India spends miniscule amount on cyber security: ASSOCHAM-PwC study

Despite the growing threat, India's budgetary allocation towards cyber security was about Rs 42.2 crore in 2012-13, up 19 per cent from Rs 35.45 crore in 2010-11 whereas US spend $658 million through department of homeland security and $93 million through US-CERT in 2013, according to the joint study brought out by ASSOCHAM and PwC.

A joint study undertaken by PwC and ASSOCHAM reveals that the attacks on Indian websites have increased nearly five times in the past four years. With the rise of technology in the financial infrastructure ecosystem came a greater flow of funds.

In coming years, private companies will matter greatly in India's critical infrastructure as they control more and more assets in telecom, transport, energy, and banking and finance.

Demonetisation has given an impetus to e-wallet services. Mobile wallets have witnessed a massive rise in app downloads. The result has been that leading mobile wallets have witnessed growth of upwards of 100% in app download numbers and have similarly seen an increase of upwards of 400% increase in wallet recharges, noted the joint study.

Globally, most countries are facing a shortage of professionals with the expertise, training and motivation needed to deal with cybercriminals, and India is no exception. What we urgently need is serious effort in capacity building and setting up high-end cyber labs that are capable of critically inspecting every IT component before these are deployed in critical infrastructure across industry sectors. There is an ever-growing threat to the economy, financial sector, key government departments and infrastructure set-up, which in turn leaves internal security at risk, said Mr. D S Rawat, Secretary General ASSOCHAM.

Moreover, cyberthreats will only rise as India is seeing a shift towards a cashless economy. The types of cyber security incidents such as phishing, scanning, website intrusions and defacements, virus code and denial of service attacks will continue to grow, adds the study.

The number of incidents occurring in banking systems has increased in the last five years. In the month of October 2016, an ATM card hack hit Indian banks, affecting around 3.2 million debit cards. Hence, efforts are needed to enhance cyber security as businesses and citizens embrace this new digital wave.

Securing the hyper-interfaced environment, each ecosystem player will need to create multiple application programing interfaces (APIs). While this will deliver a seamless experience to customer, there is also a risk of malware injection through such APIs. With faster proliferation of interfaces, protecting APIs will become critical to ensure malware and persistent threats do not propagate through such untrusted/ untested APIs.

Any threat that impacts such a user can potentially proliferate and bring the entire financial services ecosystem to a standstill. As the ecosystem continues to be interconnected and overlapping, cybercriminals will try to exploit possible lapses and, hence, strategies need to be built to deal with such eventualities. Given this interdependence on the all the players of the financial ecosystem, it becomes crucial to identify any anomaly at a pace which mirrors real time or near real time. Once an anomaly is identified, containing it is of paramount importance before it spreads and crosses a point where the damages have transcended organisational boundaries and services.

Stakeholders, including third-party vendors, who are responsible for managing the networks and infrastructure have limited understanding with respect to security risks and vulnerabilities associated with OT and CT systems.

While IT systems are monitored heavily for security purposes, monitoring of OT and CT systems is limited to process efficiency and performance. Hence, logs and events are not collected and correlated.

Specific crisis management or incident response for OT and CT systems is different from that for traditional It system. Security plans specific to OT and CT are missing, thus increasing the potential impact of the incident.

ASSOCHAM paper said that by identifying cyber security flaws and issues, decision makers will be better placed to implement appropriate security controls, design additional secure architectures, monitor targeted attacks and maintain effective cyber resilience for their IT, OT and CT networks.

Powered by Capital Market - Live News