MUMBAI: Cyber attacks are undoubtedly on the rise in India, and one of the primary reasons is the amount of data that startups in the country possess, followed by a lack of cyber competence, which makes them an appealing target, says Jaspreet Singh, a cyber security veteran.
The digital world is rapidly expanding with huge competition, creating the scenario of “survival of the fittest” in this tech-driven world, believes Singh, Grant Thornton Bharat’s Client and Markets Leader (advisory services).
He suggests incorporating CIA — Confidentiality, Integrity, and Availability in the product development, is indeed the fundamental problem a company has while establishing its products and tools.
“To ensure product acceptance in the global market, an organization must understand, execute, and administer cyber security, digital transformation and risk mitigation measures in accordance with appropriate industry standards,” Jaspreet Singh says.
“Cyber attacks are undoubtedly on the rise in India, and one of the primary reasons is the amount of data that startups in the country possess, followed by a lack of cyber competence, which makes these startups an appealing target,” Singh notes.
He says that even before digital solutions are chosen to secure a corporation’s data, a complete understanding of the firm’s existing necessities, including the position of the company’s threat-filled cyber-scape, is vital.
“Startups need to define the primary security priorities, implement the most recent prevention and protection tactics, and ensure that every employee understands that security is at the heart of everything they do as a company, regardless of what their business is,” says Singh, having 18 years of domain expertise and winner of Global Cybersecurity Award for Consultant of the year 2017.
Furthermore, he feels that because startups do not have legacy infrastructure to impede them, they may and should construct their contemporary networking with security integrated and incorporated from the outset rather than thinking about it as an afterthought.
Singh says that today, cyber security is viewed as a crucial component of state authority and has become more significant to national security.
“Also, the Covid-19 pandemic caused a surge in the number of people working online from home, which in turn has caused a sharp increase in the attack surface leading to hostile cyber attacks in the digital realm,” he says.
“India has been the target of numerous organized cyber-attacks because of the shaky state of our nation’s cyber security,” he says.
More importantly, he believes that given the rising number of digital monetary operations and the country’s existing rate of cyber attacks, the private as well as public sector will need to step up and mature the cyber security posture- think more proactively to invest in cyber security.
Although we cannot completely defend ourselves from cyber attacks, we should make an ongoing effort to keep these risks to a minimum and have a business continuity and resilient approach to minimize the loss, he notes.
On the need of the hour for companies amid increasing attacks, Jaspreet Singh suggested that Indian banks consistently suffer data security breaches. Banks and other financial organizations must be required by law to staff themselves with cyber security professionals. People should be made more aware about digital security.
“Indians still answer phone calls giving bank account information and credit card information, which demonstrates the general lack of awareness about cyber security,” he cites an example.
“Electronic devices are imported from China that could be easily infected with viruses and malware. Indian Internet users hardly ever subject their gadgets to cyber inspections. The need for excellent governance is essential given how quickly digitization changed the governance structure,” he notes in another example.
As for awareness of users, Singh says to safeguard both the reputation of the company and the consumer, it is crucial that users are aware of network attacks by hackers and take steps to recognize and stop them through internal firm trainings, curriculum for students and online programs for organizations.
On the role of machine learning (ML), he says it should be used extensively as cyber security operations can be made more efficient, straightforward, and, if not cheap, at least less expensive.
“The dataset that ML relies on would need to be sophisticated and come from different points of view to develop efficient algorithms in order for it to function at its best,” he says.
“As a result, there would be less need for routine cybersecurity department reviews and further assaults would be prevented,” says Singh, who has managed large and complex transformation programs and served various large and marquee clients internationally.
On cloud security, Singh says that with increase in its use, cloud security must be boosted.
In case the cloud is not securely encrypted, inadequate cloud security might easily result in a spike in cybercrime rates. However, the availability of cutting-edge predictive security helps in identifying attacks and risks posed by cybercriminals in order to combat impending data breaches, he notes.
On IoT vulnerability, Singh says that IoT devices have processing components built into them to enable data exchange over the Internet, but this is also the point at which fraudsters expose these devices to eavesdropping and other attacks.
Apart from these, India has seen some new challenges, but the Ministry of Electronics and Information Technology has announced the Cyber Surakshit Bharat project (MeitY).
“With such a program, cybercrime awareness would increase, and capacity would be built for protecting CISOs and front-line IT personnel across all government agencies,” he says.
“The number of cyber attacks on government networks has decreased as a result of improvements made to The Indian Computer Emergency Response Team (CERT-In), which serves as the national agency for addressing the nation’s cyber security,” he adds.
Along with educating the public about the risks posed by phishing attempts, CERT-In also releases alerts and advisories detailing the most recent cyber vulnerabilities and solutions to address them.
Singh has to his credit Certified Business Continuity Professional, ISO 22301 Lead Implementor, ISO 27001 Lead Auditor and Lead Implementor and Certified Information Systems Auditor, among other recognitions.
On the impact of COVID-19 outbreak, he says the pandemic has exponentially increased digitalization and connectivity to the data centres and cloud systems.
These have become a point of attraction for cybercrimes as it has increased the attack surface which has significantly raised the risk of cyber attacks.
The perimeter security of businesses is vulnerable to breaches, requiring round-the-clock monitoring and in-the-moment risk assessment at both physical and digital entry points, phishing (31% of cases), vulnerability scanning and exploitation (30%), and theft of access credentials (29%), he says.
As such, it is best to think of the cyber security process as a biological being’s immune system, which is made up of various components that each has a very specific purpose in defending against infection or disease, he notes.
“As technology continues to advance and permeate more areas of our lives, it makes us a more attractive target for cybercriminals than before. Identity fraud of any kind is simpler to commit in large numbers,” says Singh.
“Many people now have one or more online accounts that contain a variety of current pieces of personal information. Data breaches are becoming a more prevalent type of cyber attack in the 21st century,” Singh says.
Hence, inducing trust amongst people, in a digital environment is a difficult undertaking for cyber security since there are now many internal and external players involved in this minefield of a cyber-scape rather than just one, he opines.
“This indicates that different business and public sector players who were not previously responsible for digital securities have now been put under pressure from the public (including laws),” he adds.
Follow The420.in on