By Digvijaysinh Chudasama
Unprecedented challenges of health, environment and business crisis, have brought about a paradigm shift in how scamsters, fraudsters and hackers are targeting the citizens of nations, and there are no surprises for a growing economy like India.
On the first anniversary of the COVID lockdown in India, we are facing an additional threat of mutating viruses that are digital in nature. While the world collaborates saving human lives by developing vaccines for the biological virus, there is an immediate need to tackle the spread of the digital virus; a threat factor that impacts businesses and people financially.
Increased adoption of digital activities and digitized platforms made consumers adapt cashless digital payments whilst transacting business deals. Proliferation of data compounded with greater use of smart phone and technologies for transactions further multiplied opportunities for hackers to commit cyber frauds.
As per the recent reports by media, on March 23, 2021, the Union Home Ministry informed the Parliament that cyber-attacks have risen exponentially, last year in the country, from 394,499 recorded in 2019, to 1,158,208, citing the data from Computer Emergency Response Team (CERT-In).
The main factor behind this surge in cyber-attacks could be the high rise in online activities due to lockdown imposed to curb covid-19 pandemic situation. An added contributor was the lack of awareness for adequate cybersecurity. Although there are multiple agencies providing such trainings to bring about cybersecurity awareness, addressing the gap in cyber skill building programs and responsiveness for the general population is likely to key in tackling such cyber-attacks.
Over the past few years, Government of India has come up with various new schemes to support Citizen services, welfare programs, upliftment of underserved communities, etc. Such schemes have also been upgraded to various Digital Platforms and Applications. This has also presented additional opportunities to cyber criminals.
While Government of India has already taken up many initiatives to escalate and secure Cyber space, with an accelerated pace of digital transformation in view of the pandemic, we must build a full-fledged Army of Cyber Professionals.
We need to be ahead of the curve and set up robust governance and systems with support from established centres like Defence Cyber Agency, Indian Cybercrime Coordination Centre and Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre), which are already a huge support to strengthen cyber secure India.
With the mission to spread awareness about cybercrime and building its relevant capacity, MeitY has already launched Cyber Surakshit Bharat Program to strengthen Cybersecurity in India. Cyber Surakshit Bharat is considered to be the first public-private partnership (PPP) of its kind and will leverage the expertise of the IT industry in cybersecurity. This program illustrates that PPP model is crucial and we must avail it to set up advanced programs/schemes/knowledge centres for capacity building of cybersecurity.
Some of the immediate steps suggestible include:
- Building, an Independent Command Unit to enhance the operations and controls of Cybersecurity for government and enterprises.
Government of India has taken far reaching steps to thwart threats by enabling multi-layer structure by enabling & investing in agencies like MeitY, CERT-In, NCIIPC, NIC, NATgrid and Security Operations in critical infrastructure & segments.
A Unified & Independent Command Centre will be a giant step to further enhance our efforts to create Defence & Response to growing internal & external threats. Hybrid Command Centre with specialist staff recruited on PPP model, should be able to execute & implement National Cyber strategy. Command center can actually be a nodal agency to whitelist applications & services that they wish to offer to Citizens including use of messaging services (SMS) & social media communication.
Moreover, to govern and to build a secure and resilient cyberspace for citizen, National Cyber Security Policy – 2013, is already established and issued by Ministry of Electronics & Information Technology (MeitY). The policy outlines strategies to create secure cyber ecosystem, creating an assurance framework, encouraging open standards, strengthening the regulatory framework, etc., which enable agencies to provide and avail safe & secure cyberspace. The Government may consider updating the policy considering recent trends and accelerated demand of safe cyberspace.
- Imparting cyber education to bridge the skill gap
As per the survey report of State of Cybersecurity 2020 by ISACA, 57% of the cybersecurity positions have remained unfilled, wherein more than 55% of positions that are filled by qualified professionals, took approx. 3 to 6 months to find the right candidates. This survey further validates that we require more qualified professionals to ensure cybersecurity services. The pandemic has further accentuated the demand for such professionals.
Introducing mandatory syllabus for cybersecurity as part of the education curriculum is another aspect for consideration for a bigger culture change
- Create Awareness: Lastly, with large sections of the population unaware about how to tackle cybercrime, we need to scale up outreach programs for our citizens, millennia and professionals. Awareness creation should begin at school level and should involve intermediaries like telecom & internet service providers to generate awareness on cybercrime and suitable remedies.
A much more proactive initiative including working with stakeholders across the ecosystem, will make India much more enabled and prepared towards cyber threats, where security becomes the core component and channel of a business plan instead of being the afterthought.
The author is a partner at Deloitte India. Views expressed are personal.