Cybersecurity is one of the most critical aspects of the current digital transformation with cybercrime being a major threat, according to Keshav Dhakad, Group Head and General Counsel, Microsoft India.

Dhakad spoke to Businessline about the current state of the cybersecurity landscape and the focus area in terms of cybersecurity in India in the near term, including a national cybersecurity strategy. Excerpts here:

How has the cybersecurity landscape evolved over the pandemic?

The landscape has definitely evolved to a new level, all together across the society and economy because of the pandemic and we are still not out of the woods.

There are three clear trend lines that we are all are seeing, First, remote work has clearly accelerated. It exposed more vulnerabilities than in the past. The attacks have not only increased in size and scale but also in sophistication because criminals want their technology to breach an attack.

The current digital state is more distributed, more diverse. And it’s as complex as well, which, is also leading to a rise in cyber attacks. According to data from CERT-In, cyberattacks rose by almost 300 per cent in 2020 compared to 2019. We are seeing the government really increase their investment to fight cyber threats. The funds allocated by MeitY to tackle cyber threat has increased more than five fold since 2015-16.

This will be one of the most disruptive forces at this point in time. It’s a cyber pandemic that’s happening alongside the real pandemic.

Cybersecurity is one of the biggest elements for successful business transformation. And cybercrime is the biggest threat that is costing economies more than $6 trillion each year. And that’s expected to increase to $10 trillion by 2025. The scale of how much disruption is caused alongside the digital transformation needs to be underscored.

There’s also a very clear aspect of the lack of skilled professionals, who not only understand the sophistication of cyberattacks but also, are able to manage a modern secure environment as compared to a traditional one.

This is also an opportunity to bring diversity to the cybersecurity primary ecosystem. There is not only the skills gap but there are also wide gaps in terms of women participation in cybersecurity. It is currently heavily male-dominated. I think these are the trends I see will be critical for next year.

When we think of the overall cybersecurity industry growth, it is growing at a CAGR of 21 per cent, it is going to hit over $13.6 billion by 2025.

This is an opportunity that is shaping up. We are also facing the maturity of the industry as a whole. The skills gap will probably be an inhibitor unless we make cybersecurity a priority.

Experts including India’s national cyber security coordinator Lt. Gen. (retd) Rajesh Pant have spoken about a national cybersecurity strategy. What are the aspects that the policy needs to focus on?

The government has increased its investment in looking at what are the cybersecurity needs of the country, and they have been building a national cybersecurity strategy. General Pant spoke about it, that it has to support the governance structure that is required to build a resilient nation, which is on a path to adopt digital technology. It needs a central apex body to manage and also coordinate different agencies that have a different stake in cyberspace.

I think that you will see the focus coming up on how do we define the critical infrastructure and how do we go about protecting it? What is the role of the public and the private sector in enabling this because each brings a different set of objectives or a certain set of key contributions and capabilities to build that? How does cybersecurity impact national security and we have already seen that India is not immune from cybersecurity threats, and has the government taking steps towards having a resilient cyber ecosystem to protect national security as a whole?

What are the focus areas in terms of best practices and investments in cybersecurity for organisations in India in 2022?

What is also happening is now is that security is becoming more of an essential service as compared to an afterthought of adopting technology. A lot of focus is going towards protection, but detection is becoming more and more critical. One of the most premium issues that the industry has seen is just basic thinking of cyber hygiene. And lastly, I would say the cloud-first digital transformation strategy. We are coming out of the legacy to move towards cloud-based security and it’s hard to protect environment that are primarily on-premise.

These are some of the best practices shaping up. But we still have a long way to go to manage the modern security infrastructure.

On the industry side, our biggest focus would be zero trust. this is something that evolved during the pandemic. This is a great opportunity for companies to start focusing on what does a zero-trust ecosystem looks like? And what investment do they need to make to have that resiliency, to be able to put solutions and cloud-based solutions to detect, and to authenticate every access?

Second, how do you enable security by design? Security has to come as a built-in part of your digital transformation story and digital transformation roadmap.

Lastly, data has to have a central role as data exponentially increases with time. I think India will be one of the biggest producers of digital data. As we move forward with rapid digitalisation, we are seeing that the industry has to think of a data-based risk approach. You have to reimagine or rethink security. Because if you put data in the centre of it, then you start to look at what is the importance of the data? What is my data governance model?

Today data is a new asset class that organisations are realising. If that data is compromised, or loses integrity or is stolen, that can cause a lot of destruction. And companies can even lose a competitive advantage over this. So how do you label data? How do you classify what are your data loss prevention policies? These are critical to your overall security investment.

Regulations will bring a high degree of data governance, and under the data governance also sits, how you really manage in a unified way, all the data that you’re generating, and where you’re storing and how you’re securing them. And then also understand what the regulatory environment looks like. I think these three things will definitely be a priority for next year, as companies prepare for India’s first-ever data privacy regulation. That’s going to fundamentally shift from good to have security practices to must-have and you’re also accountable to the regulators and your shareholders and, and citizens at large. Every company will have to adhere to it. This is, I would say India’s GDPR moment.

What will be the focus of Microsoft’s efforts and investments in the cybersecurity space?

First of all, our partnership with the government, which has been long-standing. We would want to continue to build on it. Because that involves the sharing of threat intelligence. We are working very closely with certain intelligence offices as well, where our commitment is to further enhance that collaboration. We are leveraging our big data.

We analyse over 8.3 trillion signals each day globally for potential malicious activity in email, on desktops and laptops, and in the cloud applications that people log into for work and for personal life. It enables us to collaborate with the government on the data that’s relevant for them.

Second, we are stepping up our fights against cyber fraud. We have been working to disrupt them. And we have been part of many operations with various police agencies around India, as well as CBI and Delhi police to disrupt these call centres, which are committing cyber frauds.

Third, skilling investments, security skilling and preparing the next generation of security leaders. Overall, globally Microsoft announced it will invest $20 billion over the next five years to accelerate efforts to integrate cyber security by design and deliver advanced security solutions.