The graph above was created using Google Trends. It shows interest in cybersecurity from a news standpoint over the course of a year, viz. how often people searched for the term 'cybersecurity'. Evidently, the baseline has elevated. Suffice to say, with or without this graph, cybersecurity is on all our minds.
Clearly, cybersecurity has become increasingly popular over the past year. The next step is deciphering what this popularity means. Little can be achieved through further dissection of the debit card hack of 2016, in which a hack hit major Indian banks, compromising 3.2 million debit cards, in one of the biggest ever financial data breaches in India. It, however, does gives rise to a point worth deliberating - that of 'collaboration'.
A popular phrase is, "hindsight is 20/20", and the loopholes that led to the debit card hack now seem preventable. What would be worth ascertaining is if collaboration could have solved the problem? And what kind of collaboration - between individual corporates and governments? Should it be between government agencies? Should businesses collaborate? Should governments be the only ones who collaborate with businesses? What is an acceptable way out in a competitive global business environment?
It's important to first understand what cybersecurity entails. The Information Systems Audit and Control Association, ISACA, goes a step ahead - to understand the term cybersecurity, we must first define the term cyber-risk. Cyber-risk is not one specific risk. It is a group of risks, which differ in technology, attack vectors, means, etc. Cybersecurity is the sum of efforts invested in addressing cyber-risk.
The risk aspect that ISACA stresses on is crucial and worth the time to break down. The Internet is a medium we all transact, collaborate, and connect on. A report titled 'Internet in India 2016' by the Internet and Mobile Association of India (IAMAI) jointly published by the IMRB, mentions that the number of internet users in India is expected to reach between 450-465 million by June 2017. It adds that the country had 432 million mobile internet users in December 2016, of which 269 million, or 62.3 per cent were from urban India and 163 million, or 37.7 per cent were from the rural India. And a report by the Boston Consulting Group (BCG) and IAMAI found that India's internet economy will grow to $200 billion by 2020 and will contribute 5 per cent to the gross domestic product (GDP) of the country. Given the number of users and amount of users and sheer monetary value the medium generates, it's important to understand that ensuring the security of the medium determines how much users will transact over it.
The Internet is a set of interconnected networks allowing users to connect with each other across the globe. Therein lies the crux of the matter - cybersecurity can't be a measure developed in isolation when you're examining how to defend threats that appear over a global network. What does that imply? A hack bringing a server down in Japan can affect a user sitting in South Africa. Localizing the problem - India's internet hub in Mumbai faced a DDoS (Distributed Denial of Service) attack in 2016. This slowed down connectivity for users across the country. When problems aren't isolated, neither should the approach we take to handling and developing effective cybersecurity measures.
Japan's Information Security Policy Council has a paper on International Strategy on Cybersecurity Cooperation which lays out region specific initiatives the country has. Another body is the European Union Agency for Network and Information Security which is a center of network and information security expertise for the EU, its member states, the private sector and Europe's citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. Another very good example comes from Canada. The Cyber Security Cooperation Program (CSCP) is a five-year $1.5M initiative developed to improve the security of Canada's vital cyber systems by working with owners and operators, industrial and trade associations, academics and research organizations.
The government organizations above look at involving private organizations in arriving at and implementing good frameworks for cybersecurity. It's a prudent step given the context we set - cybersecurity isn't an issue to be addressed in isolation. India has also taken several impressive strides here - be it collaborating with the US-CERT (Computer Emergency Response Team) or setting up CERT-Fin; a Computer Emergency Response Team for the Financial Sector. What'll bolster these initiatives is when organizations coalesce and work in conjunction with the government to take on challenges that affect all of us, not just organizations in isolation. The Debit Card Hack proved that cybersecurity is a problem that doesn't affect individual businesses and their customers, but the industry as a whole. The wiser course of action would be to come together in establishing frameworks, best practices, procedures, possible Emergency Response Teams, and research groups that make consumers more confident in the organizations they conduct business with.
(The writer is - Regional Director, Web Division, Akamai Technologies, India)