The cyber criminals are succeeding because they have developed tremendous collaboration with each other—they share tools, expertise and information around the world.
With increase in the quantity and value of electronic information that lubricates our system of government and economy, there has been a dramatic escalation in the efforts of the malicious actors in launching sophisticated cyber attacks. More and more attacks are coming to fruition, producing a steady stream of high-profile, sophisticated breaches. A growing array of state and non-state actors are compromising, stealing, changing, destroying information, and causing critical disruptions to our system of government and economy.
In future, the cyber attacks are likely to increase in frequency and ferocity. Yet when it comes to cyber-preparedness, India is not in the best position. It is a challenge to get all users in the government and the private sector, even the sophisticated ones, to become aware of the threats and do all that is needed for improving security on an ongoing basis. Technical and public policy measures have to be put in place to create incentives for the major stakeholders in the Internet economy to invest in security.
Cyber criminals succeed because they have developed tremendous collaboration with each other—they share tools, expertise and information around the world. In face of such complex criminal rings, the traditional systems of protection—antivirus, firewall, secure logging systems—may not work. It is important to deploy advanced network and analytics based security tools for identifying and preventing unknown attacks, or those that use advanced malware. There has to be the capability of detecting minor and major anomalies, and responding quickly in case a security incident is detected.
Among the good guys there is talk of better collaboration for improving security, but not enough is being done to achieve the objective. The IT teams in most companies and even the security agencies in the government rely on unverified threat data. They lack the credible information to recognise the critical incidents, which can indicate the trend for future attacks. It is important to breakup of the silos and ensure that there is real-time collaboration between the private companies and the government’s cyber security agencies.
Also, there is serious shortage of cyber security specialists in the government and the private sector. Recruiting cyber experts and plugging them into the right slots is a key challenge that we face. We can’t win the battle for securing the cyber space when the good guys lack real-time information and sophisticated technology, and are outnumbered.