MoS Chandrasekhar Told Me Cybersecurity Should Be Shared Accountability Between Govt And Businesses
In July, The Indian Computer Emergency Response Team (CERT-In) under MeitY had reported that it had observed 6.74 lakh cybersecurity incidents till June 2022. The number of such incidents have been catching on blistering pace over the last decade. The movements of digital transformation and technology proliferation during the two pandemic-ridden years and beyond have now further emphasised the case for the need of more cybersecurity awareness and policies.
Every year, October is celebrated as the Cybersecurity Awareness Month (CSAM) to shed light on the dangers that lurk in the digital landscape. With the backdrop of CSAM, Sandip Patel (Managing Director at IBM India/South Asia) spoke to BW Businessworld’s Rohit Chintapali to put the spotlight on India’s cybersecurity scenario, government’s role in placing necessary guardrails and the anticipated threats in the upcoming quantum computing era.
Excerpts:
What is your observation on India and cybersecurity at large?
Cybersecurity is very relevant in today's world. With massive digitalisation, the urgency is critical for the world to be cyber-resilient. It cannot be emphasised enough and it will remain a top priority for businesses in 2023 clearly with India championing the digital trust movement for this Techade.
If you look at some of the numbers Cert-In has put out, there have been over 6.74 lakh cybersecurity incidents in India by mid-2022. Then, if you look at the National Crimes Record Bureau data, there were almost 53,000 cases of cybercrimes in 2021, which was an increase of 5 per cent from 2020. But it was 15 per cent increase from 2019. The number continues to grow.
According to the latest report by IBM, the average cost of data breach in India is Rs 17.6 crore in 2022. The number grew by 6.6 per cent since last year when the cost was Rs 16.5 crore and is a 25 per cent increase over the last two years.
What should businesses do in such a scenario?
Businesses really need to look inward and close the security gaps to build a more resilient future. Why is this even more relevant for India? On Oct. 1, we saw PM Modi launch the 5G service in India at the sixth edition of the India Mobile Congress (IMC). This is going to create a whole new revolution in the digital transformation landscape. But as 5G becomes real, more devices will be connected to the promise of fast internet speeds and soon we will have edge services. This means that there will more services happening at different locations and it will place an enormous pressure on the existing security monitoring methods.
In the era where fast internet speeds and growing number of devices prevail in decentralised ways, it is important for the systems to be updated.
If we truly are living in the ‘Techade’ for India, where a big part of our growth trajectory will come from digitalisation, then this is where we will have to be secure to deliver the promise of trust and ability to do business. Also, if we are looking for India to be the hub for digitalisation, our ability to contribute to driving cybersecurity protocols and more, becomes a priority.
Why is it so important for the Indian government to take the lead in cybersecurity in this era of rapid digitalisation?
Government finds its relevance in implementing the right regulations which act like guardrails. They set certain parameters called Standard Operating Practices, which are extremely crucial.
As you know, a Cybersecurity Bill was introduced by the Government of India (GoI) earlier this year. There was a fair bit of discussion around that within the industry and IBM too gave some pointed guidance around that based on its experience with other governments around the world. The bill is now being pondered upon before it gets tabled and accepted.
This kind of partnership with the government enables the right kind of guardrails, policies and regulations that helps people and organisations to not just become more aware of cybersecurity issues, but also have certain controls and guidelines in place. This is happening in most of the major economies around the world and those who don't have such guardrails are working on it because they are all seeing the negative effects cyber incidents.
After visiting our state-of-the-art IBM Security Command Center in Bengaluru earlier this year, MoS Rajeev Chandrasekhar told me that cybersecurity needs to be a shared accountability between the government and businesses.
What are the threats associated to quantum computing technology?
As quantum computing becomes mainstream, it will also get to the point where once quantum computers are scalable, they will equip the bad actors to break a lot of the major cybersecurity protocols that are used today. A lot of these bad actors are already ahead of the game in terms of determining how they can do this.
Quantum computing will open up the next theatre of war for cybersecurity. And prioritisation of Quantum-Safe Cryptography is the best way to brace for it. Hence, this will be a new focus area which will gain a lot of relevance. Computing systems will need to be upgraded to quantum-safe cryptography as a priority.
The US government's National Institute of Standards and Technology (NIST) recently published four quantum-safe cryptography protocol standards for cybersecurity, which will be established after an extensive study. IBM was deeply involved in developing three of the four protocols that have been put out there.
Gloss