GST and demonetisation have helped Digital India bolster its cyber security landscape.
In India, cyber security has come a long way in the past few years and has gained huge importance with the government's thrust on Digital India, e-commerce and mobile payments. Particularly the rollout of the Goods and Services Tax (GST) and demonetisation, which further drove organisations to adopt digitalization, has played a key role in changing the perception towards cyber security.
Of late, businesses in India found themselves as entangled in the ransomware attacks - WannaCry, NotPetya and CryptoLocker - as their global counterparts. The immunity which Indian businesses enjoyed in the less connected economy goes away as the connectivity improves (broadband and
) and transactions take place via digital channels. Rise in cybercrime instances particularly financial frauds using bank cards and e-wallets has also been observed. The same reflects in the report shared by
(CERT-In). The report observes a total number of 44,679, 49,455, 50,362 and 53,081 cyber security incidents during 2014, 2015, 2016 and 2017, respectively. Even as per the data kept by
(NCRB), a total of 9,622, 11,592 and 12,317 cybercrime cases were registered during the years 2014, 2015 and 2016, respectively. The growing rate of cybercrime and cyber instances denotes that the threat landscape - characterised by malware, ransomware, phishing, espionage, DDoS and spear phishing attacks, among others - is hurting Indian businesses no less than their global peers.
These data points are just a tip of the iceberg as several incidents do not even come to the fore and remain unreported. Financial losses caused by cybercrime and breaches are growing exponentially and worrying everyone in the ecosystem.
The positive side is that businesses here want to fight threats and manage risks, particularly when businesses are shifting to cloud and adopting IoT and other cutting-edge technologies. Staying safe in the cloud environment is tough and demands investments for safe operations. CEOs know this and are realising that any negligence or nonchalance may shatter consumer trust and ruin the entire business. For example, cyber incidents in top credit rating agencies, media & entertainment biggies, healthcare/insurance institutions, financial institutions, retailers, power grids, IT powerhouses and startups do not go unnoticed in the local CEO community. Their anxiety stands at par with global CEOs and is evidenced in
. As per the survey, 40 per cent of CEOs believe that cyber security is an increasingly existential issue and will impact their growth prospects.
Key developments shaping up the landscape
Besides, India's cyber security landscape is shaping up holistically where demand for cyber security solutions is paving way for experiments and innovation. The regulatory environment is also triggering fundamental changes in the cyber security space. Moreover, the data protection regime is getting aligned to the global one (eg. as it is trying to match the GDPR) as there is increasing focus in India on data privacy and personal data protection after the Supreme Court's ruling in favor of 'right to privacy'. Interestingly there is focus on AI-based security solutions and customized solutions.
- Increasing Focus on Privacy and Personal Data Protection: Privacy and personal data protection has been under constant focus in recent times after the Supreme Court ruled in favor of 'right to privacy' last year. Due to this ruling, a lot of innovation is set to take place in India in the area of data encryption and key management technologies. Positively, the move will help Indian organizations to work in the EU where one of the strictest data protection laws - General Data Protection Regulation (GDPR) - is coming into effect on May 25, 2018.
- Machine Learning and AI: Machine learning (ML) in cyber security is going through a trough of disillusionment and is gradually becoming mature to help organisations stave off threats. Organisations in India have begun to embrace AI-based security solutions and technologies that help them predict and prevent cyber security instances in almost real time. Stakeholders are now rationalising their expectations and focusing on tangible outcomes using machine learning. At the same time, there is an influx of numerous AI-based cybersecurity products and services in the market.
- Customized security solutions: As the threat landscape grows in complexity with hackers launching targeted attacks on organizations and their users, there is a gradual realization of the need to add security layers specifically designed for an XYZ company. Organizations are putting in their resources to design customised solutions in-house as well, if the solution providers are not able to provide them.
- Security startups are gaining traction: With growing need for customized solutions and disillusionment with a number of solutions, organizations in India are not shying away from using services or products of a security startup. Many large banks, telecom companies, insurance firms, government organizations and e-commerce firms, among others, do find their security needs underserved with the existing security products and solutions in the market. It is the reason that they are looking up to start-ups to build and implement innovative security solutions that address their needs.
- Protection of crown jewels: Organisations will refocus on basics including protection of crown jewels. While malware and ransomware attacks continue to grow in scale and enormity, organizations refocus on protecting what is really important. The focus is moving from protecting endpoints to securing organizational data - whether in physical data centres or in the cloud. Encryption, access control, cloud security, and secure DevOps are some of the key initiatives are forming the cyber security landscape.
Because of the focus on digitalization, cyber security is getting a renewed boost. Demand for customized and innovative solutions is pushing the market forward. However, the lack of skills in cyber security is an area of concern. India rapidly needs cyber-skilled manpower not only for the local tasks but also to emerge as a global powerhouse in the area of cyber security services. The Cyber Security Task Force (CSTF), set up on the call of Prime Minister Narendra Modi, by Nasscom-DSCI also recommends on building 'a trained pool of 1 million certified and skilled cyber security professionals by 2025. While it is an easier said than done, it is achievable.
Sivarama Krishnan is Partner and Cyber Security Expert at PwC India.