VAR Panchayat

India's Cyber Security Framework

by VARINDIA 2017-03-20

One needs to focus on all verticals – be it securing FinTech companies, smart city and IoT devices and also working on cyber laws

The discussion on cybersecurity couldn’t have assumed more significance than the post-demonetization phase. With the entire country rallying behind the Prime Minister’s drive to abolish black money and corruption by wholeheartedly endorsing the demonetization measure, it has been a field day for digital payment gateways, banks and other digital wallet players like Paytm.

But is the country’s security infrastructure robust enough for India to jump on the all-digital-banking bandwagon? This will be top of the government’s agenda. If the recent cybersecurity breach at top banks like the State Bank of India and Indian Overseas Bank is any indication, then the more digital we go, the more vulnerable our systems will get. This is especially so as users adopt mobile banking.

Securing FinTech Companies

FinTech companies are benefiting from several pioneering and paradigm-shift financial technology breakthroughs, including the mobileonly stock trading app Robinhood that comes fee-free for trades and peer-topeer lending sites like Lending Club that promise to offer competitive rate loans. Emerging technologies that seek to capture a significant share of the pie include mobile banking, mobile trading on commodities exchanges, digital wallets (like Apple (AAPL) and Google's (GOOG)), financial advisory and robo-advisor sites like LearnVest, and all-in-one money management tools like Mint.

In an age where digital is seen as the norm, it is easy to lose sight of the inherent loopholes that can be exploited. And FinTech companies are no exception. The threats are diverse from data, to security, to identity and risk, and to their implications in the digital finance age. And this threat is compounded by the fact that different companies have different needs to cater to, multiplying the probability of data compromise.

Securing Smart Cities and IoT Devices

No matter how grand and how complex the digital concept gets, the underlying data security threats to such revolutionary technologies remain fundamental. The fact that myriad small-scale technologies come together to power the concept of smart cities is a strong recipe for hackers to exploit. And the security of smart city components is not receiving their due share of focus either. The hacking of Dallas road signs, and of a giant video billboard for playing porn in Indonesia, are clear examples of such a scenario.

The underlying problem is neither no encryption nor robust encryption in place, but bad key management. Products ship with private keys that are shared across devices. The attacker needs only get inside one device to then compromise all devices. And updates to embedded systems and IoT solutions are not being signed, giving rise to the probability of MIM attacks.

The key to the solution for all these problems is to secure data at the most fundamental levels. This is where encryption assumes much significance in overcoming underlying vulnerabilities in more sophisticated devices.

Creating One Million Cyber Security Experts

An ever-growing number of cyber-attacks and effort to secure data have been behind NASSCOM’s initiative toward creating one million

cybersecurity experts and 1,000 cyber start-ups by 2025. It estimates that the Indian IT sector will likely reach the $350-billion mark by 2025. Ten per cent of it will come from cybersecurity.

In addition to boosting the country’s GDP, the move will likely create a million jobs and engender 1,000 start-ups. Such a digital landscape is both a boon and a ban – a boon because consumers’ lives are getting much simpler and a ban because the attack vector is going to increase several notches.

To mitigate the risks of data breaches and data compromise, companies need to take evasive and pre-emptive steps. They can do this by encrypting their data end to end with robust key management.

Strengthening Data Protection and Cyber Security Laws

As “prevention is better than cure”, so is proactively protecting data than taking a fire fighting approach once the damage is done. Unfortunately, not many companies seem to share this philosophy. These companies consider it more prudent to face litigation following a data breach than investing in securing data.

A stronger, simpler and clearer data protection framework will enable companies to unleash their potential. Economic growth, innovation and job creation will then become inevitable. Customers can remain assured, knowing their valuable personal data will be managed with care and diligence.