‘Small’ steps to cybersecurity
By Braj Mohan Chaturvedi
Small organisations are part of large organisations’ value chain and any vulnerability at the former may reflect in latter’s security. To remain relevant in the era of Industry 4.0, traditional business and government departments are increasing their digital footprints, adopting technology and increasing engagement. In such a scenario, cybersecurity should lie at the heart of any digital transformation initiative and never be an afterthought.
It should be built-in by design. Industry 4.0 can be the catalyst of change in different fields like governance, management, administration of smart cities and other applications that are driving the vision of Digital India. But at the same time, it also presents a very lucrative opportunity to cybercriminals, who find many more easy and insecure entry points into networks and devices.
Cyberspace has no physical boundaries. The ubiquitous nature of cyberspace, pervasive cybernetwork and internet connectivity make the data of organisations, key government institutions, critical banking and financial transactions, digital assets of armed forces, etc, vulnerable to cyberattacks. It is widely believed that large organisations are the easy victims of cyberattacks, but it is observed that small companies are more prone to cyberattacks as they are often ignorant about the possible threats. Even if they are aware of data breach, they are technically or financially not equipped to fight the battle of cybersecurity. Though most of the small companies are serious about data security, many don’t have the budget for proper cybersecurity infrastructure.
As Brian NeSmith, CEO and co-founder, Arctic Wolf Networks, puts it: “Small organisations are finally realising that they need to be as prepared as large organisations when it comes to cybersecurity, making it no longer an IT problem but a larger business challenge within every organisation. Additionally, we will see small businesses’ approach to cybersecurity impacting larger organisations through the supply chain vector. Hackers will take advantage of smaller organisations, which often fuel larger business supply chains, because they typically have security vulnerabilities that can be more readily exploited than larger ‘targeted’ companies”.
Cybercriminals attack public, private or hybrid cloud technologies to get hold of trade secrets, customer data or other confidential information, which can put company, government agencies, or individual in deep trouble. In the absence of a structured cybersecurity framework, it has become easy for any cybercriminal to walk into our system and walk out with the information. This vulnerability is a function of technology, policies and education. The cybersecurity vulnerability, in India, is the sum total of many elements including:
- In India, most of the critical government IT infrastructure is owned by the private sector. There is no national security architecture that unifies the efforts of all these agencies to be able to assess the nature of any threat and tackle them effectively. Further, in the absence of a national regulatory policy for cybersecurity, there is a lack of awareness at the company as well as individual level.
- Companies often face big cybersecurity issues due to lack of capable people managing cybersecurity solutions. This vulnerability increases when organisations engage with vendors who don’t follow cybersecurity protocols and don’t value the importance of data. Moreover, in the absence of any legal framework, cyber espionage has become a norm in the connected world.
- Data produced by the ever-growing number of online transactions — be it customer information, results of product surveys, or generic market information — creates treasured intellectual property that is an attractive proposition for any cybercriminal. Data is critical for business and any breach brings in tremendous loss to business. There is a need for strong data protection policies and its effective implementation.
- Businesses should have a complete inventory of all the IT assets present in their network. It is observed that one who fails to have an IT asset audit at regular interval gets into deep trouble. In the absence of the IT audit, organisations will fail to identify gaps in their system and potential threats.
- In its Cyber Security Intelligence Index, IBM found that 60% attacks in an organisation are carried out by insiders. As the threats come from trusted users and systems, they are difficult to detect. It is important to have well-developed cybersecurity training centres that are designed to answer the requirements of government, business, and individuals.
“The future of cybersecurity will be led by a workforce that intentionally studied cybersecurity, rather than fell into it by default. We are just now beginning to see this generation of truly cybersecurity-trained students enter the workforce, and as they continue to do so, we will begin to solve some of the systemic problems that have been caused by the lack of a skilled workforce,” said Mike Stamas, Co-founder of GreyCastle Security.
Government, business and individuals can do their part by strategically working with cybersecurity experts and investing in solutions and infrastructures that protect their key digital asset, data, etc. The challenge of cybersecurity is bound to increase and it is important for us to be prepared. But is India cybersecurity ready?
According to a Nasscom, Data Security Council of India & PwC report, India’s cybersecurity market for products and services will grow up to $35 billion in 10 years from the present $4.5 billion. Cybersecurity offers an opportunity to established IT players to increase their market presence and creates an environment for startups to establish themselves in the market.
The immediate opportunity for cybersecurity experts and players includes data protection framework for Aadhaar and similar other initiatives, data protection framework for all e-commerce players, digital banks, ML/AI-enabled solutions, IoT-enabled solutions to achieve automation and efficiency, cloud-based security model and blockchain-based security model.
The organisations that have shown commitment toward cybersecurity are progressively using artificial intelligence, robotic process automation, machine learning and analytics to increase the cybersecurity of their key assets and data. They understand that the price of failure is high.