness about risk factors and provide an honest analysis of an organisation’s preparedness in the event of a breach. Indian Organisations spends in appointing physical security for its physical infrastructure and its imperative now to also have a similar mindset to secure their digital infrastructure and mobilise resources accordingly.
India is at a critical juncture, and we must integrate cybersecurity with our national agenda and weave it into broad initiatives, both strategic and socio-economic. To do this, India requires a robust cybersecurity strategy that safeguards government systems, citizens, and the business ecosystem. This will not only help protect citizens from cyber-threats, but also boost investor confidence in the economy.
Additionally, it will create employment avenues in this field. According to the latest reports, there will be about 1.5 million job vacancies in the cybersecurity space by 2025, and to provide candidates with the right skills to excel, Times Professional Learning offers a PG Certificate Programme in Cybersecurity. The eight-month-long course moulds candidates to take up roles such as cybersecurity analyst, network security specialist, cybersecurity manager, cybersecurity architect, and other C-suite positions such as chief information security officer.