As per data from Computer Emergency Response Team (CERT-In), the cyber attacks have risen by 300% during the Covid-19 period. This should not come as a surprise as most of us are using our personal gadgets a lot more than usual. However, it cannot be taken lightly as user data privacy is being compromised at a massive scale while giving rise to greater political issues. As per NITI Ayog, India has the third-largest internet user base in the world. Given this fact and cyber-attacks getting more and more advanced, cybersecurity platforms must step up their game.

Commenting on the rise in cyber-attacks across the last six months, Bala Venkatramani, co-founder and CEO, Securden, Inc notes, “When most activities and many people/functions embrace the digital mode and move online, naturally the scope for cybercrimes too increases exponentially. In early 2020, when the pandemic suddenly forced organizations, businesses, and institutions to adopt remote mode, the top priority was obviously on ensuring business continuity. Security, unfortunately, could occupy only the secondary priority.” The lack of prioritization of our online security has seen some grave consequences of late. This can also be gauged by the fact that India has less than one lakh cyber security experts in the country. With a population of 1.3 Billion, that is a dismal number.

Image source: NITI Ayog

Looking at the above graph, we can only imagine what a long and challenging road we have ahead of us. Hackers are constantly evolving their tactics and hence a reactive approach to cybersecurity is not enough. The non-state actors are using Advanced Persistent Threat (APT) to steal confidential data from high-level officials, security data systems of companies, and journalists, among others. Artificial Intelligence and Machine Learning techniques have the potential to prevent cyberattacks, and a lot of innovative solutions are being developed by AI-based cybersecurity start-ups. They are seizing the opportunity, tapping the potential, and solving the issues faced by organizations globally.

While this is positive it is needed that the focus now be on individual projects, in addition to the systems as a whole. A lot of IoT platforms do not have a human interface that can install the new software for protection. Adding insult to injury is the absence of universal standards for these modern technologies.

What is the government doing?

Keeping the existing challenges in mind, the government of India has already established the Cyber and Information Security Division under the Ministry of Home Affairs, in addition to a robust National Cyber Security Policy. Further, the Computer Emergency Response Team (CERT-In) is working to lower the cyber-attacks while organizing knowledge sessions against phishing attacks and spreading awareness among the public. We also have National Critical Information Data Centre, and initiatives like ‘Cyber Suraksha Bharat’, and Personal Data Protection Bill’. While laws and guidelines play a significant role, it has not been enough to deter the massive data leaks. Talking about the same, Venkatramani notes, “The government’s role can be broadly divided into three areas: framing broad guidelines, standards, best practices, and principles; creating awareness on the importance of adhering to the security principles, and; incentivizing businesses to invest considerably in cybersecurity.”

How do we protect ourselves?

Individuals and organizations generally tend to take security for granted and they realize its importance only after facing a serious breach or a loss. Organizations should be clearly able to understand the returns they would get on the investment made in cybersecurity. Awareness of the cost of a data breach, reputation loss, legal battles, and penalties should be clearly communicated. In addition, cybersecurity awareness, education, and training should happen at various levels. While promulgating regulations is important, voluntary adherence to security best practices could be achieved through proper incentives. For example, tax incentives could be offered on cybersecurity spending for businesses.

Prateek Sharma, COO, Securitybulls in conversation with BW says, “Organizations are more focused on security after shifting on work from home culture by utilizing VPN, system hardening, tightening the policies and so on but stils can't achieve a decent degree of security. Enormous amounts of information are in danger with the increase in use of third-party solutions, for example, employee monitoring tools, virtual communication platforms and so forth, as well as all employees have access to the sensitive information which rise the hacking/information theft incidents.” On the other end, pandemic came with an opportunity for start-ups like Securitybulls to deal with different issues and work on solutions such as Secure Access Administration Edge (SASE), zero trust framework, corporate training frameworks, vulnerability management platforms, ‘DevSecOps’ and so on.

What About Pegasus?

By now we have all heard about the immortal winged horse Pegasus and its modern connotation. The Phishing virus has evolved to zero click hacking system. While it has attacked notable ministers and journalists, somewhere we are all concerned about possible privacy issue threats these softwares pose to all of us.Talking specifically about the Pegasus leak, Karmesh Gupta, CEO, WiJungle notes, "At an individual level there is no way to secure oneself from Pegasus except keeping OS and mobile apps updated. In order to prevent oneself from ordinary spyware, he/she shall avoid clicking links sent in message and emails by an unknown sender. Similarly, the internet calls from unknown senders shall be refrained. Second, if one is a victim then the only way to get free from it is to delete all apps and discard using that device."

Looking at Gupta’s reply, it is easy to conclude the long and exhausting battle cyber security experts and startups have ahead of them. While the security solutions need to become advanced by the hour, it is also imperative that companies, as well as individuals, keep an eye out for potential threats. The vulnerabilities need to be fixed by OS and mobile apps developers to prevent invasion of sophisticated and zero-click spyware. However, with unknown threats Sandboxing and Heuristics, we are slowly arriving at an each man for himself, a war-like situation.

Are Start-ups The Solution To Cyber Threats?