A robust cyber security system must for digital India

As India becomes increasingly digitised, cyber security threats assume menacing proportions. Systems must be put in place to counter this.

It is not only Prime Minister Narendra Modi’s dream of “a digital India where cyber security becomes an integral part of our national security,” but also, former defence minister Manohar Parrikar had warned that wars in the future will be fought in cyberspace. In this context, it is important to realise the importance of cyber security and what it means for the country’s defence and progress. Every regiment needs a strong defence to be invincible. Digital India can’t do without the protective wall of cyber security.

From smartphones and broadband networks to cloud computing and business data analytics, the Information Technology (IT) industry has witnessed tremendous growth in the last decade in India. It is expanding with each passing day. The Modi government aims to transform India into a digitally empowered society and knowledge economy by promoting accessibility of digital infrastructure as a utility to every citizen and ushering in an era of e-governance at strategic levels.

While the present government’s push to integrate information technology as an indispensable part of  citizens’ lives is commendable, the vulnerability and misuse of personal, professional, and national security data are ringing alarm bells.

According to the ‘Cost of Data Breach Study in India 2016’, the average total cost per data breach paid by Indian companies has increased by 9.5%. According to another recent study by the ASSOCHAM and PWC, the registered numbers of cyber crime cases in India (under the IT Act) have surged to a whopping 300% between 2011 and 2014. With reports of data breaches every other day, most of them resulting in grave financial or privacy losses, there is no alternative than to sit up and take note of the threat, and now.

The digital space in the country is susceptible to various types of intrusions such as cyber espionage, stealing of data of commercial value or national importance, electronic frauds via hacking, attacks on open networks (disrupting services for a temporary period), large-scale digital assault, and so on.

As India takes significant strides towards a cashless economy and more data is being generated and stored on company networks, the risk of data breaches is also multiplying. White-collar crime has evolved into a smarter avatar in the last five years, and terrorism in India is witnessing a moment of change from the operational perspective as cyber goons are adapting newer technologies (such as spywares and malwares).

Businesses nowadays work with one or more outsourced partners. Resultantly, data sharing is no longer confined to insiders. Moreover, while organisations may spend huge sums of money on password authorisation mechanism, employees casually share their system passwords with each other giving access to various people, which actually defeats the very purpose of security administration. When it comes to data protection and cyber security, it must be noted that even small mistakes by employees, or mischief by insiders or outsiders, can cause long-term damage of reputation and massive losses.

Thankfully, India has not seen the kind of high-profile attacks that the advanced economies have in recent times, which explains our attitude of nonchalance and measly cyber protection budgets. While cyber crime is considered as a major threat faced by businesses, most often it does not form a part of the management board agenda.

Way forward
Intruders are using a variety of methods and technology to attack our systems. This ranges from seeding malwares to complex attacks such as Advanced Persistent Threats (APTs) and Distributed Denial of Services (DDOS). The critical success factor for securing integrity of data in this ecosystem lies in our capability to defend. This requires a radical shift in the core competence of today’s cyber warriors. A security professional will require strong analytical knowledge to evaluate and predict vulnerabilities. India will need more and more security professionals with skills to configure and use threat detection tools, perform data analysis, interpret the results to identify vulnerabilities and threats to an organisation.

A lot more needs to be done by authorities, enterprises, individuals and other stakeholders in upgrading India’s cyber security to match global standards. More importantly, cyber security breach and its governance are two important areas which need to be addressed.

Setting up of national cyber security architecture in consultation with recognised industry bodies can help in monitoring and fortifying network systems in the country. Private entities need to safeguard their digital assets, be aware of new threats and keep pace with technology by adapting a people-centric, multi-pronged approach.

Cyber security is no longer restricted to high-end computer learning, but practically percolates into almost every aspect of our daily lives. Again, defeating a cyber attack requires combined participation and sustained efforts from both public and private sectors.

As per estimates by NASSCOM Cyber security Task Force, India will need 10 lakh trained cyber security professionals by the year 2025. CompTIA’s International Trends in Cyber Security research reveals that nearly eight out of 10 managers responsible for network data protection expect data security to become a more important priority for their companies over the next two years.

Of course, acknowledging the fact that cyber thieves are probably a step ahead and hence, making netizens aware of risks is the first step. But, protecting computer networks from illegal attempts of accessing protected information on the internet requires a lot of expertise. Education and awareness in this field must be seen as key pillars to effectively combat the red eye of cyber security threat if Digital India is to spread its wings.

(The writer is Regional Director, CompTIA)