As per a recent market research report, the global Cyber Security Industry is growing at a CAGR of 10.6% and will be worth $202.36 billion by 2021. In the case of India, this figure is expected to grow at a CAGR of about 8% from the current $1.23 billion. At present, there is a severe shortage of approximately one million SKILLED cyber-security professionals in India.
While there is such an unprecedented growth in the technology sector, with India advancing its technological innovations through initiatives such as ‘Make in India’ campaign, there have also been serious concerns about the economic loss, data theft and privacy arising from cyber-attacks around the world. India continues to be an eminent technology super power for software development, data processing and outsourcing. This development continues to draw significant attention from India’s neighbouring rival nations. It is felt that cyber intelligence will play an even bigger role in protection. Earlier, spying was essentially physical, but today it’s predominantly technical – comprising Smart-phones, Social Media, Emails, etc. Recently, the elite NSG (National Security Guard) website was hacked and defaced, reportedly by Pakistani hackers.
Unlike any other asset, in the case of an information asset, it is extremely challenging to even detect a breach, leave aside protecting it – especially from leakage and exploitation. Loss of physical assets can be detected fairly quickly, provided adequate monitoring processes are in place. In such cases, once detected, the loss can be estimated and measures can be taken to minimise or mitigate the risks/losses. However, in the case of digital information assets, there have been instances such as the theft of credit card information and email passwords, where hacking/leakage is either not detected, or is detected after considerable time. Due to the lack of skilled security professionals, such breaches invariably come to light only after a few months/years, after reports of exploitation emerge. Quick detection can help in minimising or mitigating the loss to a large extent. For instance, if a credit card information leak is detected immediately, the Service Provider can initiate prompt steps to (a) Inform and alert the customers (b) Block / hot-list the cards and (c) Issue replacement cards.
Of course the Government is also doing its part. To tackle cybercrime, the Central Government is planning to review the Information Technology Act. After the recent massive credit card breach in India where PINs and other critical information were exploited to withdraw funds, a technology infrastructure audit of the National Payments Corporation of India (NPCI) is planned, to look for areas that could be exploited by cyber criminals. The Government is also planning to strengthen the CERT-In with ethical hackers, who would constantly monitor the network and respond if any unusual activity is discovered. Furthermore, all digital payments agencies have been asked to report to CERT-In, any unusual activity on their platforms. CITOs (Chief IT Officers) have been appointed in every Ministry and Government Department and a massive awareness programme for the administrative personnel is planned. These moves are also prompted by the claims by Legion – a cyber-criminal gang, that it had found flaws in India’s banking infrastructure that could potentially lead to breaches. The Government has formed two teams in CERT-In, one to respond to cyber-attacks and the other to monitor digital payments, which has, in the past one month, seen a 1,000 per cent surge. The Ministry has, till date, issued eight advisories on the usage of different types of digital payments.
While these plans are appreciable, what is severely lacking is the availability of skilled cyber-security professionals. According to NSD (National Security Database), there are less than 5,000 experts who can be identified as a HIGHLY SKILLED workforce in India. The primary reason for this is that most “experts” are only at management / theoretical level and have little or no “hands-on” capabilities in Cyber Security. The Government reportedly needs over 3 lac security experts to protect our Critical Information Infrastructures such as Railways, Aviation, Transport, Nuclear, Space, Oil and Gas. In other words, the demand for Cyber Security professionals can only increase in leaps and bounds.
About the author:
Mr. Satish Warrier- Cybersecurity
He is a seasoned Information Security professional, having handled the role of a CISO for over 15 years in Banking, Manufacturing, FMCG, Retail and Real Estate Sector. Besides being an MBA, Satish has done his Computer Management course from Jamnalal Bajaj Institute of Management Studies..He was the first CISO (Chief Information Security Officer) of IDBI Bank, having set up, from scratch, the entire security infrastructure of the Bank to protect the core banking application and alternate banking channels such as ATM, POS, Internet Banking, Mobile banking, etc. from internal and external threats.