Credits: The HINDU
Recently, I was in the U.K. and chanced to see street-side graffiti that had some interesting cybersecurity tips. “Think B4 you click that link,” said one. “When you go online, think twice. Getting bullied isn’t nice,” said another.
My thoughts went back to a McAfee survey that pointed out that of the Indian children active on social media, 69% have published photos, 58% have posted their email address and 44% would meet or have met someone in person that they first met online. I have been alarmed at the lack of cybersecurity savviness in our tech-smart children. As my mind churned ideas on what needed to be done for them, it also shifted gears to emerging threats of ‘cyberterrorism’ that are poised to make critical infrastructure and networks vulnerable — through data theft, source code manipulation and undetected access. With the Internet of Things enabling cross-networking of personal data and devices, it adds frightening dimensions to the security landscape.
As the world’s second-largest digital nation, India’s biggest risk in 2017, according to the FICCI–Pinkerton India Risk Survey 2017, was in the area of ‘information and cyber insecurity’ for business operations.
The Ministry of Electronics and Information Technology reported that India witnessed more than 27,000 cybersecurity incidents in the first half of 2017 — through ransomware attacks, website intrusions or defacement, phishing attacks and data breaches.
India was the third-worst affected country during the WannaCry ransomware attacks in May 2017. In June 2017, operations at one of the three terminals in India’s largest port, Jawaharlal Nehru Port Trust near Mumbai, was disrupted due to the Petyacyberattack. In October 2017, Seqrite Intelligence Labs discovered an advertisement announcing secret access to the servers and databases of over 6,000 Indian organisations.
So, how can we protect Indian business against cybercrimes? First, India’s existing cybersecurity policy of 2013 needs to be made more robust to push back digital intrusions at all levels. A national cybersecurity agency needs to be set up to develop appropriate strategy and action plans. Close partnership between government and private enterprises can ensure that best practices on security and intelligence on intrusions are comprehensively shared to build better incident response capabilities. Creating a national gold standard for hardware and software adherence to highest safety protocols is also important.
Businesses must enhance technological and investigative capabilities through research, development and intelligence sharing. Equally important are building competencies to develop advanced solutions in business continuity, risk analysis, operating systems, firmware and cyberforensics.
Business is closely woven with the fabric of society, right down to digitally aware children and young adults. And that brings me to where I started. An estimated 100 million children in India are expected to access the Internet by 2018. Three themes of security awareness are critical: knowledge, responsibility and privacy: What can and should not be shared?
How do they choose who they interact with online? What can be the consequences of their actions? How can they safeguard themselves from the big, bad cyberwolves? We need to teach children cyberdefense from the school age.
It is an area of great corporate social responsibility, relevant for meaningful engagement of our young. It is also a great way of touching the lives of communities in which we operate.
Globally, about 4 billion people are projected to be online by 2020. Gartner estimates worldwide enterprise spending on information security (including advanced network and security analytics, machine learning technologies, training and user behaviour) will touch about $113 billion by 2020.
Cyber as a war zone is becoming increasingly real — and everything from social media to mobile phones now have a cyber impact that we cannot shrug off. A seismic shift to smarter cybersecurity is the need of the hour.