Pointing out that the World Economic Forum has listed cyber attacks as the third largest risk globally, Ian Yip, Chief Technology Officer (Asia Pacific), McAfee said cyber crime has become more of a societal issue. In an interview to BusinessLine , he spoke about privacy concerns in national identity projects like Aadhaar and the need for better security in IoT-enabled or smart devices. Edited Excerpts

How well are companies prepared against cyber security risks?

It depends on the industry. Some, like financial services are doing comparatively well as they deal in money. Governments also spend a lot of money as they have to protect the interests of citizens. The Indian government does a lot on cyber security, as they have a couple of draft laws on privacy and cyber security. Critical infrastructure like power and utilities, water supply, transport and even airline companies realise that they have to make sure that safety is paramount, and the more the world connects the more the physical and the digital are going to be connected to each other. In fact, the World Economic Forum lists cyber attacks the number three risk globally, with one and two being acts of nature.

How do government regulations like GDPR (General Data Protection Regulation) that work to safeguard privacy impact companies?

Regulations are good in the right amounts. Not everything should be regulated, but for the right reason is good. Things like GDPR are beneficial for cyber safety of the world and especially for privacy. Privacy is a human right. If a company is socially responsible, it would already have taken care of safeguarding privacy. There are a lot of companies interested in other things and privacy becomes a secondary focus; then they require regulation. Government regulations flip the monetary equation on data because without the privacy regulation, data is actually money.

What about concerns over privacy in Aadhaar?

There are a lot of benefits to India’s identity systems and its reach is unprecedented in the world. But it needs to be measured with a level of caution. Just because it is used for government services, doesn’t mean it should be used for absolutely everything. There are architectural ways you can get the information required.

For example, the person behind the bar doesn’t need to know my exact age, just that I am of drinking age. A lot of times unfortunately, they capture the exact information and not the binary piece of information.

With Artificial Intelligence and Internet of Things now coming to the mainstream, what are the security risks ?

These are two separate things. AI has a part to play in cyber defence but at the same time it can be used to make cyber attacks more sophisticated.

From an IoT standpoint, the biggest challenge is that you don’t necessarily always know that something is digitally enabled or smart.

These devices are very low powered and it is sometimes not feasible to install any additional protection. Security is not the priority of manufacturers of these smart devices. If there is no systemic security and privacy design built into the product, we will have to play catch up. But the US and the Australian government are looking to ensure that there are minimum security standards enforced that must be built into such devices.

The journalist is in Sydney to attend the MPOWER Cybersecurity Summit 2018 at the invitation of McAfee.

Related Topics
comment COMMENT NOW