The upward trend of security breaches, malware and hacking cases every year is irrefutable. Worldwide cybersecurity spending is expected to reach $75.4 billion by the end of 2015, with the increase in spending being driven by high impact nature of advanced targeted attacks.
By Kartik Shahani
The upward trend of security breaches, malware and hacking cases every year is irrefutable. Worldwide cybersecurity spending is expected to reach $75.4 billion by the end of 2015, with the increase in spending being driven by high impact nature of advanced targeted attacks. Advancements in technology have led the world to expand faster than we can keep up with and threats have been getting increasingly sophisticated. The technology we’re charged to protect has accelerated our society to heights we never could have imagined even a few decades ago. The information age has been heralded by systems with incredible computational capability, data stores vaster than human comprehension, and a speed of communications that boggles the mind.
The complex web of interconnected devices is continually opening up gateways to information, and countless access channels makes for increased difficulty in keeping watch over the safety of such online data. With the paradigms of the cybersecurity landscape evolving so rapidly and threats only getting more immense and imminent, RSA’s Cybersecurity Poverty Index (CPI) found that 75 per cent of organisations globally are facing significant cyber security risk and only a quarter of these organisations feel that they have the necessary advanced security strategies in place.
India is one of APJ’s larger economies that presently relies on rudimentary cyber capabilities.In recent years, high profile cases such as the hacking of Indian Army personnel’s database; the hacking of the Kerela Govt. website, where the hackers posted a picture of a burning Indian flag and messages like “Hacked By Faisal 1337” and “We Are Team of Pakistani Cyber Attacker, Security is just an illusion”; and several phishing attacks on private and public Indian banks. Simple oversights like the use of unlicensed software, not having an updated anti-virus solutions on endpoints, lacking some form of authentication for users, etc., opens many loopholes for malicious exploitation to occur.
Major rework in the foundations of cybersecurity strategies is needed to properly detect and respond to these new, persistent threats. To better analyse to the situation at hand, we need to first understand the status of each vertical industry. According to a recent APJ survey sponsored by DomainTools, majority of large companies experienced breaches within the first half of 2015 and almost a quarter of these firms do not even know how their attackers got in.
To delve into the deeper aspects of cybersecurity, over 400 security professionals across 61 countries were polled to assess the ability of organisations to identify, protect, detect, respond and recover by analysing their levels of perceived cybersecurity maturity and risk exposure. The data compiled showed that the highest reported maturity levels were in ‘Protection’ and the lowest were in ‘Identification’.
Only 5 per cent of observed companies were found to have well-positioned security programmes in place capable of effectively defending IT assets against advanced threats; and critical infrastructure industries were found to be the most at-risk, with 50 to 80 per cent of government, finance service and telecommunications organisations facing significant risk exposure. Should there be any prolific breaches in terms of those vertical industries, such as politically motivated threats, attacks on payment systems or the leaking of confidential customer information, countries would be severely impacted economically and socially. Still, organizations overemphasise protection and prevention over detection and response, despite the fact that the former alone is essentially incapable of fighting the cyber threats of today.
The cybersecurity landscape is fast becoming a volatile and a dangerous zone; but the good news is that it is possible to put up a good fight with a change of mindset and the realignment of security strategies to properly mitigate these cyber risks and fight cyber enemies before they even pose a threat. The technologies and software available currently are capable of delivering true visibility and threat intelligence to effectively manage digital and business risk.
Thus, it is critical for organisations to invest in technologies which proactively identify and respond to threats, instead of relying so predominantly on protection and prevention. The government and private sector should collaborate at the national level with initiatives and efforts that can provide both cyber resilience capacities and best practices across sectors. The Indian government released the National Cyber Security Policy in 2015, taking into consideration the latest cyber space threats. This policy provides a strong vision to secure the critical infrastructure of the country. It also intends to circumvent any resultant economic instability arising due to cyber attacks. Soon after it also unveiled the national critical information infrastructure protection centre, the National Technical Research Organisation (NTRO), as the country’s elite technical intelligence agency. This is only the beginning as India looks to develop a strong cybersecurity infrastructure.
The truth is that no single actor can develop effective strategic solutions to cybersecurity challenges alone, attackers will always probe for weaknesses, and the purview of cybersecurity will always be shifting and redrawn. What is required now is for organisations to simply reorient the way they view cybersecurity and actively fight with the right weapons to maintain a stronghold in their sphere of control.
The author is Sr. Regional Director – RSA – India & SAARC