Are we prepared for cyber attacks?

Why cyberspace is getting more vulnerable?

• The shortage of cash happened due to demonetisation has forced people to migrate to online transactions even for their smallest needs.
• This sudden uptake of online transactions has exposed the existing security gaps in the system which make organisations as well as customers vulnerable to cyber attacks at this critical time.

How the term ‘security’ is often viewed?

• Security is seen as just another layer to transact hassle-free but it is imperative that security becomes embedded by design rather than as a bolted add-on for payment gateways.

In what ways can the cyberspace be exploited?

• The existing security gaps are ready ground for cyber-criminals to exploit. There are various ways of doing this:
  • by introducing a malicious bug into the system that can skim through privileged information.
  • by introducing rogue applications to lure customers into downloading them.
  • by intensifying hacking attempts and phishing attacks etc.,
• According to research on strategic national measures to combat cybercrime, mobile frauds are expected to grow by to about 65% in India by 2017. About 46% complaints of online banking are related to credit or debit card fraud.
• In the absence of a proper understanding of the security infrastructure and the right policies and assets to protect, businesses and organisations are at a risk.
• India’s premier security agency, CERT, has already cautioned bankers and customers to adopt high-end security encryption.

In what ways can the cyberspace be strengthened?

• The data security infrastructure along with customer-redress mechanisms will have to be well thought of and the purview of IT laws for cybercrimes will have to be expanded to include mobile-wallet payment systems.
• E-wallet firms will need to invest in the latest technologies to safeguard their gateways against cyber attacks which are quite sophisticated and advanced.
• It is imperative that organisations develop a comprehensive “business-driven” security model that fully integrates with the security requirements keeping in mind the overall business goals and objectives of the company.
• Such a model will help organisations chose their security investments to create the best possible balance between customers’ ease of use and cyber security.

What are the current policies and laws?

• We already have strong cyber security guidelines in place but they are not followed stringently, leading to a ‘gap of grief’.
• The Government is mulling over the almost 15-year-old Information Technology (IT) Act to further strengthen cyber security infrastructure, following demonetisation.
• The RBI has also recently sent out a cyber security framework to be followed by banks, covering best practices.
• To help the Government achieve its goal of Digital India, the RBI has ordered all prepaid payment instrument issuers, which includes all RBI-authorised banks and NBFCs, to get a special audit done of their systems by auditors of CERT-In and comply with the audit report recommendations immediately.
• CISOs (chief information security officers) along with the board of directors now need to take tough decisions to address the business impact of a cyber-attack.

Conclusion:

• It is evident that the threat landscape is evolving continuously and the complex layers make cyber security a challenge.
• The Government’s push for stronger cyber security infrastructure is a welcome move, although we still have a long way to go. The illusion of protection from cyber attacks is a thing of past, no one is secure.
• How we minimise the impact with continuous monitoring, early detection and quick response is the key in the world of digital economy. An attack is imminent. It is now up to the organisations to prioritise their cyber security needs and act on it.

Category: Mains | GS – III | Internal Security

Source: Business Line