India's journey from cyber security infancy to digital fortitude

India boasts the world’s second-largest base of Internet users, and is among the fastest-growing digital economies in the world. The Digital India Stack is revolutionizing how India conducts its business. Mobile phones are replacing hard cash. ID cards allows its citizens to travel, open bank accounts and vote.

Unfortunately, growing digitalization also offers cyber criminals an expanded the attack surface at every level – from individuals and companies to the Government. The Verizon Data Breach Investigation Report of 2023 which analyzed ~16,000 security incidents and more than 5,000 data breaches around the world found that 83% of breaches involved external actors, with 95% of breaches having financial motives as the primary motivation.

Stepping up cyber-defense with complex crimes entering the fray

During the 1980s and 1990s, the first generation of computer viruses and worms emerged. The earliest instance of cyber crime that sparked the beginning of cybersecurity, globally, was the Morris Worm or the Internet Worm that ratcheted up to $100,000 in damages and infected more than 6,000 computers across many prestigious universities in the U.S. in the 1980s.

Closer home, during this period, cybersecurity awareness was in its infancy, rendering India susceptible to cyber threats like hacking and malware infections in the form of Trojan horses, spyware etc. A number of network security measures, including firewalls, antivirus and intrusion detection systems, were developed in response to these challenges.

The massification of 4G brought about a surge in mobile internet usage, enabling faster data transfer speeds and real-time connectivity. It also expanded the attack surface, making organizations and individuals more susceptible to complex threat profiles. Hackers could now hold entire companies hostage, and exploit vulnerabilities in mobile devices and networks to gain access to sensitive information. Mobile apps and online banking enabled criminals to ransack individual bank accounts, exploiting the lack of general awareness among everyday people.

The turn of the millennium recorded a proliferation of online banking, shopping, and social media platforms that amplified the potential for data breaches and cyber-attacks. To address these challenges and bolster India's cybersecurity posture, the government launched several initiatives, including the National Cyber Security Policy (NCSP) in 2013, Reserve Bank Information Technology (ReBIT) in 2016 and the National Cyber Coordination Centre (NCCC) in 2018.

A prime example is the digital payments industry, with National Payments Corporation of India (NPCI) stepping up to combat cybercrime challenges with slew of measures – adopting zero trust architecture for NPCI infrastructure, inclusion of next-generation endpoint protection and network security tools, to name a few.

The 2020s ushered in an era of several watershed moments, with AI/ML’s transformative impact across industries, offering solutions for data analysis, automation, and decision-making. However, these powerful tools are also used by cybercriminals to accelerate their cyber-invasions, such as launching automated attacks, analyzing vast amounts of data for vulnerabilities, and developing sophisticated malware.

Current decade is pivotal in the war against cyber crime

To effectively combat the malicious aspects of cybe rcrime, a multifaceted approach encompassing stringent policy and regulation, industry collaboration in skilling and training, and the development of a robust cybersecurity expert workforce is essential.

India has continued to fortify its cyber security framework with legislative advancements. In 2019, the country introduced the Digital Personal Data Protection Bill, a significant step toward enhancing data protection and privacy measures, which received President Draupadi Murmu's assent on August 11, 2023.

The Indian Cybercrime Coordination Centre (I4C) was also set up recently to act as a central nodal point, provide a framework for Law Enforcement Agencies (LEAs) to deal with cyber crime and develop an ecosystem across the nation to enhance defense against cyber crime.

Industry collaboration in skilling and training plays a pivotal role in addressing the cybersecurity skills gap. By fostering partnerships between educational institutions, industry leaders, and government agencies, customized training programs can be developed to equip individuals with the skills and knowledge required to combat cyber crime effectively.

Industry and government collaboration remains the best approach to ensure cybersecurity is keeping pace with cyber crime. Sharing risk-related information, and deliberating the risks of every technology will help develop tools and skilled cybersecurity experts. Centralized and well-coordinated initiatives can raise the level of defense and enhance the cyber security posture.

By investing collectively, in strengthening a nation-wide framework, in a skilled cybersecurity workforce, and in systems, tools and technologies, organizations and governments can effectively defend against cyberattacks and protect their critical infrastructure.

The upcoming Techade will see further technology evolutions – commercialized 6G networks, generative AI, advanced robotics, automation, at scale, to name a few. The wider experimentation with Artificial Intelligence itself presents entirely another dimension of threats, as we have seen from recent deepfakes and misinformation.

The call to action has never been more imminent. It is time we make ourselves future-ready to combat the next generation of cyber-attacks.

-- Anshuman Sharma, Director, VTRAC, Cybersecurity Consulting Services, Verizon Business.