Humans constitute the weak link in cyber security chain: Netrika Consulting MD Sanjay Kaushik
With technology dominating the different sectors, there is gradual rise in number of cases of cyber breach, data theft and espionage. More often than not, humans constitute the weak link in the cyber security chain, along with investments in systems and equipments it is vital that organisation also invest in raising awareness on the pitfalls and precautions that we all can adopt.
In an interview with Mohd Ujaley, Sanjay Kaushik, Managing Director, Netrika Consulting said, “India has one of the highest incidence of cyber-attacks in the world second only to the USA. As hackers step up their game and leverage technologies such as artificial intelligence and automation in their arsenal, our response must also step up to meet the challenge.”
How do you see the latest incidents of data breaches reported by Indian companies like Wipro, Just Dial and others? What is the way out for companies as well as individuals in such cases?
These reported incidents once again highlight the fact that the cyber space is an inherently unsafe place. Incidentally, India has one of the highest incidence of cyber-attacks in the world second only to the USA. As hackers step up their game and leverage technologies such as artificial intelligence and automation in their arsenal, our response must also step up to meet the challenge.
We must remember that we are constantly under attack and must take all precautions when online. More often than not, humans constitute the weak link in the cyber security chain, along with investments in systems and equipments it is vital that we also invest in raising awareness on the pitfalls and precautions that we all can adopt.
Do you think Indian companies are behind in spending enough on the issue of data security and protecting information about their clients as well as individuals?
Our survey on Cyber Security Preparedness last year found massive gaps when it comes to corporate spending on cyber security. 65% of participating organisations lack a dedicated IT department to manage network security and 49% of respondents spend less than 10% of their IT budget on cyber security.
Data Security is a big problem in India and the way we see it, it is only going to grow. In 2016, around 3.2 million debit cards were compromised: from State Bank of India, HDFC Bank, ICICI Bank, YES Bank, and Axis Bank. Just sometime back, cyber-criminals hacked the systems of Pune-based Cooperative Bank Ltd. and siphoned off a whopping Rs 944.2 million. The criminals stole the money and transferred it to foreign and domestic bank accounts across 28 countries over the weekend.
Such incidents spread a lot of fear especially among individuals while conducting their day to lives online – be it banking or even shopping. How do you think companies can assuage their fears? Also, what is the advice for individuals?
Our fear surge when such incidents gets reported which is an expected and rational reaction, however fear in itself is hardly the solution to anything. We must let our fear lead us on the path to greater awareness so that we can be more vigilant in our actions when going online.
As an individual, we must stay informed and pay heed to the various warnings, precautions and safety tips issued from time to time by banks, credit card providers, industry experts and other such agencies.
There is a big myth that cyber-attack can only happen with large companies and the solutions are very expensive, smaller companies or individuals are not required to worry about it, in today’s world it can happen to anyone and everyone. There are solutions available even for small companies with only 5 -10 systems at very reasonable price points.
Do you think such data breach incidents in India takes away the case for data localisation. Do you think foreign companies follow better protocols?
Data breach and other such cyber-attacks are not limited to India alone. In fact some of the biggest breaches have happen with the world’s biggest and purportedly safest companies that are based in the United States and Europe amongst others. The case for data localisation has more to do with easier access and jurisdictional issues.
Foreign companies does not necessarily always follow better protocols when it comes to data storage and access etc. Also with data localisation, local government enjoys jurisdiction and drafting protective laws and policies governing the same becomes their prerogative. However, unless India has a data protection law and demonstrates robust enforcement of that law, it’s difficult to see how storing user data in India would be useful.