Since the 20th century, the biggest employer in the world has been the security space with India’s Ministry of Defence emerging at the forefront employing 2.99 mn active, reservist, and civilian personnel closely followed by the US and China with 2.91mn and 2.55mn respectively. However, in the 21st century, the landscape is rapidly shifting toward online security to the extent that the number of cybersecurity professionals globally stands at 5.45 million in FY 24, up from 4.6 million in 2022. The increasing digitization of global economies brings forth the heightened threat of cyberwar and cyberterrorism.
The current scenario
The current state of cyber security is mostly unstable with a plethora of malware, and ransomware involved in various identity and intellectual property thefts. Hope lies in the fact that most countries are aligned for monitoring and handling cyberattack incidents, investing in resilient infrastructure, and fostering flexible and interactive policies.
However, the rampant prevalence of cyber threats is distracting cybersecurity professionals from digital asset protection and risk mitigation to data and service recovery to ensure business continuity. A case in point was the Upstox data breach of 2021, which is expected to have impacted 25 lakh customers. This incident led the company to upgrade its security systems and engage the services of a globally renowned firm after receiving emails claiming unauthorized access to their database. Cybersecurity experts have become some of the most in-demand members of today’s labor force. India’s rapid digitization and the need to create secure infrastructure means that cyber security jobs can grow from 0.3mn to 0.41mn over the next three years. According to Akshay Joshi, Head-Industry, Cybersecurity, World Economic Forum (WEF), India as of January 2024, is witnessing an estimated skill-shortage of 800,000 cybersecurity professionals against a global shortage of about 4 million.
India is at the forefront of the global business landscape as one of the fastest-growing economies in the world. We have a massive internet user base of 700 million people and over 89.5 million digital transactions. While these statistics elucidate our journey toward economic growth, they also expose our vulnerability to cyber threats. Despite a digitally forward government and the world's largest IT-enabled service sectors, India's tech force struggles with a lack of critical infrastructure, poor adoption of the digital economy on a national scale, and weak cyber security regulations.
As a nation, we spend a substantial amount of resources on appointing physical security for our physical infrastructure; the time has come for us to adopt a similar approach to securing our digital presence, which can be done with the following 5 strategies:
Implement a robust cybersecurity policy
Regulating the cyber world is wrought with severe challenges involving different moving parts in the form of foreign-origin hardware and software, data being parked on servers beyond national borders, and the spread of infrastructure across multiple players in the private sector. However, despite the complexities, India must formulate a comprehensive cyber security strategy that can enforce strict laws and penalize entities for failing to adhere to regulations.
While government bodies such as CERT-In and MeitY are involved in tackling threats and breaches, a lot still needs to be accomplished by way of developing and nurturing cybersecurity skills among our IT professionals. The implementation of a robust cybersecurity policy will drive the demand for skilled and qualified professionals creating new avenues for employment and economic growth in the changing world order.
Strengthen the legal framework for cybersecurity and data protection
The Indian government has implemented numerous laws and regulations to address cybersecurity and data protection. The most notable is the IT Act of 2000, which was amended in 2008 to incorporate provisions for cybersecurity and data protection. In addition, the General Data Protection Regulation (GDPR) of the EU has a significant impact on data privacy in India.
However, despite the legal provisions in place, the conviction rate for cybercrimes in India continues to be low. This is mainly due to the lack of technical expertise among law enforcement agencies and the absence of proper infrastructure to investigate and prosecute cybercrimes. As the country’s digital landscape continues to evolve, it is essential that the legal system keeps pace with these changes and adapts to meet new challenges.
Skills and employment in cyber security
The global expenditure on security and risk management is expected to increase by 14.3% as compared to 2023. The rapid rate of cloud migration in recent years has made it necessary for the cloud security sector to resolve cloud vulnerabilities. There is a growing need to implement zero-trust architectures along with VPNs to secure supply chain infrastructure and invest in threat detection and response tools. While sourcing the latest technology is easy, finding the people who can leverage that technology is becoming a challenge. Unfortunately, China and India were identified as the two countries with the largest cybersecurity workforce gap in 2023, recording a shortage of around 1.75M and over 0.85M respectively.
Implement a protocol for regular training and upskilling of employees
India needs to upskill and cross-skill its IT workforce in the emerging tech cybersecurity stack to cultivate capabilities around adaptive security, cloud security posture management (CSPM), Zero trust architecture (ZTA), quantum cryptography, Network Virtualization functions (NVF), network and data sandboxes, etc. Presently, the most cutting-edge cybersecurity measures are circumvented by perpetrators of cyber threats. For organizations to successfully neutralize cyber threats efficiently, the workforce must be equipped with the latest skills and knowledge. This means sustained investments in the learning and development of tech professionals beyond the time they spend in securing the networks. In the coming years automation is likely to play a significant role in managing the vast amount of data being generated and for fortifying security processes. AI and Blockchain technologies will be of immense value in developing a strong defense against cyber threats. These technologies can offer valuable support to security professionals by offering immediate and quick responses to emerging threats.
Robust academic curriculum and partnerships among stakeholders
India is at a critical juncture in the cybersecurity landscape, where the demand for skilled professionals is surging with a 30% skill gap, highlighting the fact that we do not have enough people with the required skill sets to defend against cybersecurity attacks. To address this, it is necessary to nurture essential job-specific skills through the quick upgradation of cybersecurity curricula and cybersecurity courses. This will involve tripartite cooperation among Government bodies, businesses, and training organizations to create capabilities among working professionals as well as students.
Conclusion
In an increasingly interconnected world, it is not possible to exist in silos and a robust cybersecurity ecosystem has become essential to securing economic growth and preserving national integrity. While government bodies can set about establishing and monitoring the implementation of compliance protocols, organizations must take the lead in implementing
preventative measures against cyber threats and nurturing talent to create cyber-threat mitigation capabilities among the tech workforce. This will help to secure businesses and create a talent pipeline leveraging India’s demographic dividend and inherent tech capabilities.
Authored by Krishna Vij, Business Head - IT Staffing, TeamLease Digital