THE transformative potential of the digital economy to improve lives in India is seemingly limitless at this time. The amalgamation of smartphone proliferation and rapidly increasing data usage is generating a significant quantum of unguarded and uncontrolled personal data. Technology is also opening vulnerabilities to harms, as a data economy, reams of personally identifiable information (PII) are collected, stored, and shared. The Covid-19 outbreak has further added the data concerns on the economies worldwide. Not only the sudden shift to the work-from-home model is raising privacy concerns and security issues but also emphasising the key challenges being faced related to data protection and compliance with regulations.
In response, data regulation in India is evolving rapidly, and data protection, inclusion, and privacy have become major public policy concerns. The increasing number of cyber-attacks and data breaches in the past few months have proven that organisations across the sectors are vulnerable and need to act soon. India itself has recorded the highest number of data breaches along with the US and the Middle East. Clearly, India needs to take data privacy seriously and step up its cybersecurity measures.
Rapid Digitisation – Rapid cyberattacks on the rise:
Newer technology adoption and automation by enterprises or authorities also mean opening up to cyberwarfare. It calls for upgrading your workforce for cyber resiliency. With Covid19 a large volume of any workforce is already working from home, with unmanaged laptops, routers, and printers. Hackers can easily manipulate the VPNs where data can be stolen and weaponised against the companies. The current situation clearly underlines the need for endpoint security in business processes to mitigate the risks.
Other than this, India currently stands at the second position, for growing internet users, with consistent digital and data growth, which makes it essential to be equipped with stringent cybersecurity and data privacy guidelines. Any data breach or attack shall cause long term reputation damage as well as the loss of competitive advantage with financial loss, some of the essential points to be considered.
Cost of data breaches and leaks:
What’s essential for businesses is to understand the risks and costs that shall be at stake. Generally, the root cause of malicious attacks is an outsider, but organisations need to be vigilant for insider threats too, that can cause data leaks or theft. Currently, in India, BFSI, Healthcare, and Pharma have been the most vulnerable. With the emergence of new-age technologies – IoT, ML, and AI, the sectors are further introduced to several threats with the need for active security and monitoring. India’s digital economy is expected to grow to 20 per cent by 2024, which means the volume of data shall grow at an unprecedented level. The rising sensitive data like credit card numbers, PII, data stored on the cloud, etc with several connected devices, creates the need for a strong data security policy in place.
The 2020 Cost of Insider Threats Global Report from Ponemon Institute reveals a worrying trend in the rise of insider threats both in terms of overall cost and number of incidents. According to the study, the number of cybersecurity incidents caused by insiders increased by 47 per cent since 2018. At the same time, the cost of these incidents has surged 31 per cent, from $8.76 million in 2018 to $11.45 million in 2020.
The coronavirus pandemic has set the remote work revolution on a fast track, and many companies have been forced to shift to work from home policies and enabling remote staff overnight. Implementing robust technical controls are also an essential step in mitigating insider threats. To efficiently protect all assets, companies shouldn’t rely on a single solution. For a successful insider threat detection strategy, it is advised to combine several security tools that increase visibility and keep track of employee actions. These tools include User Activity Monitoring (UAM), Secure Information and Event Management Systems (SIEM), User Behavior Analytics (UBA) software, and last but not least Data Loss Prevention (DLP) solutions.
Cybersecurity threats are growing and have gone sophisticated with changing times. Regulatory framework and tightening the guidelines is the need of the hour. In India, the draft of the Data Privacy Bill was submitted to the Government in 2018, and with this India moved one step closer to its first Data Protection law. The bill has designed the framework for both Individual data privacy and businesses. The Data Privacy Bill is yet to be passed in the parliament. In hindsight, regulatory development is the necessary step with growing digital footprints and also sensitive data in the online world.
–By Filip Cotfas, Channel Manager, Cososys