Guard up – Why we need to talk about data security
As we get exceedingly reliant on digital information, our vulnerability to cyber attacks increases.
By: HT Brand Studio
We live in an age when everyone is going online, and everything is becoming digital. Almost half of the world's population is on the internet, and India alone has about 400 million netizens. Up until now, cyber security was seen as a concern for backroom IT guys, and not for individuals. Not anymore. We are online to surf, shop, pay, and share information, making us vulnerable to numerous threats. Experts say that data is under risk from various people in cyberspace, namely - cyber criminals, hackers, hacktivists (a portmanteau of hack and activism, these are people who are politically or socially motivated), cyber terrorists, and nation states.
Cyber crime has been called one of the biggest risks to data and security. A report by Mckinsey says, "Despite years of effort, and tens of billions of dollars spent annually, the global economy is still not sufficiently protected against cyber attacks—and it is getting worse. The risk of cyber attacks could slow the pace of technology and business innovation with as much as $3 trillion in aggregate impact."
The cyber scenario in developing countries
Developing nations which are in the throes of a technological revolution are catching up on modern technology, but the infrastructure for cyber security and cyber laws are either archaic or non-existent. Countries like India are bringing millions of people online, but the security infrastructure is just not ready.
Figures on cyber crime are startling. "The likely annual cost to the global economy from cybercrime is more than $400 billion," says a study. UNESCO says that the increased threat of cyber attacks puts critical infrastructure, like the information systems of hospitals, air traffic control facilities, factories, police and military, of developing nations at risk.
For emerging digital economies, another risk is that hacking attacks and online fraud can deter people from using e-commerce or e-payments. Added to that is the fact that Indian data protection laws are inadequate and only address some security, and privacy issues. Meanwhile cyber crime in the country is on a rise: The National Crime Records Bureau (NCRB) said in its 2016 report, that 11,592 cases of cyber crime were registered in India in 2015. We need to work fast on building a security infrastructure to insulate the billion strong population from cyber threats.
The road ahead
As a first step, India needs a national level programme for cyber security and a budget for implementation. We need to develop standards and guidelines, and build capacity for laws and enforcement.
Second, public and private institutions must identify what their information assets are and which ones need protection. Cyber experts have to be employed to understand the threat landscape and take a risk-based approach to identify impact. They will have to understand the functioning of departments and businesses, and prioritize information assets in need of protection.
Organisations have to invest in building cyber defence systems and build capacity to analyse threats according to the kind of information they possess. Srinivasan CR, Senior Vice President, Global Product Management & Data Centre Services, Tata Communications, says "To alleviate pressures on the IT department and ensure a smooth transition to the cloud at a pace that best suits the organisation, it is beneficial to choose a fully managed private cloud solution. When combined with an integrated security framework, a fully managed private cloud gives enterprises secure, reliable access to data no matter what, and protects intellectual property by constantly monitoring data entering and leaving the network across all devices."
For instance, Tata Communications' IZO™ platform is a flexible, one-stop cloud enablement platform that helps enterprises navigate complexity for more agile business performance. It offers enterprises the best of both worlds: the security and reliability of a private network, and the unparalleled reach and cost-effectiveness of the public Internet.
Third, we need to be in a constant state of preparedness. Defence mechanisms need to be tested continuously to improve incident response. The Sony hack of 2014 for instance is a big lesson on the lack of preparedness. As per reports, when the cyber-attack was launched, employees who logged on to the network were subjected to the sound of gunfire, scrolling threats, and skulls flashing on their computer screens. Hackers stole the company's data before destroying it and released batches of data including unfinished movie scripts, emails, salary information and more than 47,000 Social Security numbers on public file-sharing sites, writes Fortune magazine.
The fourth step is to educate users, usually the weakest point for any institution. Users are known to click on links that they should not click on, or choose insecure passwords. It has become essential to help users understand the personal and business risks they pose by not using secure measures.
It also needs to be ensured that there are no breeding grounds for cyber criminals. "Hacking and cyber-crime originates in the anonymous underbelly of the internet, addressing negativity in these subcultures, and encouraging impressionable minds to stay away from dangerous influences, will be recognized as increasingly important," the Boston Global Forum says in its report - Cybersecurity 2016.
With increasing internet population, enterprises as well as individuals are prone to the cyber risks. As a country, the biggest challenge to implement data security is to acknowledge that this is an issue for both the government and private sector. At an organisational level it has to be understood as a management issue and not just a tech issue. Cyber risk has to be made part of enterprise-wide risk-management processes and it's pivotal that everyone prepares for a new generation of cyber crimes.