Cyber-safe digital India–whose responsibility is it anyway?

As consumers of technology, we rely on corporates to ensure security of hardware and software platforms that they offer. But technology is more pervasive than we think

By PwC
Updated: Aug 4, 2017 09:26:35 AM UTC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 208,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com In India, PwC has offices in these cities: Ahmedabad, Bangalore, Chennai, Delhi NCR, Hyderabad, Kolkata, Mumbai and Pune. For more information about PwC India's service offerings, visit www.pwc.com/in PwC refers to the PwC International network and/or one or more of its member firms, each of which is a separate, independent and distinct legal entity in separate lines of service. Please see www.pwc.com/structure for further details.

Photo: Shutterstock
Photo: Shutterstock

The recent spate of cyberattacks across the globe has caused a sense of unease, among citizens, corporates, governments alike. Discussions around proactive monitoring, better incident response and cyber insurance have again come to the fore. But the moot question that many ask when such a crisis strikes is- who is responsible for security in the cyberspace? Also, given the global nature of these attacks, is it even possible to defend ‘Indian’ cyberspace?

As citizens and consumers of technology, we rely on corporates to ensure security of hardware and software platforms that they offer. But technology is more pervasive than we believe it to be. Not just our laptops or mobile phones, think of any device and it can be at risk today, including health monitors and even cars. Only last year the USA Food & Drug Administration released guidelines to help manufacturers secure implantable devices (this includes pace makers) from cyber threats. Tech suppliers need to take responsibility of securing products they develop and be held accountable case of cyber-attacks or breaches.

What is worrying is that large number of corporates have not got their cyber security basics right. A study of the cause of recent ransomware attacks (WannaCry, Petya etc.) reveals that these attacks were only possible because of poor patch management processes – fixing these hardly requires any investment. Though one of PwC recent cybersecurity surveys reveal that the cyber security is one of the top three risks from CEOs, the actions on the ground have not matched the intent to address the risks. The corporates in India needs to address the basics in terms of user management, patch management, backup and recovery processes, incidence response processes, and the end user awareness.

The Government can also play a larger role in creating secure business and society. Through stricter regulations and mechanisms to ensure information protection, incidence sharing and data protection, the Government can help create systems to empower citizens in cyberspace. Establishing mandatory security standards for technologies, supported by intelligence sharing will help counteract threats. Regulations however, should not be restrictive to business.  For example, China’s recent cybersecurity law – which demands that data gathered in the country, and data about Chinese citizens be stored locally at all times – I believe will possibly result in reduced efficiency for business and require investments by a number of multinationals to ensure compliance.

Effective implementation of cybersecurity and privacy laws also requires requisite technical capability in law enforcement agencies. Globally, there is a dearth of cybersecurity talent, which calls for strong academia-government-private partnerships to create specialised courses, as well as career paths for those who choose to pursue this field. Cybersecurity is a field driven by innovation and the Government needs to promote entrepreneurs exploring the field.

While it is convenient for us, citizens, to relinquish all responsibility of cybersecurity and attempt to hold the government and corporates accountable, it is hardly a solution. A large number of attacks can be prevented by following simple methods and keeping a keen eye on telltale signs. A large number of non-vigilant users fall victim to social engineering attacks, resulting in financial loss or leak of personal information.

We are at a pivotal point today as the next phase of the digital revolution is in the offing. Cars, houses and a multitude of other devices are connecting to the internet, forming a complex ‘internet of things’ - the time to act is now. Ensuring security of Indian cyberspace is a collective effort – consumers, contributors and regulators need to proactively manage evolving threats.

- By Sivarama Krishnan, Leader – Cyber Security, PwC India   

Post Your Comment
Required
Required, will not be published
All comments are moderated
Prev
How due diligence programmes can help cover against reputational damage, regulatory risks
Next
Responsibility of improving MBA education in India lies with corporate leaders