India was previously, “off-the-radar” for cyber criminals but attacks affecting the Indian IT and cyber infrastructure are increasingly common. The latest incident of the ATM data breach (touted as one of the biggest cyber attacks in the country) underlines the critical need for a more robust framework to combat cybercrime and address the shortage inadequately trained experts.
Frequency Of Cyber-crime Incidents
Card usage in the country is expanding rapidly and there is greater consumer readiness to adopt digital payments to fuel a variety of purchases. While online ticketing spurred digital payments, the sector has really taken off since the advent of ecommerce with firms like as Flipkart, Amazon, and Snapdeal in the market. Availability of digital wallets and attractive incentives are making consumers make mobile payments at their local grocery store, restaurants, and petrol stations.
RBI data shows that mobile wallets have already surpassed mobile banking in terms of the volume of the value transacted.
A recent report by Google and BCG states that digital payments are expected to grow by 10 times to touch a whopping $500 Bn by 2020 and contribute to 15% of the GDP. The report also forecasted that non-cash transactions will exceed cash transactions by 2023.
The flip side of all this is that India becomes increasingly attractive for cybercriminals. Organisations of every size and scale in India need to wake up to these threats. For now, it is still quite rare to have an IT security specialist on company rolls, this is true even for some of the largest and most well-regarded companies in India. This relaxed attitude needs to change.
Right from poor security infrastructure for a website, which allows an easy entry point for hackers, to faulty network security, where criminals can mess with devices on the network, to inadequate data security that leads to compromise of data, today Indian corporations are exposed across multiple points.
Why Investing In Cybersecurity Is Paramount
Any organisation today invariably needs to invest in cyber, network, and data security.
By cyber security we are essentially referring to a suite of intrusion-detection technologies and programs that help protect computer networks from data pilferage, sabotage attacks, or unauthorised access.
Network security is more of a subset of cyber security. Here, we are basically trying to put into place preventive measures that can include both, physical and software tools, to protect networks from unauthorised access and related misuse or destruction of data. In my opinion, network traffic analysis should become an integral part of the standard procedures of all companies.
Data security mainly involves the adoption of digital privacy practices to safeguard databases through software/hardware encryption.
Other Vulnerabilities
Apart from these major backdoor entries, there are some other vulnerabilities that can cost organisations in big ways. One is through software applications.
Applications can be easily accessed over a network and can act as a soft target for a wide variety of attacks. Some of the most basic countermeasures involve application firewalls, spyware detection, and biometric authentication systems.
Speaking of biometric authentication, another vulnerability that organisations often suffer from is that of accidently granting rights to intruders. Employee/user authorisations and authentications (human-to-computer and machines) need to be air-tight by having in place multifactor authentication (MFA) systems as opposed to working with single-factor authentication systems, regardless of their strength.
Though the skills that required for implementing such countermeasures are highly specialised and organisations are increasingly looking to find specialists with expertise in all three areas of cyber, network, and data security. As of now, cyber and data security fields have the largest shortage of talent.
Growing threats will escalate the need for cyber security experts worldwide. According to a report by Cybersecurity Ventures, the workforce shortage of cyber experts is expected to reach 1.5 Mn globally by 2019.
[The author of this post is Vikalp Jain, co-founder of Acadgild – an online boot camp platform for professionals looking to upskill.]