Technology

Cyber security: It's time to go from protection to prevention

With India being one of the most vulnerable countries for cyber attacks, it's time to change how we take cyber security measures

Updated: Dec 12, 2018 02:14:10 PM UTC
sm_shutterstock_1243903963
Image: Shutterstock

India’s digital economy is expected to hit $1 trillion by 2025. Advanced technologies such as Artificial Intelligence (AI), Internet of Things (IoT), Blockchain, Mobility and Robotics are creating innovations at a speed and scale unparalleled in human history. This has resulted in many debates about the effect these profound technological changes will have on the way we work, socialise and interact.

On one-hand, while this has opened doors to the transformation of business models, it has also presented nearer term pressure on security where the ability for organisations and individuals to manage and control data has become top of the board room agenda globally.

However, in India, cyber security is still largely a reactive component for businesses and not something that is proactively addressed as a strategy. It is something that needs to be addressed, especially as we face one of the highest number of cyber threats globally.

Why must India enhance cybersecurity?
In the last two years alone, India has faced complex, multi-pronged cyber attacks across sectors. The country’s second-oldest and second-biggest cooperative bank, Cosmos, witnessed a targeted malware attack on its payment gateway siphoning off nearly Rs 95 crore. New-age startup Zomato, a restaurant app suffered a breach that resulted in compromising the data of 17 million users. Earlier this year, 114 government portals were hacked, of which Employees Provident Fund Organisation (EPFO) was the worst attack; 34.5 million Indians’ personal details i.e., Aadhaar, PAN numbers (taxpayer identification codes) and salary details were stolen.

Cybersecurity threats looms over every organisation, big or small, startup or multi-national, even the Government of India. Here are four statistics/figures that will demonstrate the magnitude of the issue – » 39 percent of 500,000 security alerts daily aren’t attended to
» The time taken to even identify a security breach has increased to 188 days from 170 days in 2016
» We face the highest repeat breaches i.e., 23 percent
» Average cost of a single data breach was Rs 11.9 crore ($1.7 million) in 2017

This is highly unsettling to businesses as fraud and data theft cause are not just a financial loss but also leads to reputation damage and consequently loss of business. This is detrimental to their very survival in a global digital economy. As businesses, small and large, struggle to combat the danger from cyber-attacks, the threats continue to evolve, and get more sophisticated posing an even greater threat. So, what should businesses do?

Fixing the gaps
It’s apparent from the alarming statistics that the single biggest impediment to the identification and execution of cybersecurity projects, and the growing financial losses is the scarcity of skilled professionals. Currently, there are 30,000 vacancies in India alone and the need will be 3.5 million professionals globally by 2021. The only way to bridge this colossal gap is collaboration; between academia, the Government and private enterprises to make future talent aware of the sector’s potential, train them to tackle this ever-evolving sector head on and offer them real-life projects, enabling them to assimilate in the workforce faster.

Secondly, we need to adopt next-gen cyber solutions to support humans. Next-gen technologies such as AI has the potential to identify and analyse patterns of attack and defeat them before they even become a security concern. This powerful tool can, without error or oversight, examine a vast set of events such as traffic logs which are largely overlooked by professionals, and highlight those that require immediate attention. While AI will not solve a threat, by injecting AI and similar technologies within the larger gamut of threat-monitoring controls, organisations will be empowered to efficiently and cost-effectively defend complex attacks.

Finally, as businesses realise and begin to shift their focus from protection to prevention, they need to put in place a comprehensive security services framework that takes into consideration every single element of a threat; including risk and compliance, identity and access management, data security and privacy and threat management supported by analytics that will allow companies to pivot from a reactive to a predictive model.

Disruptive technologies and the accompanying innovations have changed our realities. We need to accept that to thrive in this data-driven world, end-to-end security is a top priority and work towards this with immediacy.

It’s time we confront our cybersecurity flaws.

The author is Chief Digital Officer at Tata Communications.

Post Your Comment
Required
Required, will not be published
All comments are moderated
Prev
What India needs to become a trillion-dollar digital economy
Next
How CXOs can move beyond 'managing IT' towards innovation