Rapid digitalization and increased mobility bring many benefits but, at the same time, broaden the threat and vulnerability landscape.
The increasing number and frequency of recent data breaches have proven that Indian organizations across all sectors are vulnerable to cyberattacks. Last year, India had the largest average number of breached records along with the Middle East and the US, according to the 2019 Cost of a Data Breach report. After two major attacks last fall – one carried out against the Kudankulam Nuclear Power Plant, the newest and largest nuclear power plant in the country, while the other against the Indian Space Research Organization (ISRO) – it is clear that India needs to step up its cybersecurity measures.
Rapid digitization and cyberattacks on the rise
Adopting new technologies and pursuing digitization also means cultivating a cybersecurity workforce. India has the second-largest internet user base, and due to the constant digital and data growth, it is essential both for enterprises and government authorities to be equipped with the necessary resources and to provide efficient cybersecurity and data privacy. Besides the risk of a data breach that causes both financial and reputational loss, growing compliance requirements, as well as the loss of competitive advantage, are essential factors to take into consideration.
The costs of data breaches are increasing on a global level, and, although malicious attacks are the most common and most expensive root cause, organizations should put more emphasis on preventing insider attacks too. According to a report by DSCI, the average cost of a malicious insider attack rose by 15% in 2019 from last year. In India, the BFSI and the government sector are among the most vulnerable ones followed by healthcare, manufacturing, and energy – and each has its own unique cybersecurity challenges. Furthermore, the emergence of technologies like the Internet of Things (IoT) in organizations coupled with a growing trend for convergence and multi-system interconnectedness, introduce several threats and requires active security and monitoring.
Currently, the digital economy contributes approximately 15% to India’s GDP, and it is expected to grow to 20% by 2024, which means that the number of digital services, as well as the volume and value of the produced data, will show an increase. Moreover, a rising amount of sensitive data, including credit card numbers and Aadhaar numbers, is being stored online, and together with the expanding number of connected devices, it creates the need for an enhanced cybersecurity strategy that includes a variety of cybersecurity products. The first step is that organizations must address basic cybersecurity risks like weak credentials, as these still are captains of the industry. Larger and more mature organizations have already undergone the initial grind and have incorporated cybersecurity as part of their strategy, but with threats constantly evolving, there is a need for improving it. Depending on the size of the organization and the industry, this strategy should cover data security, endpoint security, network security, identity, and access management, as well as security intelligence detection and response (IDR).
Regulatory focus on cybersecurity
Cyberattacks are growing and becoming more sophisticated, resulting in increased regulatory attention towards cybersecurity as well. Regulators are formulating frameworks and guidelines, but also tightening controls over organizations across different sectors.
Global regulations such as the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), or Health Information Trust Alliance (HITRUST) will continue to have a growing impact on the Indian market due to exchange of services and data. National regulations such as the Personal Data Protection Bill of 2018, compliance with the Cyber Security Framework for banks, and the Digital Information Security and Healthcare Act (DISHA) of 2018 are also being considered as factors driving data security and privacy requirements.
Still, the government needs to invest further to strengthen India’s cybersecurity framework. A thorough risk and gap assessment of the current cyber resilience of the country’s various economic sectors is still necessary, as well as strengthening and reviewing national cybersecurity projects such as the National Cyber Coordination Centre (NCCC), National Critical Information Infrastructure Protection Centre (NCIIPC) and the Computer Emergency Response Team (CERT).
In conclusion
The reported breaches in the recent past are causing concern to both governments and businesses. India needs to strengthen not only the legal framework to handle cybersecurity cases, but it has to improve the protection of critical infrastructure and to build offensive capabilities as well as to educate citizens about the safe use of digital assets. Prioritizing cybersecurity and the security of its major sectors is crucial for ensuring India’s stature as one of the world’s leading investment hubs; thus, cybersecurity measures both from the government and organizations are expected to evolve and to become more pronounced in the future.