India still vulnerable to cyberattacks: Experts
Two days ago, MobiKwik co-founder Bipin Preet Singh received a threat email. “They said that they would clog our system if I did not transfer 100 bitcoins to them. I called my security and infrastructure officer and they said they would handle the threat,” he said.
For Singh, such threats are not new and he knows it would not be the last. “The only thing we can do is to protect our systems round the clock,” he added.
At the Global Conference on Cyber Space, industry experts reiterated the fact that while the information technology, fintech and e-commerce revolution have happened at a phenomenal pace, the tools to protect them have not kept up with time. According to PwC India, as many as 10 major cyber attacks happened in the the past one year in the country.
Siddharth Vishwanath, partner, cyber security, PwC India, said, “Cyber security setup in India enjoys a large mindshare among the leaders but unfortunately not enough pocket share. Over the last year or so, we’ve seen some big hacks happening across sectors. And I don’t think anybody questions the gravity of the situation.”
Adding: “We have also seen an increase in the regulatory interventions from the Reserve Bank of India, and Insurance Regulatory and Development Authority of India among others, which is a welcome step. But, there is much left to do. From legacy systems to lack of right defence controls, all of it put together draws a rather grim picture.”
While there has been a push to cashless and digital money after demonetisation, the ways to secure it have not been given that much importance. The government had earlier said that an Indian Computer Emergency Response Teams specifically for finance would be set up but that development might happen only by next year. The government, however, on its part started a cyber coordination centre.
The government had earlier this year issued directives to banks to do routine technology audits. It is also in the process of setting up around 10 standardisation testing and quality certification centres in Jammu and Kashmir, Uttarakhand, Chhattisgarh, Bihar and Jharkhand. It is also working with private firms to reinforce cyber security of different areas. Companies such as Microsoft are also part of a consortium that would help the government tackle rising cases of cyber attack and cyber fraud by training around 1,200 information technology officers of ministries, banks and public sector units. Other major technology and cyber security firms are also part of this Cyber Surakshit Bharat Programme.
However, experts believe that the India needs to follow countries such as Singapore who have and are further bolstering their cyber security apparatus. “The cyber security bill that Singapore has is more resilient. We can follow such countries. We also need a robust encryption policy,” said Priya Mahajan, head of Asia Pacific Public Policy and Regulatory Counsel, Verizon.