By: Alok Malik, Senior Manager, IT, GlobalLogic
With the Rs 4.5 lakh crore Digital India campaign on board and the Indian Government foreseeing the banking sector to soon become paperless and premise-less, Cyber security has become an integral part of the national security and counter measures have to be applied to increase data security. People are using the Internet as an extension of their memory and the dependence is growing at a rapid pace which gives rise to new opportunities in different fields like education, sports, business, telecom, entertainment etc.
Though, there are advantages of such technological advancement, citizens are making themselves vulnerable. The trend still poses its own disadvantages leading to illegal activities termed as Cybercrime which includes Hacking, Phishing, DOS attack, Malicious software flooding, Computer Vandalism, Software Piracy is a soaring concern which causes loss of important data or personal facts worth millions of dollars to the hackers.
The latest and most common one used is Social Engineering. With TBs of data lying in open, having open connectivity at various locations, we are the most vulnerable and easiest targets for bad guys.
As per an estimate by Google, the number of online shoppers is expected to cross 100 million by the end of next year as compared to 35 million in 2014. Since most of the start-ups in India want to do everything in-house, it can lead to a potential compromise or lack of expertise on the security front, even if it is made priority. Cybersecurity, which more or less everyone thinks, is Security of Information Systems and Networks against attackers; however, there is also need for protection against incidents and failures. Combining these two facets, it can be defined as maintaining the confidentiality, availability and integrity of information systems and networks from incidents and failures with a goal of protecting operations and assets in the form of data, hardware, software, offices and the most importantly, one’s people. With the Government planning an investment of Rs 775 crore to be spent over a period of five years to counter the security threats, there has been a major focus on the different security standards viz ISO 27001 to ensure the basic level of security at Gateway, Server and End Point Level. Some of the measures include Access Control Mechanism, Periodic Audits, Information Security Awareness Training and Programs, Risk Assessment and Treatment and VAPT (Vulnerability Assessment and Penetration Testing).
While the above mentioned factors are important, the most important one is the Management agreement for applying the security controls. The right coverage can although help soften the blow of a data breach, but, if the security plan is flawed, there are high chances that the information stored is not bailed out of any danger. Also, cybersecurity policies need to be customised in such a way to provide necessary coverage for claims of loss or theft of personally identifiable information and other sensitive information. Referring the scenario, customers also need to be aware of some basic safety tips to encounter the same i.e. the use Enterprise level anti-virus, deploy firewalls, turn on personal firewalls, remove unnecessary software, regular patch updates, password protection, monitor security logs, data backup, setup business continuity and disaster recovery, learn Internet privacy, spread awareness.
Looking in the current and thinking about the future, Cybersecurity may not be solved but managed. Today, the IT managers, Security Specialist, CISOs are under tremendous pressure to ensure that they are 100% secured although no organization is. According to CISOs, a social platform for security experts, over 70 per cent of Indian companies are under-prepared when it comes to cyber security. The best possible way forward is to invest in – People, Process, and Technology. Although, the aspects may not ensure 100% security, however, it will guide towards the right direction.
Another imposing challenge is to find out the right structure for the Information Security team. Many organizations till date manage it under the same umbrella as IT functions and the myth for organizations is Information Security means “IT Security” which is absolutely incorrect. This is where International Organization for Standardization steps in with ISO 27001:2013 standards which depict the bare minimum level of security requirements and ensure that the organizations at a minimum have Information Security Policy, Security Organization and Management, Internal Audit and Management Review, Risk Management and Treatment, Incident Management.
To sum it up, as PM Modi shared his dream about Digital India where high-speed digital highways unite the nation; 1.2 billion connected Indians drive the nation; mobile and e-banking ensure financial inclusion; the world looks to India for the next big idea, the Management has a big role to play in ensuring Security Program to follow this dream religiously. There has to to be a dedicated budgeting in this area for each year and a plan should be in place for deployment of new tools as per business requirement annually. Security Operations Centers have to be on their toes to deal with the security issues and monitoring the health of the organization from data security perspective. Periodic Information Security Awareness Sessions as well as different program needs to be in place in a way that the users enjoy security rather than looking at as a bottleneck.