Against an estimated demand for a million cybersecurity experts, India has less than 10,000 professionals
By Khushhal Kaushik
Using computers and internet technologies without understanding the basics of cybersecurity is akin to driving a car without seatbelts. Even as information technology (IT) as a discipline has flourished in universities and colleges across the world, cybersecurity as a structured curriculum is a relatively recent phenomenon. Although India has fared well in terms of emerging as a software services power, the country is on its way to reinventing itself as a software product-making power. At the same time, as a major economy, coupled with the large-scale digitisation of our economic-financial governance systems as well as other systems of administration, the imperative to upgrade our cybersecurity defences at par with developed economies cannot be overstated.
As such, the world’s second-largest internet-connected country needs to brace itself by training a sufficient pool of cyber-warriors to deal with the ever-rising cybersecurity threats posed to its IT-driven product and services infrastructure and systems. One of the biggest victims of cyberattacks in recent years, India was ranked the third-most cyber-attacked country in the world, according to a report.
Cybersecurity is different from network security: There is often confusion between cybersecurity and network security, with many treating both as somewhat equivalent. Although both are a subset of the broader information security, traditionally it was network security as a regular part of the IT curriculum that could be considered closest to cybersecurity. As part of BTech/BE, MTech and MSc courses, along with topics such as software engineering, software testing, network engineering, hardware assembly, testing, etc, network security as a separate topic used to be mostly taught in classrooms of colleges and universities. The difference between network security and cybersecurity is that while the former has been envisaged to secure the integrity of the IT infrastructure, the latter pertains to protection of internet-connected systems and networks against digital attacks targeted at accessing, altering or sabotaging sensitive information; extorting money from users; or interrupting normal business processes, according to Cisco. While the former involves provisioning and administration of components such as network-monitoring tools, firewalls, switches, routers and virtual private networks (VPNs), the latter entails monitoring of networks to detect security breaches, installation and updating of safety software and simulation of attacks to identify vulnerabilities. The difference in the two definitions and the scope of work therein is self-explanatory as to why there is a need for a separate and more structured course for cybersecurity in colleges and universities.
A flurry of courses on cybersecurity: Although not quite enough to meet the surge in demand, there has been a flurry of specialised and standalone courses on cybersecurity introduced by both government and private players in recent years. Ranging from part-time to distance learning to online mode with varied provisions for certification, diploma and degree programmes, these courses have found popularity amongst university students as well as career professionals. The Covid-19-driven shift to online education with the rise of online education portals and the rising cybersecurity threat during the lockdown has given a renewed impetus to this trend. Not only are top universities offering courses, but IT companies are also advancing courses in cybersecurity.
According to a popular education sector tracking website, there are 204 colleges—both government and private—offering programmes in cybersecurity at UG and PG levels. The government has instructed the National Institute of Electronics and Information Technology with its 24 centres to launch courses on cybersecurity. Government-backed initiatives include the launch of an online PG diploma in cyber law, crime investigation and digital forensics by the National eGovernance Division in partnership with the National Law Institute University, Bhopal, to train law enforcement and judicial officers. Also, in April, IIT Madras launched the Certified Cyber Warriors v.3.0 course.
Need for more cybersecurity professionals: Despite the increase in popularity cybersecurity as a course, these are not enough. Against an estimated demand for a million cybersecurity experts, India has less than 10,000 professionals. It’s time cybersecurity as a specialised discipline with all its attendant sub-disciplines becomes an integral component of IT syllabus being taught in our university systems as well as outside. At the same time, we need to strengthen the foundations of our human resources by improving the quality of our STEM graduates. The market for cybersecurity is expected to grow to $3.05 billion by 2022 at a CAGR of 15.6%—nearly one and a half times the global rate, according to a PwC report. Only a substantially large number of cybersecurity professionals would be able to meet this demand.
The author is founder & CEO, Lisianthus Tech