Are we prepared for likely cyber attacks?

The Government has been focused on economic growth, as reflected in the various initiatives it has announced. The demonetisation move led to a massive reduction in the availability of physical currency. This shortage of cash forced people to migrate to online transactions even for their smallest needs or purchases.

However, this sudden uptake of online transactions has exposed the existing security gaps in the system which make organisations as well as customers vulnerable to cyber attacks at this critical time.

The existing security gaps are ready ground for cyber-criminals to exploit. There are various ways of doing this — by introducing a malicious bug into the system that can skim through privileged information, by introducing rogue applications to lure customers into downloading them, by intensifying hacking attempts and phishing attacks, and so on.

Given the masses who are innocent of the world of technology, it is a field day for cyber criminals. In short, an attack seems imminent. In the absence of a proper understanding of the security infrastructure and the right policies and assets to protect businesses, organisations are at a risk. India’s premier security agency, CERT, has already cautioned bankers and customers to adopt high-end security encryption.

Consider this: According to research on strategic national measures to combat cybercrime, mobile frauds are expected to grow by to about 65 per cent in India by 2017; about 46 per cent complaints of online banking are related to credit or debit card fraud. It should be a matter of grave concern not just for the Government but also for banks and end consumers.

Often, security is seen as just another layer to transact hassle-free but it is imperative that security becomes embedded by design rather than as a bolted add-on for payment gateways. The data security infrastructure along with customer-redress mechanisms will have to be well thought of and the purview of IT laws for cybercrimes will have to be expanded to include mobile-wallet payment systems. E-wallet firms will need to invest in the latest technologies to safeguard their gateways against cyber attacks which are quite sophisticated and advanced.

While we gear up to tackle the upcoming security issues in the country, it is imperative that organisations develop a comprehensive “business-driven” security model that fully integrates with the security requirements keeping in mind the overall business goals and objectives of the company. Such a model will help organisations chose their security investments to create the best possible balance between customers’ ease of use and cyber security

Another area of concern for the Government should be to implement the right policies and cyber laws that make online transactions a safer choice for customers. We already have strong cyber security guidelines in place but they are not followed stringently, leading to a ‘gap of grief’. The Government is mulling over the almost 15-year-old Information Technology (IT) Act to further strengthen cyber security infrastructure, following demonetisation. The Reserve Bank of India has also recently sent out a cyber security framework to be followed by banks, covering best practices. To help the Government achieve its goal of Digital India, the RBI has ordered all prepaid payment instrument (PPI) issuers, which includes all RBI-authorised banks and NBFCs, to get a special audit done of their systems by auditors of CERT-In on priority and comply with the audit report recommendations immediately.

CISOs (chief information security officers) along with the board of directors now need to take tough decisions to address the business impact of a cyber-attack. Cyber security is no more an IT problem, it is a business problem and needs to be tackled accordingly. The uptake in devices, various operating systems and the constant need for the devices to communicate with one another without the need for a gateway introduces unique challenges in the cyber security space making it complex to log every aspect of communication/transaction.

It is evident that the threat landscape is evolving continuously and the complex layers make cyber security a challenge. The Government’s push for stronger cyber security infrastructure is a welcome move, although we still have a long way to go. The illusion of protection from cyber attacks is a thing of past, no one is secure. How we minimise the impact with continuous monitoring, early detection and quick response is the key in the world of digital economy. An attack is imminent. It is now up to the organisations to prioritise their cyber security needs and act on it.

The writer is Managing Director — India and Saarc, RSA

COMMENT NOW