A few hundred years ago, internal fights and narrow thinking by local rulers allowed a hoard of invaders starting with Mohammad Ghori, to the colonial powers to attack the country and rob it of its rich heritage and wealth. The invaders this time have changed (cyber criminals), with an increased digital footprint, access to cheapest data, lax regulations, security ignorant populace, compounded with increased work from home initiatives during these COVID times, has put India on an ignominious list the country with the highest number of cyberattacks ahead of US and China. A quote from the famous German philosopher Frederich Hegel seems apt for these times - "the only thing we learn from history is that we learn nothing from history."
First, let's understand the circumstances that have led us to a "Perfect Storm" scenario for where we are today.
- Pervasive access: India boasts over 550 Million active internet users and expected to grow to 640 million, led by a significant growth in rural India. India boasts the cheapest data plans anywhere in the world; this, along with work from home initiatives, has madeIndia'sdata consumption highest in the world at 12GB per month and amount of time in front of the screen at over 4 hours per day.
- Free is good: We all love cheap/free stuff, but little do consumers understand that "if you are not paying for it, you are the product." This free stuff leads one to sign away the rights and privacy, to be harvested by companies much akin to the bargains that colonial powers struck with rulers. They felt that they were getting protection from their enemies for free/cheap, but the hidden conditions got them to sign away their kingdoms and lives.
- Ignorance is bliss: Data is the new oil or gold, depending on who you ask. In either case, wouldn't you want to guard this newfound wealth? But alas, the blissful ignorance of citizens has made this the cheapest commodity available. Personal information is given out so easily under the garb of business needs that it makes you wonder why identity theft has not become so rampant in the country – maybe there is a higher power looking out for the citizens.
- Oversight is missing: For those of us who are Bollywood buffs, it's common knowledge that the police generally comes in after everything is done and dusted. Looking at the way the regulatory oversight seems to have understood and reacted to the grave problem in front of us with regards to the security risk and data privacy challenges, it does remind one of the same.
Not all is lost "yet," a timely action by the three impacted constituents –government, citizens, and technology companies could help in mitigating the challenges.
- The government needs to take a much more proactive role in enacting legislation that helps take care of its citizens. The current IT Act is insufficient, and the proposed data privacy act is getting delayed, which leaves the situation akin to the Bollywood analogy earlier. The belated government action on Chinese apps, albeit under the current national security concern, is indeed a good step. But much more can be done, starting with getting the legal framework operationalized.
- As citizens, it is essential to become aware of our rights, especially as it relates to our data. There is a precedence of this where "Consumer Protection Council of India" ran a sustained campaign of awareness through radio, television, and print medium to help consumers be aware of their rights. The messaging was very useful in assisting users in understanding the impact of GST, or demand that products have the Indian Standards Institution (ISI) compliance mark. A similar campaign for data privacy and rights could be quite useful.
- Cyber Security is aligned to national challenges- How you fare with countries you deal with will have a direct impact on the kind of attacks you are likely to see. In this scenario, expecting global security players to step in to solve a country-specific problem is a bit farfetched. Local security players need to step up and be responsive to domestic market needs. Over the past few years, it's heartening to note local companies are coming up with credible solutions as well as getting accepted by the market.
"The times they are a'changin," so goes the famous Bob Dylan song, and they are indeed changing with users becoming more aware of the risks attached to the technology and the choices they are making. Hopefully, the tide turns that helps in finding a happy balance between access and privacy.
By Pankit Desai, co-founder and CEO, Sequretek