The rapid digitization and digitalization on the back of inadequate importance given to the security of the systems has put India's digital business on a precipice. Cyber breaches have started to come to light, they are impacting financially and some of them are large ones.
Since April 2013 to November 2016, the top 51 banks in India have lost nearly USD 72 million of which 56% was because of net-banking thefts and card cloning. (Economictimes)
The Indian Computer Emergency Response Team (CERT-In) has reported close to 39,730 security incidents till October 2016. (Source: Business Standard)
The cost of data breach in India increased significantly from USD 51 in 2015 to USD 55 for one compromised record. The total average cost paid by a company also increased from USD 1.32 million to USD 1.45 million in 2016. (Source: IBM, Cost of Breaches report)
Since April 2013 to November 2016, the top 51 banks in India have lost nearly USD 72 million of which 56% was because of net-banking thefts and card cloning. (Economictimes)
The Indian Computer Emergency Response Team (CERT-In) has reported close to 39,730 security incidents till October 2016. (Source: Business Standard)
The cost of data breach in India increased significantly from USD 51 in 2015 to USD 55 for one compromised record. The total average cost paid by a company also increased from USD 1.32 million to USD 1.45 million in 2016. (Source: IBM, Cost of Breaches report)
This is seriously large number, which has come to light. However, the disclosure norms for cybersecurity breaches in India are ambiguous and inadequate. To be frank, the regulators and government have woken up to the risks that sketchy cybesecurity measures pose for the rapid digitization and digitalization.
There have been multiple directives given by different regulators with Reserve Bank of India being the most active in issuing these directives.
However, the sophistication and resources available to the bad guys in the cyber world has increased many fold with state actors getting involved. The other problem is that the bad guys collaborate and good guys do not. The underground communities have a more seamless and sinister way of attacking in groups and sharing information.
The mainstream cyber environment will have to communicate and collaborate formally to counteract the threats. Here, the regulators and government will have to lay out in very specific terms the mandates for managing cybersecurity within each individual organization and collaborate and communicate outside of their organization.
My suggestions are:
1) For specific roles, the companies should be mandated to show that they have the best practices and resources, who are qualified with specific certifications. The way a chartered accountant is required to audit the financials and publish annual filings of a company, in the same way, staff with specific qualification should be required for managing and auditing the cybersecurity
2) All the financial transactions impacting a company has to be reported to the regulator and for the listed company, it has to be published in various forms to the stakeholders. In the same way, any breach in cybersecurity should be reported. Also, as cybersecurity at a company cannot be treated in isolation, it further necessitates that the disclosure be made public even for private companies
3) Finally, there should be a concerted effort to address lack of security awareness amongst the masses resulting in poor security practices
4) There should be crack down on the pirated software, missing basic security controls such as anti-virus on customer devices and usage of rooted and jailbroken devices etc.
Please connect with the author of the article at jhasumit@gmail.com for any help on cybersecurity.
No comments:
Post a Comment