In 2017, India should prepare itself to tackle an ever increasing number of cyber security threats.
Digitalisation provides organisations with opportunities to grow and innovate but it also brings a new world of risks.
In 2016, the issue of cyber breach became a concerning topic after incidents of twitter accounts being hacked, health data being stolen and debit cards being compromised began making rounds and yet no major step was taken to meet the threats.
In this era of digitisation, when people and devices connect, astonishing opportunities emerge for hackers. Globally, we connect 30 million new devices to the internet every single week. Every second more new Indian connects to the internet and four new devices connect to the network. Today, connected devices are generating almost 300 times more data than all the people connected to the internet which have a larger impact on our daily lives by the way healthcare is provided, cities are managed and manufacturing and other critical infrastructure is managed.
After the transition of services from cash to digital, all the electronic networks which enable business innovation, generates insights and creates customer experiences should be protected. From retail banking to digital payments, companies that seize the digital opportunity need security everywhere to limit the risk of sensitive data compromise.
The Delhi police force has already started the process of setting up a security operation centre (SOC) estimated to cost Rupees 75 crore to save itself from such attacks by Pakistan and Chinese hackers and the Ministry of Home Affairs (MHA) has approved the proposal. As many as 79% of chief information officers plan to increase their spending on network security over the next 12 months. The police’s intranet and data centre contain a lot of information related to terrorists and terror activities which if leaked can pose a threat to national security.
Last year, cyber hackers from China, Pakistan, Sweden, Singapore, the U.S, Russia and Dubai had attacked Indian networks.
But a new legislation needs to be brought out on data breach disclosures and privacy protections which are applicable country wide. Today, if an online retailer’s system is breached an credit or debit information is taken, the retailer is not compelled to report it. Doing so may only hurt its brand. For an individual, this means that if their card data is stolen and unauthorised charges are made, they have no way of knowing where the breach occurred. There are no clear liability laws for such cases, so depending on the individual’s bank, they may or may not be liable for any money that is stolen. The laws need to be brought in place so that attackers can deter before bringing such acts in execution. There is an urgent need to set up a security operation centre for detection and prevention of threats. Cyber attacks on Indian companies doubled in 2015 according to PwC.
Earlier, a draft by RBI measure to limit the liability of customers in case of data breaches went through a public response phase in August, but yet RBI hasn’t issued any regulation. The RBI did also put out a notification titled “Cyber Security Framework in Banks” that specified several guidelines and best practices and imposed a reporting obligation on the banks. Though the banks had reported 19 incidents from June to October, the guidelines state that only ‘unusual’ incidents need to be reported which leaves a lot of discretion to the banks to not report incidents.
Digital transformation and Digital India require a strong cyber security foundation—a foundation that will enable companies and governments in India to have the confidence to implement digital processes and technologies that fuel innovation and growth. Without it, business and government leaders may hesitate to start digital projects.