’According to the Computer Emergency Response (CERT-IN) Team data, India witnessed a three-fold increase in cybersecurity-related incidents in 2020 compared to 2019, recording 1.16 million breaches. Cyber-attacks have been rated the fifth top rated risk in 2020 and have become the new norm across public and private sectors. This risky industry continues to grow in 2022 as IoT cyber-attacks alone are expected to double by 2025.’
Business News This Week (BNTW) caught up with two members from the top management at SecurEyes, – Ms Uma Pendyala, Head- Business Operations and Ms Vasantha K, Chief of Staff who spoke about this and much more in an exclusive interview. SecurEyes is a pure play cybersecurity consulting, services and products company that also provides cybersecurity training and education.
Excerpts of the interview:
BNTW: How much according to you is the increase in cybercrime / hacking / cyber-attacks in India? Kindly share data of percentage increase from last year to this year?
Vasantha K: The larger the usage of a digital platform, the larger the surface to attack. The cyber world makes it easier for people to be anonymous and seek unlawful gains. Cyber-attacks have been projected to increase by 200 per cent year-on-year. According to the Computer Emergency Response (CERT-IN) Team data, India witnessed a three-fold increase in cybersecurity-related incidents in 2020 compared to 2019, recording 1.16 million breaches. Cyber-attacks have been rated the fifth top rated risk in 2020 and have become the new norm across public and private sectors. This risky industry continues to grow in 2022 as IoT cyber-attacks alone are expected to double by 2025.
BNTW: What is the need for cyber security for governments and the private sector?
Uma Pendyala: In the digital age, society is interconnected and increasingly dependent on Information Communications Technologies (ICTs) and its underlying digital infrastructure. However, this interconnectivity also creates interdependencies, and vulnerabilities to emerging threats that need to be managed at the national, regional and international levels. Enhancing cybersecurity and protecting critical information infrastructures is essential to every nation’s security and economic well-being – particularly in the global move towards an integrated digital economy and a society powered by information.
In this context, at the national level, cybersecurity is a shared responsibility which requires coordinated action for prevention, preparation, response, and incident recovery on the part of government authorities. For this to operate smoothly and to ensure a safe, secure, and resilient digital realm, a comprehensive framework or strategy is necessary which has to be developed, implemented and executed in a multi-stakeholder approach. This framework is often referred to as National Cybersecurity Strategy (NCS) – and is a critical element for any country’s socio-economic security. In India this mandate is held with the National Informatics Centre (NIC) as it is the primary technology partner to the Government of India.
The private sector every year marks another “worst year ever” for cyber-attacks around the world, and Indian companies haven’t been immune to those hacks. Businesses are facing a 200% increase in cyber-attacks as the economy takes rapid strides towards achieving the target of $1 Trillion Digital Economy. Today, it is equally important to ensure that Internet, which is presently accessed by 80 crore people and shall soon cover 120 crore people, remains open, safe & trusted and accountable
Organizations of all sizes, in virtually every industry in India, were hit by cyberattacks. Statistics have shown that the larger the business, the more susceptible they are to an attack. Companies with 250 or more employees were revealed to be more than two times more likely to be targeted for an attack as companies between 10 and 49 employees. Then, the bigger the company, the greater the cost of downtime caused by cyber-attacks as measured in downtime, wherein the monetary cost of each inoperable hour could be devastating. Although the monetary cost of a cyber-breach is a significant problem, the effect on the brand is a whole other story. That’s especially true in sensitive industries where an attack can shake customer faith in brands and entire market segments. Today we are witnessing the need for cybersecurity across every industry sector, from energy to ecommerce.
BNTW: Are there enough cyber security professionals in India to tackle the issue? What is the skill gap of requirement vis-a-vis shortfall?
Vasantha K: According to ISACA’s new survey report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyber Operations, 60% of Indian organizations have unfilled cybersecurity positions. 42% report their organization’s cybersecurity team is understaffed. The shortage of talent in cybersecurity is appallingly low and the outlook for the future is also weak given that the requirement of talent is growing more sharply as compared with student intake across various educational institutions who are offering education and training for this sector.
BNTW: Which age group of cyber security professionals are more in demand? Why?
Vasantha K: There is no age barrier for a career in cybersecurity. In fact, the field requires people from diverse backgrounds to bring in their very different perspectives. As the threat landscapes evolve, the only requirement of a cybersecurity professional is to keep thinking out of the box and be willing to evolve with the needs of the business.
BNTW: India has reaffirmed its commitment to new cybersecurity rules under a directive from the country’s computer emergency response team — known as Cert-In — that will force virtual private server providers, cloud service providers, and virtual private network service (VPN) providers to store customer information. Please comment or share your feedback on this.
Uma Pendyala: The nature of cyber-attacks and the requirement for speedy actions in the national interest is the reason for the new cybersecurity rules. SecurEyes is one of the CERT-IN empanelled companies and we will support them in the safe implementation of their directive. At the organizational level, it is important that companies institute a zero-trust framework to safeguard the data that they are required to maintain as per the CERT-IN directive.
BNTW: What are the various advancing Cybersecurity Skills through training and certification that SecurEyes are providing to students?
Uma Pendyala: To fill the skill gap in this job market, we at SecurEyes, have been running an online skill development course- the SecurEyes Cybersecurity Certification Program. The admissions for the 8th course are now open. Candidates who are passionate about cybersecurity and have completed their graduation or are in the final year/ semester can apply for this course. Gender, age, physical/ social/ financial challenges are no bar if you are interested in applying for this course. On completion of the classroom hours, students will move forward to a 6 month on job training on live projects.
Organizations having in-house cyber security teams, need to constantly equip their cyber security professionals with the appropriate skills to enable them to maintain the desired cyber security posture. Also, organizations, that develop applications in-house, need to train their developers to code securely. SecurEyes, through its tailored training programs serves as the perfect bridge to address this skill gap with its training courses that covers application security, network security and customized training for specific functions. The company offers these trainings for all levels of employees à from the Board of Directors to the shopfloor.
BNTW: What are the challenges faced while recruiting cybersecurity professionals?
Vasantha K: Specialist cybersecurity companies like SecurEyes often compete with larger organizations EY, Deloitte, IBM, Microsoft etc. for talent. With the skill shortage in the sector, the increased competition of customer-facing brands makes it a big challenge. Being in a niche market we do not have the brand visibility in comparison to the competitors, so candidates often turn down offers. people are focusing on the compensations rather than focusing on intangible benefits which SecurEyes offers. As there is a huge shortage of skilled resources after getting a offer candidates shop out for better opportunities.