India lags in cyber-security preparedness
The Centre’s impetus to digital payments after demonetisation, announced on November 8, has propelled several sectors to increase their focus on cyber-security, which several industry experts believe should have been in place well before time considering the growing proliferation of internet services in various sections of the economy.
This is highlighted by the fact that out of the 27 cyber risk advisories issued by the Indian Computer Emergency Response Team (CERT-In), 9 pertained to modes of digital payments such as mobile banking, electronic wallets, micro-ATMs and Unified Payments Interface.
- CERT-In’s advisories are issued to inform users about the possible risks and precautions needed to be taken while using any of the tools.
- Asia-Pacific region generally is behind Europe and North America in having basic cyber security framework and laws in place, but the entire world is struggling with some of these issues.
- India is a little behind some of the other countries at a global level in terms of cyber-security preparedness. It is also a little bit behind countries like Japan and Australia perhaps, in part because Japan and Australia have taken more efforts to identify what is working, with the private sector, to bolster cyber-security.
- During the past year, 70 per cent of organisations were compromised in some way or the other by a successful cyber attack, other the other hand, nearly one-third of organisations do not have a written information security policy.
- The recently published Global Information Security Survey 2016-17 by consultancy firm EY highlighted the fact that cyber risks do not get appropriate top management attention at business organisations.
- Cyber resilience is a critical boardroom imperative. The likelihood of operational, financial and reputational damage is growing as criminals exploit organisations’ enhanced attack surface as a result of their online presence, automated operations, and use of social media, mobile devices and cloud devices.
- The EY survey also shows that 38 per cent of its respondents, which include IT executives, managers, of large and globally recognised organisations as well as key government entities, have said that boards of their organisations are not “fully knowledgeable” about cyber risks.
- According to the survey, more than half of the respondents do not have a formal, threat intelligence programme, while 44 per cent do not have capabilities to identify vulnerabilities.