Image removed.

Assessment of Cyber Security in India

/ June 3, 2020

Internet usage in India is growing rapidly, and along with it comes the rising challenge posed by cyber crimes. Cyber criminals, with their expertise and sharp thinking, breach security and conduct cyber thefts. They siphon away funds, install malicious software, viruses, send phishing emails, disrupt critical operations, impose high costs on the economy and destroy business and lives. The irony is that not only the ignorant but also well-educated and informed individuals fall prey to their well-planned cyber attacks. All this exposes the inherent vulnerabilities of the Digital world. Today, we find instances of sponsored cyber-attacks and the presence of organised crime syndicates behind such breaches.

India is one of the largest economies of the world and any instability caused due to such cyber-attacks can have repercussions not only for us but on the rest of the world due to its ripple effects. NITI Aayog Report indicates close to 730 million internet users in India with 75% new users coming from rural areas who also consume data in regional languages. There is a whopping 83% growth in mobile video content and close to a billion online shoppers in recent times. With the bandwidth that 5G technology enables, data volumes and the number of connected devices and sensors is all set to blow up exponentially. Today India ranks among the top 10 spam sending countries of the world. It is also among the top 5 countries affected by cyber-crime worldwide. The collective lack of response across the board indicates lack of planning and unpreparedness for cyber threats today that are very real, existent and ongoing.

Niti Aayog report

Source: Cyber Security Niti Aayog report

Security teams today have to deal with more online threats than ever before. With so many organizations undergoing huge digital transformations, awareness of the ongoing looming presence of cyberattacks continues to grow – not only for large organizations but also for small businesses.

Banks are one of the most common and favoured targets for cyber-attacks due to the quantum of wealth and the sensitive nature of information involved. Threats that a bank faces due to cyber-attacks include breach of customer data, privacy attacks, loss of reputation and goodwill, business discontinuity, loss of assets or business information. It also results in huge costs for post-breach business security revamp, claims and lawsuits from effected parties and penal actions from regulators. Such data breaches can make it difficult for the public to trust financial institutions. This becomes a serious problem for banks as their entire business is based on the principal of trust. Thus, a weak cybersecurity system is not an option available for banks.

Cyber-attacks act as a major deterrent to their business operations. It is important for banks to protect and secure their customer assets. Banks need to notify the customers of these vulnerabilities so that they in turn can also better protect their investments. While it has been made mandatory for banks to notify the RBI whenever there is a security breach it is also imperative that the customer and public at large is also kept informed. Today, we are made aware of such breaches often due to the leaked data found on the Internet.

With the bandwidth that 5G technology enables, data volumes and the number of connected devices and sensors is all set to blow up exponentially. Technology that tracks user wellbeing, monitors movements and lifestyles would need higher levels of security against such cyber breaches and data theft. While it may be impossible to eradicate these breaches completely, we need to handle the aftermath correctly to lessen the blow and control the damage. We need to accelerate incidence detection, response automation in real time and successful counter-measures and resolutions.


What can be done to mitigate the risks?

Cyber security is the shield we need to safeguard our assets. It defines our security perimeter and employs protective mechanisms for safety and security like installing firewalls, antivirus software, routine system security checks and updates, alerting us about secure websites, data encryption, data backup, use of virtual private network.

Secure login credentials, routine password changes and automatic logouts after an interval of inactivity are also incorporated for safety and security. Multi factor authentication, one-time passwords (OTP) and Single Sign-On (SSO) provide another layer of protection. Use of biometrics like retina scans, thumbprints or facial recognition to confirm a user’s identity is also actively used. It is widely recommended to limit our social media presence and keep a check on the personal information we share over the Internet. As a practice, we should never leave our data unprotected and take measures such as locking our smart phones and computers, never having bills, bank statements and other sensitive information lying around, unattended or simply discarded in trash.

Artificial Intelligence today is increasingly playing a big role in cyber security by processing and structuring huge volumes of data and analyzing their complex nature to come up with deep learning algorithms and solutions that can match complex, massive and time sensitive threats. Cyber security experts are coming up with models and applications with advanced security solutions using cutting-edge technology. However, defense paradigms that are based on previous knowledge of attacks sadly prove grossly inefficient in a constantly evolving environment. Attack technology regularly outpaces the defense technology developed.
 

Defense layers

 

Is India equipped to deal with this risk?

It’s starting to dawn on everyone that having a highly effective cybersecurity strategy and cyber incident response plan is not just a luxury for the well-informed; but an absolute necessity for all including the public, economy and nation as a whole.

Today, most equipment and technology used for setting up cyber security is procured from global sources. We need a comprehensive, unified and integrated approach to tackle this menace, which is applicable to all agencies and organisations both public and private. Government should also take proactive steps to catch these infiltrators and criminals to prevent any future threats and attacks. Regulatory agencies also need to get involved and should be more forthcoming in the event of such attacks. As more organizations and experts come together, our collective defense grows stronger.

In conclusion, the demand for cybersecurity professionals will continue to exceed the supply. There is a lack of academia and inadequate research and application facilities in India. Organizations need to plan for expanding roles in cybersecurity workforce. This would in turn mean Cyber security curriculums need to be introduced. Government should partner with the academia and private sector to strengthen the security of the economy.

Vidya Menon

Vidya is a program mentor with IFBI. She brings 17 years of BFSI industry experience having worked Retail Banking with AU Small Finance Bank, Yes Bank, DCB Bank and ICICI Bank.

She has managed RMs and customer portfolios during her tenure as Branch Manager and Branch Service Delivery Manager. Has sound knowledge of bank products, processes and selling techniques. Vidya is a graduate in Commerce and Masters in Financial Management.