A day before Australia, Amazon had announced that it was able to stave off a DDOS attack with a peak traffic volume of 2.3 tbps in February
The Australian PM on June 19 announced that the country had come under cyber-attack from a state actor. However, China was quick to deny its involvement. A day before Australia, Amazon had announced that it was able to stave off a DDOS attack with a peak traffic volume of 2.3 tbps in February. Adistributed denial of service (DDoS) attack is akin to flooding a channel with so much volume from infected devices so that the service breaks down.
Such attacks are becoming common, and reports indicate that with the use of cyberspace growing more people are organisations are coming under attack. Globals security firm, Kaspersky, in a note on May 26 had stated that four in ten users in the Asia Pacific region had faced a situation where their private information was accessed without consent. A more recent study by CyberArk had highlighted that nearly 80% of employees used personal devices to access corporate systems, leaving them vulnerable and two-thirds were using services like videoconferencing and communication tools that had reported vulnerabilities.
While India has not reported any such attack, as of now, given the rising tensions with China, the country may soon witness escalated attacks, the kind Amazon warded off, and Australia is hoping too. That is also the reason that the term cybersecurity has become so ubiquitous. Work from home and the demand from companies for systems that aren’t vulnerable has put the focus back on cybersecurity.
Webinars are the most commonplace where such issues are discussed. Indian Future Foundation conducted one such event in association with UN Women. While the theme was more broad-based covering topics like Aarogya Setu and the need for data protection, the discussion mostly veered towards cyber hygiene.
Although the government was to come out with a National Cybersecurity Strategy, that hasn’t stopped people from contemplating what it shall entail and what it needs to. Besides, the discussion has gone past what the government must do, instead people are discussing what the companies need to do.
“A cybersecurity system and framework is ready. And, now there are enough models-subscription-based, security as a service, certifications to choose from. As long as you are doing business, cybersecurity is a cost which must not be ignored. Cybersecurity should be regarded as an input cost,” says Abhishek Singh, president & CEO, NeGD and MyGov, MeitY.
The companies may do all this to ensure users stay with the platform. But getting tech monopolies to bow may not be so easy. Zoom is a classic example.
But not everyone shares the view of a passive approach. Some, like Lt Gen Rajesh Pant, want to be more proactive. Lt Gen Pant last year took charge of National Cybersecurity Coordinator of the Indian government.
“Companies should spend at least 10% of their IT budget on security. Even if there are problems, there are enough services available online. Now, with work from home and increased online use it has to be done, there is little choice,” Lt Gen Pant says. Kanishk Gaur, founder, India Future Foundation has similar views.
“While SME’s in India focus on growth and adopt digital technologies to reach out to masses, they often ignore the security and privacy aspect. It’s vital SME’s look at aspects of trust by design, and spend atleast 5-7 % of overall tech budget on cyber security,” Gaur says.
One way, Lt Gen Pant suggests to bringfocus on cybersecurity, can be to include cyber audit as part of the financial audits, which are in any case is mandatory.
But before the government delves into this space, there needs to be an ecosystem in place. You would need certified cybersecurity professionals and standards. The cybersecurity strategy is expected to address this.
Once, infrastructure is in place, the government need not mandate audits. The market may take care of that, weeding out firms that do not comply with security norms. But, until then, India needs to start building a system. The costs are low, and cybersecurity firms are rising in numbers, so now may be a good time.