Sandeep is a cybersecurity professional with 9+ years of experience bringing together the best security experts to simplify the complicated cybersecurity problem. As the Founder and CTO of SecureLayer7, from the beginning of 2013, Sandeep built its vision, strategy, and direction. As a bootstrapped startup, Sandeep has worked towards building a stable and reliable cybersecurity firm with remarkable growth.
Even as governments and economies are coming to terms with the new normal and gearing up for long term impact of the crisis, technology innovators have been working overtime to design solutions which could help retain operations and growth. Supported by government policies and innovations in emerging technologies like AI, ML, IoT etc., India has been steadily inching towards a technology enabled economy.
However, with the rise of connected devices, efficient internet penetration, and widespread digitisation of multiple sectors, including education, finance, healthcare, retail, and even agriculture and logistics, comes the threat of cyber-attacks which can cause not only monetary losses but compromise data privacy and put the economy and lives in danger. As of the first quarter of 2020, India already recorded a 37% rise in cyber-attacks. Risks like data leakage, connection to unsecured Wi-Fi networks, phishing attacks, ransomware, spyware, apps with weak encryption (also known as broken cryptography) are some of the common cyber threats plaguing us. IoT and connected devices have also reported increased cases of data breaches.
Being the second largest consumer for smart devices and a country with one of the largest base of internet consumers, India continues to remain a sitting duck, vulnerable to several national and international cyber-attacks. Some of the key reasons for this vulnerability can be listed as:
- Outdated Systems and processes: While we do enjoy smart personal devices, a large part of corporate and business technology systems continue to depend on outdated or legacy infrastructure, with poor or inadequate cyber security protection.
- Accelerated digital adoption, over a short span of time: The wide spread digital adoption across public and private sectors, has left little or no time for the proper development of a backend cyber security infrastructure, putting a large amount of data at risk.
- Limited understanding about cyber security: The understanding of cyber security and its prevention continues to be limited to installation of antivirus and malware protection software on individual computers/ devices. Even as cyber-crimes are getting more and more sophisticated, the lack of understanding among the end user, continues to aid in successful cyber-attack instances.
- Fragmented and Unorganised cyber security infrastructure: This is a largely unorganised and fragmented sector of cyber-security service providers and entrepreneurs. More so, the lack of stringent legal framework for identifying and taking cyber criminals to task, is hampered, for the lack of strong cyber security laws.
Even as we are trying to deal with the threats, the type of cyber-attacks are also evolving, creating a more complex and advance set of threats. These include:
- Cloud Vulnerability: Even as an increasing number of businesses adopt cloud computing, data security concerns continue to rise. As per an Oracle’s cloud threat report 2019, cloud vulnerability continues to remain the highest cyber security challenge in the near future. While larger third party players like Amazon and Google are investing heavily on cloud security, smaller organisations and businesses that are using independent cloud services, are sceptical about investing in cloud security and thus remain vulnerable to threats like data breach, account hijacking, malicious internal threats, and even DDOS attacks.
- Social Engineering and phishing attacks: This implies manipulating and leading unsuspecting victims to perform actions or divulge information, without the knowledge of the consequences. Baiting, Scareware, Pretexting etc., are some of the most common forms of Social engineering attacks. Phishing continues to be one of the most wide spread form of social engineering attack that involves fraudulently obtaining sensitive data like card and bank details, personal information etc., which is then used to make fraudulent transactions. Rise of e-commerce has further increased instances of Social Engineering attacks and it is on a rise.
- Attacks using Emerging Technology: Machine Learning, AI, and connected devices use a large amount of crowd sourced data and information user information from social media and apps, like satisfaction ratings, brand preferences, spending patterns, browsing histories etc., making them a preferred target for cyber criminals. Machine learning poisoning, a method to inject instructions into a system to gain insights, information and even control the outcome, is one of the modern security breach methods targeting sophisticated systems. AI fuzzing, another tool primarily used to detect, identify and fix cyber-attack vulnerabilities in a system, can also be used by fraudsters to control and automate attacks.
- Data breaches, malware, and ransomware: While these are some of the most easily executed threats, they also continue to be the most common and widely used threats among cyber criminals. In the age of AI, ML, VR and connected devices, Data is the new currency. Data breaches thus remain the priority target for most fraudsters. Malware and ransomware have caused a lot of trouble recently when work from home had rendered official IT systems vulnerable due to access from unsecured home servers. Infecting a computer with a malware or ransomware which then encrypts and makes the data unavailable for the user until the ransom is paid, is nothing less than a bank heist!
While each of the above pose a grave threat, an efficient and strategic cyber security infrastructure can help prevent these instances and save the government, businesses and individuals a lot of time, effort and money. By investing in a robust cybersecurity that offers end-to-end security ecosystem for individual device and network to reliable data back-ups, regular third party risk assessment, and strong multifactor authentication mechanism need to be put in place. On a mass level, the first step would be a strong legal framework for handling cyber-crime, followed by a wide spread awareness campaign about the significance of cyber security and why businesses need to take it seriously. Together, these unwarranted and fraudulent interferences can be handled, to make India a truly robust digital superpower.