Law enforcement Technology,Law enforcement Agency,Policing Technology,Smart Policing India,Homeland Security India,Border Security India,Border Management India,Cyber Crime news,Cyber Security news,Safety App,Public Safety App,Security App,Women Safety App,Police Initiative,Surveillance news,National Security news,isc event 2016,isc event 2017,scada event 2016,scada event 2017,Critical infrastructure security event 2016,Critical infrastructure security event 2017,iot summit 2016,iot summit 2017,Internet of things seminar 2016,Internet of things seminar 2017,iot seminar delhi 2016,iot seminar delhi 2017,iot conference delhi 2016,iot conference delhi 2017,top security event,security event,security event 2016,security event 2017,security conference 2016,security conference 2017,cso summit 2016,cso summit 2017,Corporate security event,Corporate security conference,security research india,homeland security research india,security think tank india
The Government has been focused on economic growth, as reflected in the various initiatives it has announced. The demonetisation move led to a massive reduction in the availability of physical currency. This shortage of cash forced people to migrate to online transactions even for their smallest needs or purchases.
However, this sudden uptake of online transactions has exposed the existing security gaps in the system which make organisations as well as customers vulnerable to cyber attacks at this critical time.
The existing security gaps are ready ground for cyber-criminals to exploit. There are various ways of doing this — by introducing a malicious bug into the system that can skim through privileged information, by introducing rogue applications to lure customers into downloading them, by intensifying hacking attempts and phishing attacks, and so on.
Given the masses who are innocent of the world of technology, it is a field day for cyber criminals. In short, an attack seems imminent. In the absence of a proper understanding of the security infrastructure and the right policies and assets to protect businesses, organisations are at a risk. India’s premier security agency, CERT, has already cautioned bankers and customers to adopt high-end security encryption.
Consider this: According to research on strategic national measures to combat cybercrime, mobile frauds are expected to grow by to about 65 per cent in India by 2017; about 46 per cent complaints of online banking are related to credit or debit card fraud. It should be a matter of grave concern not just for the Government but also for banks and end consumers.
Often, security is seen as just another layer to transact hassle-free but it is imperative that security becomes embedded by design rather than as a bolted add-on for payment gateways. The data security infrastructure along with customer-redress mechanisms will have to be well thought of and the purview of IT laws for cybercrimes will have to be expanded to include mobile-wallet payment systems. E-wallet firms will need to invest in the latest technologies to safeguard their gateways against cyber attacks which are quite sophisticated and advanced.
While we gear up to tackle the upcoming security issues in the country, it is imperative that organisations develop a comprehensive “business-driven” security model that fully integrates with the security requirements keeping in mind the overall business goals and objectives of the company. Such a model will help organisations chose their security investments to create the best possible balance between customers’ ease of use and cyber security
Policies and laws
Another area of concern for the Government should be to implement the right policies and cyber laws that make online transactions a safer choice for customers. We already have strong cyber security guidelines in place but they are not followed stringently, leading to a ‘gap of grief’. The Government is mulling over the almost 15-year-old Information Technology (IT) Act to further strengthen cyber security infrastructure, following demonetisation. The Reserve Bank of India has also recently sent out a cyber security framework to be followed by banks, covering best practices. To help the Government achieve its goal of Digital India, the RBI has ordered all prepaid payment instrument (PPI) issuers, which includes all RBI-authorised banks and NBFCs, to get a special audit done of their systems by auditors of CERT-In on priority and comply with the audit report recommendations immediately.
CISOs (chief information security officers) along with the board of directors now need to take tough decisions to address the business impact of a cyber-attack. Cyber security is no more an IT problem, it is a business problem and needs to be tackled accordingly. The uptake in devices, various operating systems and the constant need for the devices to communicate with one another without the need for a gateway introduces unique challenges in the cyber security space making it complex to log every aspect of communication/transaction.
It is evident that the threat landscape is evolving continuously and the complex layers make cyber security a challenge. The Government’s push for stronger cyber security infrastructure is a welcome move, although we still have a long way to go. The illusion of protection from cyber attacks is a thing of past, no one is secure. How we minimise the impact with continuous monitoring, early detection and quick response is the key in the world of digital economy. An attack is imminent. It is now up to the organisations to prioritise their cyber security needs and act on it.
The writer is Managing Director — India and Saarc, RSA
SOURCE: Business Line
Copyright © 2016 Crux Center For Security Research And Events (CCSRE) | All Right Reserved