IT Security: The New Commanding height of the economy

Information technology (IT) has been a progressive field in the development trajectory of the world, and India has been no exception. We are moving towards a digital economy at a faster pace and should continue to do so, to extract the best from the world of IT. When Information technology has become such a crucial part of people’s lives through an open network, its security should not be neglected at any cost. Thus, IT security or what we also call as Cyber security, has become the new segment gaining major focus and a forward outlook across the globe.

The urgency in India

According to the recent Norton Cyber Security Insights report, Indians are increasingly becoming aware of cyber threats, but still, they frequently fall victim to cyber-attacks due to complacency. The operation modes used by hackers today to intrude into an IT infrastructure include hard-to-detect phishing and cloaking attacks which create identical looking, fake mirror servers to cheat the users. Clicking on untrustworthy links and responding to emails from unknown sources are the most prominent reasons through which users fall prey to such attacks. A recent cyber breach between May and July 2017 came along with the malware attack on Hitachi Payment Service Systems, which provides banking automation products, ATM and point-of-sale services. The attack affected more than three million Indian debit cards. Authorities were unable to map the origin of attack, the identity of the hackers and the malware technology which caused the cyber invasion.

Last few years have brought a wave of cyber threats coming from varied sources located in different countries. According to the Indian Computer Emergency Response Team (CERT-In), China has been targeting India’s cyber space and networks for years; 50,362 incidents numbered in 2016. Amidst the Doklam standoff against China, a cyber war has eventually begun between the two countries. Multiple occurrences of recent high-profile cyberattacks globally, have propelled India to catch up to its global peers and secure the digital information system. Fortinet, a cyber security solutions provider, conducted a survey for recent years and found that approximately 84% of India’s organizations have fallen prey to security breaches from local and foreign sources in the last two years. It also pointed out that Business executives, especially need to make cybersecurity one of the topmost priorities. However, a ray of hope has been the increased expenditure done by small and medium businesses and service providers on network security.

Recent WannaCry and Petya ransomware attacks on Jawaharlal Nehru Container Port in Mumbai have further alarmed the cyber security providers to create the best firewalls with advanced threat protection capabilities and securing online applications from potential malware. Fortinet further recorded that over 10% of the IT budget of Indian Organizations is being spend on cyber security and the Compound Annual Growth Rate has been 13.5%.

Cyber Security Solutions

Cyber or IT security has now been identified as a crucial field which cannot overlooked to maintain a data sovereignty. New cyber solutions are coming up to reach out to public, government agencies and business enterprises.

With increasing reliance on Cloud storage, services like Cloud security are gaining interest in Indian market along with the efficient costs and flexibility guarantees of cloud storage. A well-crafted cloud security strategy is what we need. This is where cloud security gateways and Cloud security broker system come into action. A cloud security broker can monitor and defend the entire cloud and all the systems within. In a typical government cloud, citizen data is moving constantly, as part of the daily operations. It is important that this data is only seen and accessed by authorized and authenticated systems or users. For example, a citizen’s Aadhar card is used as verification by many different Government programmes and systems and third-parties like banks, hospitals, telecommunication, pension, income tax etc. Here, the cloud security broker has the intelligence to detect when data is sent or intercepted in an unusual or unsanctioned manner. If there is an unauthorized user accessing Aadhar information, multiple times over the span of a few minutes and from different locations, it does not fit the normal pattern of access. For this, the cloud security broker could trigger an alarm and possibly even block access for the particular user for it to be investigated.

Cyber Security need not always be perceived to be complicated and out of layman’s ability to comprehend. Simplest of solutions can act useful. From impersonation to credit card information theft, crimes are being committed online every day. Users lose sensitive data and money, suffer invasion of privacy and much more. This is where VPNs come in. A Virtual Private Network (VPN) is an extension of a private network across a public network for providing users a secure connection. They are especially very useful in the business world as they allow branches located in different cities to connect to the main office’s network safely while creating a cohesive network. Private individuals can easily by-pass censorship, geo-restrictions, and secure their personal identity and location through its usage. VPNs in India can be either paid or free dependent on the services offered in a particular package. Of course, with free VPNs, one cannot be sure of the performance and the number of devices that can connect to it. Paid VPNs are usually very cheap and billed at the end of the month. We can have plans to choose from according to our budget and needs. An increasing percentage of India’s citizens are turning to VPN services to enhance their privacy and security in the face of government internet censorship. Based on certain online sources, NordVPN; ExpressVPN; Cyber Ghost VPN; Private VPN etc. have been rated some of the best VPN providers.

Disaster Recovery as a Service (DRaaS) is also gaining momentum in the Small and Medium Enterprises. It is more advisable for these enterprises as they are not financially equipped to support the entire infrastructure. In case any cyber attack strikes, they get an option to create a back-up restore and not lose all their crucial data in a go. DRaaS allows a customized subscription and a need-based service. In the past few years of India, the original DR Investment model has evolved into the Cloud Based Disaster Recovery model with emergence of major cloud service providers. Recently, HCL Infosystems collaborated with Sanovi, a technology provider, to bring the best solutions of DRaaS for the customers.

Rising trend of Ethical Hackers

The rising trend of hacking and other cybercrimes has created the need for the Social media giants in the world to employ ethical hackers for information protection and counter attacks. Ethical hacking has grown tremendously over the years in companies like Apple, Facebook, Twitter who are introducing “bounty hunter programmes” for hackers and encouraging them to penetrate their vulnerable systems and rectify the loopholes. Facebook bounty hunter programme was started in 2011 and it rewards hackers who report the worst glitches. Many fin-tech companies in Chennai are also employing ethical hackers to test the security systems of banks. Telecommunication industry especially has become very vulnerable at present and even amateurs penetrate and steal the database to use for their selfish purposes. In such a case, India needs to focus on the accurate provision of advanced training and employment scope for ethical hacking which can act as the saviour route for our personal and confidential data protection at a mass-scale.

India’s policy initiatives to combat Cybercrimes

In the past few years, India has taken some significant initiatives to strengthen its cyberspace-

• One of the most important is the National Cyber Security Policy of 2013 which provides the vision and strategic direction to protect the national cyberspace
• The year 2017 followed the formation of Cyber Security Kendras and the National Cyber Security Coordination Centre (NCCC) in 2017 which will perform real-time threat assessment and create situational awareness of potential cyberthreats to the country
• National Critical Information Infrastructure Protection Centre (NCIIPC) was created under section 70A of the Information Technology Act, 2000. It is designated as a National nodal agency aiming to protect and safeguard critical information infrastructure (CII) against cyberterrorism, cyberwarfare and other threats
• India has entered into bilateral agreements with developed nations such as the U.S.A., Singapore and Japan in order to promote research and information sharing on cyber security
• There are plans to set up 10 additional Standardisation, Testing and Quality Certification (STQC) testing facilities across the country for the evaluation and certification of IT products

India’s strategies and initiatives at the Policy front are commendable. However, in the long run, India needs to transform its greatest asset- the large pool of Skilled IT professionals, to create cutting edge softwares for powering India’s technology and not depend on imported technology. Well-known Cyber Security providers like Quick Heal Technologies or Net Protector, who have successfully managed to create a niche for themselves in the foreign dominated market of Norton, Kaspersky, AVG etc. should be customized for developing affordable and accessible protection mechanisms in all sorts of worst cyberattack incidents. Cyber Security can maintain a commanding height in India when its public is fully aware of the impact of science and technology on national security. Event such as US-based Maker Faire, for creative digital workshops and idea propagation, currently limited to IT hubs like Bengaluru, should become a nationwide practice.

Originally published at The Dialogue.