Cybersecurity Challenges in India – INSIGHTSIAS | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

GS Paper 3

 Syllabus: Challenges to Internal Security, Basics of Cyber Security

 

Source: DSCI

 Context: The DSCI released a study called ‘Bridging the Gap: Identifying Challenges in Cybersecurity Skilling and Bridging the Divide.’

 

Data Security Council of India (DSCI):

• It is a not-for-profit, industry body on data protection setup by NASSCOM in 2008.
• It is committed to making cyberspace safe, secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy.

 

The cybersecurity landscape in India:

• Cybersecurity refers to every aspect of protecting an organisation and its employees and assets against cyber threats.
• India, as a nation undergoing rapid digitisation across various sectors, is not immune to the increasing number and severity of cyber threats.
• To address these challenges, stakeholders in the ecosystem have implemented several initiatives to promote Cybersecurity in the country.
• These include –
  • The Indian Computer Emergency Response Team (CERT-In), set up by the Government of India, to provide guidance and support in the event of cyber incidents;
  • Programs like Cyber Shikshaa, implemented by Microsoft and DSCI, to skilled professionals in the Cybersecurity domain and to generate awareness among people.
• Though the cybersecurity industry has gained significant importance and is expected to grow rapidly in India, there is still a deficit of skilled workforce to cater to the demands of the sector.

About the study: It aims to

• Analyse the demand and supply of skilled cybersecurity professionals in India,
• Identify technical and social factors contributing to the shortage of skilled professionals, and
• Explore solutions to address these gaps through CSR and a multi-stakeholder approach.

  

Findings of the study:

 

 

The top three attacks:

• That are expected to see substantial rise in the near future are phishing, smishing, and vishing attacks, followed by ransomware attacks and zero-day exploits.
• Phishing scams trick users into divulging sensitive data, downloading malware, and exposing themselves or their organisations to cybercrime.
• Smishing often involves sending bogus text messages – have a sense of urgency and request the recipient click on a link or reply with personal information.
• Vishing (voice or VoIP phishing) uses voice and telephony technologies to trick targeted individuals into revealing sensitive data to unauthorised entities.
• Zero-day attacks take place when hackers exploit the flaw before developers have a chance to address it.

 

Three major trends: That will catalyse the demand for Cybersecurity are –

• Use of AI, ML and IoT by hackers resulting in increasing Cybersecurity attacks,
• Growing regulatory liabilities and
• Excessive usage of digital platforms resulting in exchange of large amounts of data.

 

Cybersecurity professionals:

• Cybersecurity Risk Analyst, Cybersecurity Analyst, and Penetration Tester are the most prevalent job roles at present.
• They constitute less than 5% of their company’s overall workforce.
• 43% of corporations have women participation between 21%-40% of the overall Cybersecurity workforce.

 

Recommendations:

• Need for organisations to perform risk assessments at regular intervals and have robust security measures.
• There is a need for –
  • Multi-stakeholder collaboration to map industry-relevant skills, and design and deliver skilling programs as per industry standards.
  • Training providers/NGOs to promote the inclusion of diverse groups and formulate strong inclusive programs that can specifically cater for the needs of PwDs.
• Corporates can play a pivotal role [through their Corporate Social Responsibility (CSR)] by incorporating and sponsoring Cybersecurity certification (addressing the certification gaps) as a part of their skilling initiatives.

 

Insta Links:

Cybersecurity in India

 

Mains Links:

Keeping in view India’s internal security, analyse the impact of cross-border cyber-attacks. Also, discuss defensive measures against these sophisticated attacks. (UPSC 2021)