In a bid to protect data breaches and ensure compliance with the Digital Personal Data Protection (DPDP) Act, Indian enterprises are firmly looking for trusted technology and supply chain partners, especially with regard to choosing right cybersecurity solutions, according to Dell Technologies.
The need for trusted supply chain partners, including equipment makers, software providers, etc, is crucial amid increasing instances of cyber attacks on the enterprises. Since the companies rely on third-party vendors for such solutions, poor cyber security of any third-party vendor will not only put a company’s system at risk but also affect the systems of other companies connected with it.
In its recent Innovation Index report, the US-based company said 54% of Indian IT decision makers are ensuring a secure supply chain for their businesses. However, only 23% of Indian businesses surveyed are exploring or building a Zero Trust architecture. Zero Trust is a security model which assumes that any individual and devices that are attempting to access company resources cannot automatically be trusted. As part of the enhanced security, the model will authenticate users every time it receives a request to access data or systems.
“As organisations look to evaluate their supply chains, both upstream and downstream, they need to make sure that they are dealing with all with secure and responsible organisations,” Lucas Salter, general manager – Asia Pacific and Japan, data protection solutions at Dell Technologies, told FE.
According to Salter, with the data protection law and need for secured technology infrastructures, there will be an increase in the adoption of Zero Trust architecture as well as trusted partners.
In the January-March quarter, cyber attacks on enterprises in India rose 18%, according to a report by Check Point Research (CPR). The companies have been facing an average of 2,108 weekly cyber security attacks.
The DPDP Act has also allowed for imposing penalties up to `250 crore on companies on failure to take reasonable precautions to prevent data breaches.
“Yes, we have seen lots of cyber attack incidents in India and the ones being reported are pretty sizeable from a worldwide perspective,” said Ripu Bajwa, director of data protection solutions at Dell Technologies India.
“India being innovative and very much digital is definitely a top target for cyber attackers,” Bajwa said, adding that most of the attacks happen at supply chain level and that affects multiple parties connected with the same channel for delivery of services.
Currently, India does not have a dedicated law on cyber security and many experts have expressed for the need to have one. In India, cyber crimes are covered under the IT Act, 2000, but that is myopic in tackling the models in which cyber security incidents happen today with evolution of technology, according to experts. Lately, the government is also expected to soon introduce the draft Digital India Bill, which once implemented, will replace the decades-old IT Act.
Both Salter and Bajwa have called for modern legislations, having prescribed standards and benchmarks for companies related to cyber security.
“Increase in frequency and sophistication of attack call for a need to have newer and more modern legislation and regulation that guide standards and investments,” Salter said.
The Reserve Bank of India (RBI) and the Securities and Exchange Board of India (Sebi) have mandated banks and companies to have a cyber disaster management system.
According to Bajwa, government cyber security agencies like CERT-In are ensuring that organisations follow the right practices in terms of protecting their systems. But there is still a requirement of benchmarks and standards to protect data breaches and cyber attacks in India, he added.