Comments
Well before the advent of the Covid-19 pandemic, global governance appeared to be in tatters. Politicisation of the global economy was already posing a serious threat to nations and their economies.
Other threats have since emerged, most noteworthy being the digital threat. For instance, digital technology is already being employed to maintain absolute control over protesters in Hong Kong. Meanwhile, the number of cyber attacks on banking and financial institutions is increasing, and data theft is becoming rampant. All this raises the spectre of a digital pandemic.
The cyber threat is emerging as possibly the biggest danger posed to society. We are perhaps at a new stage in human experience and exploration.
Our ancients had postulated the unity of paradoxical dualities, and the need for one to go beyond what is seen and the unseen.
Today, given the nature of the cyber threat a deeper understanding of many pervasive dualities has become an imperative necessity.
Across the board attacks
Cyber attacks today span the entire spectrum of critical infrastructure; banking and finance; energy exploration and production; shipping; power generation facilities; apart from various departments and arms of the government. Cyber criminals are driven mainly by financial motives, but apart from money, one of the most lucrative areas for cyber criminals today is data-theft.
Cyber security is a dynamic domain of computing information and technology.
The ‘dark web’ hosts a great deal of information which aids the new breed of cyber criminals. Ransomware, which demands payments after launching a cyber attack, has become common. Phishing, including Spear Phishing, attacks have grown in geometrical progression.
In India, important priorities today, apart from protecting critical infrastructure and security structures, are maintaining business continuity for enterprises and preventing cyber attacks on critical business assets.
Meanwhile, the number of attacks has surged during the pandemic period. Several thousand malicious domains and websites are reported to have been registered in a very short period of time, apart from the creation of a number of fraudulent UPI IDs and web portals.
In a post-Covid world, Identity and Access Management (IAM) will thus become an even more critical tool to defeat cyber criminals. With business becoming highly reliant on technology, the potential risks have vastly increased. With the advent of the Corona virus pandemic, cyber challenges have taken on a new dynamic, with businesses having to adapt to a new situation.
As more and more people work from home, securing end points such as laptops or smartphones has gained in importance, and elements in the network chain such as the home router, access points, IOT devices, a person connected, all have become vulnerable. Meantime, cyber criminals are finding new weaknesses to take advantage of the situation.
Hackers are creating new malware, and one of the more recent innovations has been ‘file-less malware attacks’. Many organisations believe that to defeat cyber criminals, it is enough to improve encryption policies — and many new encryption policies have come up — but it must be recognised that while encryption might afford protection for data in transit, it does not provide security for data in storage.
The Internet of Things (IoT) is already taking on a larger role in people’s professional and personal lives, bringing with it many new cyber security challenges. According to experts, the average amount of time that it takes for an IoT device to be attacked once connected to the Internet is five minutes. It has to be kept in mind that IoT devices are one of the primary targets for DDoS, MITM attacks and other types of malware. Properly securing IoT devices to avoid catastrophic cyber attacks has, hence, become essential.
Growing vulnerability
It is a truism that a country’s dependence on technology enhances its vulnerability. As organisations get increasingly interconnected, they pose a unique security risk. Data generated by network devices including IoT, vastly expands the existing threat scenario.
Conscious of the burgeoning cyber threat, the government of India is in the process of amending its National Cyber Security Policy 2013. The earlier Act envisioned a National Cyber Security Policy with an integrated vision and a set of sustained and coordinated strategies for implementation.
The primary mission was to protect information and information infrastructure in cyber space, as also build capabilities to prevent and respond to cyber threats.
In short, its objective was to create a secure cyber ecosystem in the country, including strengthening the regulatory framework.
Consequently, it sought to create mechanisms for early warning of security threats, vulnerability management and quick response to security threats.
Towards this end it proposed the setting up — and operating — a 24x7 National Critical Information Infrastructure Protection Centre (NCIIPC) and mandated relevant security practices, relating to the use and operation of information resources.
Additionally, it proposed creating a 24x7 National level Computer Emergency Response Team (CERT -In) to function as a nodal agency for coordination of all efforts for cyber security emergency response and crisis management. Several changes/amendments to the 2013 Cyber Security Policy document are currently awaiting the final orders of the government.
Corporates’ role
Meantime, it is important to recognise the role of providers of cyber security solutions. Specialised companies in the cyber security space today possess certain unique and specialised products, thus enabling customers to accelerate secure digitalisation to protect both infrastructure and data.
Some of these companies have an edge over the large majority of IT companies that are in the cyber space today.
It is important, nevertheless, to recognise that advances in technology do tend to be double-edged in the world of cyber space. Hence, a successful cyber security policy demands a well focused approach. Given the evolving nature of cyber security attacks such as web application breaches, Ransomware reconnaissance, cyber espionage, DDos and MIM attacks, a fresh approach jettisoning ideas that dominated in the past (as their potential has been exhausted) is called for.
The precise challenges ahead are not yet known, but they are coming.
The writer, Executive Chairman, CyQureX India, served as India’s National Security Advisor in 2005-2010
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.