Piyush Somani is the founder and CEO of ESDS software Solution Pvt Ltd. As a first generation entrepreneur, he started ESDS in 2005 and has served various roles at the company. With over 15 years of expertise in the data center & cloud solution industry, Piyush is recognized in the IT industry for his exceptional ability to build and grow business and long-term relationships. He has been instrumental in taking ESDS to new heights and the company already has a robust set of 40,000 customer base, hosting over 3 million digital assets. He is also the chief architect of the patented products such as eNlight Cloud. eMagic Data Center Management Suit and VTMScan. It’s with his vision and expertise that ESDS has transformed into a major Cloud service provider in India and has expanding in 16 countries. Piyush holds an engineering degree from the ‘University of Pune’ in Electronics and is passionate about technology.
Cyber Security has been at the forefront of deliberations in the digital ecosystem, be it in government circles or IT companies. The older Cybersecurity policies which primarily focused on building secure and resilient cyberspace for citizens, businesses and the government left a lot of grey areas in the making. In essence, it tried to craft a secure cyber ecosystem in the country with an assurance regulatory framework and establish a mechanism that can monitor and respond to threats. It was always playing catch-up with the new threats, data hacks, leaks, phishing attacks etc.
While we tinkered and altered the policies with required changes over the past decade, there was a drastic sense of urgency for an overhaul and re-structuring of the policy which became evident in recent times due to the pandemic and the way the world adopted remote working that exposed them to more vulnerability. The pandemic has been a nightmare for security agencies. With over four lakh pieces of malware found and 375 cyberattacks on daily basis, the pandemic has given birth to a hacker’s paradise. Several Indian companies which claimed to be secure in the past have seen data breaches. One of the highlights of the pandemic has been the compromised data of over 4.75 crore Indians found on dark web who were using the Truecaller app. While the company categorically denied any such breaches, this gives rise to an interesting food for thought -Do foreign IT companies have a huge hold on the Indian economy and its netizens? Are the current policies doing their best to ensure foreign IT companies are not overreaching and are accountable for their actions?
The answer is not simple, however to benchmark the current laws and policies, let’s study another digital economy, China, for instance, the comparative study of China and Indian cybersecurity has revealed several gaps in the policymaking and enlightened the protection and imperialism motivations driving the regulatory systems in those economies. In China, the new Cybersecurity law is extremely stringent and places restrictions on foreign companies doing business in China and has the potential to discriminate against foreign technologies in favour of domestic industry. The 2013 National Cyber Security Policy of India has been at its best average to mediocre in 2013-2015. However, by 2015, the policy seemed to have turned into mere compilation of statements and objectives without any strong roadmap for implementation. The policies left a lot of concerns over niche digital players in the IT sector who had no accountability towards the citizens.
In a bid to be a $5 trillion economy, India needs to identify and create a ‘cyber-secure nation’ and make the environment fertile for businesses, individuals, and foreign investors. It is ironic that even today government websites get hacked and security compromised. Imperative sectors such as energy and power, manufacturing, telecom and technology, Agri and agri-tech are the most vulnerable. It is commanding that the government encourages PPP (private-public partnership) to map the vulnerabilities and issues to fix them. Private Cybersecurity consultants, techies, Think Tanks, etc. are professionals in this space and can provide a detailed report on various security concerns that need to be fixed.
One thing the government did implement was the advancement in The Indian Computer Emergency Response Team (CERT-In), which helped in lowering the rate of cyber-attacks on government networks. Additionally, the implementation of anti-phishing and cybersecurity awareness training across India’s government agencies has assisted government employees in fighting against cybercrimes.
Another concern area where cybercriminals have been capitalising is the MSME sector. MSMEs have been identified as the low hanging fruit to exploit by hackers and can be used to infiltrate larger corporations leveraging their connections. 2019 has seen a rampant attack on our MSMEs and their infrastructure. Every 1 out of 5 MSMEs has fallen victim to a ransomware attack, a phishing attack or a Trojan attack in last 1 year. The updated policy needs to safeguard the most vulnerable reaches of the industry, especially MSME’s and their interests. To incentivise private players to report cyber threats in an agile manner, the government needs to improvise its ability to protect Indian data from thefts and prove to Indian businesses that something meaningful and credible is being formulated and executed to allow their business continuity.
Another area where there is an imminent need for a revamp is the new-age digital space such as social media, over-the-top (OTT) platforms and digital news. While a lot of new policies have been structured to safeguard these portals, there is still a lot of grey area on the implementation and functionality of the norms. Currently, India is greatly focused on protecting its critical infrastructure on health, education, end-user station, nuclear sector, etc., however, they too fall prey to numerous phishing attacks and ransomware. The most crucial aspect of drafting a new-age Cybersecurity policy has to be longevity and sustainability. If this pandemic has taught us anything, it’s to anticipate and be prepared for the unimaginable. Similarly, the new-age cybersecurity laws need to account for all the aspects and anticipate newer technologies in the future and make provisions for them.
To summarize, Cybersecurity is a global concern, which like any facet of technology needs up-gradation, research and constant updates. The need of the hour is a policy that focuses on India’s issue of safeguarding its netizens, safeguarding its essential and core industries, protecting its MSME’s and most importantly keeping an open mind about provisions on newer technologies and disruptions such as Cryptocurrency, AI, Machine Learning, Quantum Computing etc.