Industries need to embrace the National Cyber Security policy, elucidates, Matt Loeb, Global CEO, ISACA. In an exclusive interaction with EC’s Ankush Kumar, Loeb suggested for a more significant financial investment required to skill and scale up the capabilities of an evolving professional workforce to combat cyber security threats. He also advised that there is a dire need to enforce the cyber regulations by the government.
Excerpts:
How do you assess the Cyber Security regulations in India? How do you think it can be further improved?
India’s National Cyber Security Policy has resulted in an aspirational framework to govern cyber security with an emphasis on protecting data and systems while also encouraging the development of early warning notifications, more resilient ICT systems and new products that have had security designed into them. This is attempting to drive increased investments in processes, technology and, most importantly, human resources that will provide the environment necessary to meet the challenges of a rapidly growing surface for attacks and threat landscape. While this is an admirable effort, there is still a ways to go both in the enabling and the enforcement of the policy. Industries need to embrace the National Cyber Security policy. More significant financial investments are required to skill and scale up the capabilities of an evolving professional workforce that is in high demand. Perhaps, most importantly, government needs to enforce the regulations.
What kind of global threats are looming on developing countries like India?
India is one of the fastest-growing economies in the world, and countries such as India are at the forefront of the adoption of new technology, tools and technology-enabled services. With the country’s citizens increasingly moving online for mobile commerce and e-government services, the rate of adoption is outstripping the speed at which cyber threats are understood and actions are taken. As a result, the country has seen increasing incidents of cyber attacks, including phishing attacks and ATM frauds. A PwC study indicated a 117 percent increase in cyber security incidents in India between July 2014 through June 2015, compared to an average global increase of 39 percent. The same report also pointed that as a result of incidents of cyber security losses also surged by 135 percent over the previous year in India. It is critical for all countries to ensure their cyber infrastructure keeps pace, to avoid a systemic impact following an attack.
Do you think most of these cyber threats are originating from specific groups or geography? If such is the case then how can it be tackled effectively?
While recent studies point to China, the US, Saudi Arabia and Germany as countries where the most cyber attacks originate, it’s important to recognize that there are attackers in all countries and geographies. And to make things even more complex, even when the attackers can be tracked down, insufficient laws and treaties make prosecution exceedingly difficult.
With such increasing vulnerabilities, what do you think should be the Indian Government’s strategy?
The Indian government has made significant progress in creating awareness for regulators, industry, academia and non-profit organizations to work together on around the world, driving cyber security awareness. With this progress noted, India must now turn its focus toward capacity building for cyber security capabilities. An approach that utilizes on-site skills-building is essential.
Why are we seeing growing incidents of increased data leakages and newer cyber attacks especially on Government/ Public departments? How do they combat against them?
Governments are a rich source of critical systems and data that results in their frequently finding themselves to be the target of cyber attacks. A combined approach of effective technology and a skilled workforce will go a long way to protecting their most important digital assets and defending against threats.
How are authorities in developed nations investing in cyber security solutions? Do you think India’s is lacking behind other countries?
Authorities are investing in people and training for cyber security solutions. Advanced tools and capabilities are insufficient if the people operating and implementing them do not have the necessary capabilities. Building those capabilities is critical, and ISACA developed its Cyber Security Nexus (CSX) and the CSX skills-based certifications to help companies develop their cyber workforces.
What challenges does a nation face while taking action against a cyber crime that originates from other countries?
As referenced previously, when a cyber crime is committed, there are many techniques to track down the criminals, and finding them is often successful. However, the real challenges begins with insufficient laws and treaties in place, thereby making prosecution for violations exceedingly difficult.
What are the sectors that are facing regular attacks and why?
No sector is safe from attacks today. Even the smallest organizations are discovering that they are used as either unwitting access points into larger corporations, or as part of a zombie-bot army leveraged to attack commercial and governmental entities. Larger organizations are constantly bombarded by nefarious organizations attempting to gain a foothold for personally identifiable information (PII), intellectual property theft, or financial gains. The bigger picture, however, is to worry about attacks on critical infrastructure such as energy, health care and military systems where breaches and attacks can take the ultimate toll—loss of human life.