Cyber security, which today is a major concern for corporates across the globe, will soon emerge as the single biggest risk eclipsing regulatory risks and technology disruptions.
As we move to an increasingly networked digital environment, the sophistication and frequency of cyber-attacks will only increase. For India, which is already tagged as the second worst cyber crime affected country in the world after the USA by Symantec in a recent report, this calls for a proactive approach to threat identification and mitigation. It is not a matter of if but of when a cyber attack happens.
In the first half of 2017, India saw at least one cyber crime reported every 10 minutes, this figure is higher than a crime rate in the preceding year – one crime was reported every 12 minutes in 2016. While not all incidents gets reported, a total of 53,081 security incidents were handled by the Indian Computer Emergency Response Team (CERT-In) in 2016 alone. Despite increasing levels of awareness, incidence of cyber crimes seems to be on the rise with far reaching impact on the organisations and the economy as a whole.
The Indian Computer Emergency Response Team (CERT-In), an office within the ministry of electronics and information technology, is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens security-related defence of the Indian internet domain. It was set up on January 19, 2004
Organisations across sectors do recognise the risk and importance of cyber security and that the onus of protecting critical company resources from a cyber-attack is not just an information technology problem but rather requires the collective efforts of everyone within the organisation.
While organisations across the board has no qualms accepting that they have been victims of cyber crime and had suffered information technology (IT) breaches in the past, there seems to be a misconception about mitigating the risk that is leading to complacency in fighting the menace.
The way forward in this war against cyber crime is to translate the high levels of awareness into more tangible actions that can provide a safeguard against cyber attacks and minimise the impact in the event of one. The reality, however, is that the budget allocated for cyber security is often grossly inadequate to counter the risk. It is reported that a majority of organisations – 65 per cent of respondents in a survey – still lack a dedicated team to manage network security and that as much as 49 per cent of the organisation spent less than 10 per cent of their information technology budget on cyber security. Also, there are other issues such as lack of qualified personnel and inefficient deployment of available resources.
Setting up a robust information technology system and periodic assessments of threat and security risks can help in preventing many attacks and minimise the loss due to an attack. Setting in place a standard operating procedure with identified protocols, regular security audits and information security awareness training is some indispensable steps organisations need to take in the fight against cyber-crime.
Protocols for audits, trainings and awareness need to be identified along with identification of a strategy that provides maximum cover for its most critical operations.
With cyber attacks and cyber crime very much a part of our reality today, staying safe means a sustained and concerted effort towards staying updated on cyber-security policies and manuals along with regular training and awareness initiatives.
The threat is dynamic and is constantly evolving to bypass safeguards and security protocols adopted to thwart them. It is, therefore, prudent for corporates to display the same levels of urgency in scrutinising their defenses and take informed decisions to stay safe from lurking cyber security threats.
(The writer is managing director of Netrika Consulting)