• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
BW Businessworld

'Absolute Security Is A Myth'

Photo Credit :

Why this book and why now?
With the growth in connectivity, mobility and cloud computing, the complexity of today’s network is increasing. Further, as Internet usage continues to grow, the threat of cyber crime also grows. The evolution of new technologies and social media like Facebook and Twitter has made personal information easily available and easy to steal or compromise. Cyber crime is increasing in severity and frequency and cyber security is becoming a fundamental priority for all. Increasingly, cyber security is not just a technical subject that can be resolved like any other IT-related problem-it is a ‘risk’ that can be mitigated by creating awareness and getting the right combination of technology and practices based on careful analysis. Understanding the sheer scale of the problem is important to planning at all levels. Building awareness of best practices and collaboration is the key and this is where this book is important. The concern and urgency to adopt safe practices to protect identity and data on computers and network is an important issue.

This book is an attempt to help all those associated with the cyber world to understand the nature of vulnerabilities and threats and develop appropriate defense mechanisms.

Tell us about the kind of research you put into this book...

This is a research work based on extensive study and comparative analysis of the existing literature, reports and media content of the last decade. The existing work on global cyber crime analysis is fragmented in nature. We have media reports of cyber crime as and when it happens
and vendor reports which tend to be biased. This work analyses the cyber crimes and data breaches globally and draws out major trends and study parameters, such as the tools and methods used, newer threat scenarios, economic implications, socio-cultural factors, country specific analysis, legal aspects, government, and industry policies. This insight is used to give recommendations for ‘safe practices’. The book also gives suggestions for building a security programme based on international standards and best practices.

Could you elaborate on how corporates can make use of this book?
The cost and the economic value of cyber attacks is tremendous and consistently on the rise. With these cyber attacks, corporates face loss of productivity, revenue and most of all customer trust. For instance, there are risks related to online activity, clouds, mobile, social engineering and intellectual property which all corporates have to face. Corporates need to dedicate sufficient resources for the management of cyber security which also includes awareness building and investment in new security technology to align with the changing threat landscape. |

Simultaneously, it is important to avoid any disconnect between policies, processes and technology. Most security breaches can be avoided if reasonable security practices are put in place at all times rather than after the incident has taken place. Therefore, building of security culture, better management practices and collaboration has never been more important. This book discusses the major types of threats and also covers the security practices which can be followed at individual and organizational level to be more secure. Keeping alert and being well-informed on the latest threat components remains one of the most important aspects of staying secure. There is a separate section on building a security programme at organisational level which any corporate can plan to follow.

Does India have the necessary systems in place to tackle cyber crimes and phishing?
India is the world’s third largest internet user after the US and China. Though, these numbers may be lower in per capita terms in comparison to advanced economies, but considering the numbers of people involved and the criticality of networks, the planning of protection measures is an important dimension.

Crimes perpetuated through computers, are becoming a growing menace for law enforcement officials around the world. Unfortunately, since internet crimes typically involve people scattered across many different geographical areas, tracking and punishing the guilty parties is a difficult task. The governments are also making legislations ensuring that every company has Internet policies and security solutions in place. However, cyber threats are moving at such a high speed that law enforcement cannot catch up with it. If the current trend continues, then, in a few years
people would start to think twice before transacting on the internet. The problem is even more complicated as information may be compromised in one country by a criminal acting from another country through servers located in a third country.

With the rapid growth of the internet and many economic activities coming under its purview, cyber crime has picked up momentum in India also. Going forward, the complexity of the network is only expected to increase. Poor awareness about technology and legislations among individuals and employees are major causes behind such frauds. India is also facing cyber espionage from one or more neighbouring countries. Indians are also more prone to phishing attacks. This is not only due to a rising internet population but due to lack of awareness. It is important to disseminate safe practices and build awareness on cyber security issues to reduce vulnerability. At the same time, we need to understand that absolute security is a myth, we have to continuously match up to newer threats, be agile and prepare ourselves on an ongoing basis.

The Indian government has already approved the National Cyber Security policy which is a very comprehensive document to create a secure cyber system in the country. The National cyber security assurance framework has also been announced. It is also proposed to create a workforce of 500,000 professionals skilled in cyber security over the next 5 years for capacity building and training. The government is also actively partnering industry associations, service providers, and other stakeholders in joint efforts to secure cyberspace. It has plans to set centres of excellence on cyber security. This reflects the commitment of the government of India to securing cyberspace for trusted e-commerce, the privacy of individuals, and security of data and protection of critical information infrastructure. Therefore, the government is working extensively in this domain. The successful execution of these policies and the framework is important. This is where other parameters such as shared vision, inspired leadership and proper budget and resource allocation become vital, along with a shared understanding of the priorities, and the support and buy-in of all stakeholders.

According to you, how much is too much while giving away information on social media?
The increasing use of social media today has resulted in high levels of security risk. Cyber criminals may be drawn to such sites because of the accessibility and amount of personal information that's available. It is easy to steal personal and other information about individuals from social networks. The personal information can also be used to conduct a social engineering attack. Additionally, because of the popularity of these sites, attackers may use them to distribute malicious code.

It is important to take appropriate precautions when online, and try to verify the authenticity of any information before taking any action. As a general rule, you should never put anything on social networks that you wouldn't feel comfortable with. After all, you never really know who is
going to read your information, or what they could possibly do with it. Internet is a public resource: only post information you are comfortable with anyone seeing. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines.

It is advisable not to put information that would make you vulnerable such as your address or information about your schedule or routine. Also be considerate when posting information, including photos, about your connections. The internet makes it easy for people to misrepresent their identities and motives. Therefore, be wary of strangers and be sceptical. Don't believe everything you read online. Consider limiting the people who are allowed to contact you on these sites. Be careful when clicking on links as they may lead you to malware infected sites. Protect your account with passwords that cannot easily be guessed. Most of all take advantage of a site's privacy settings and customize them. Use and maintain anti-virus software. Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

What is your energy drink?
Well, I depend on the good old tea-Earl Grey is a favourite!

What are you reading now?
I am going through the preliminary cyber security framework released by NIST, US about one week ago.

What next?
Well, I am planning another book in the area of e-Governance, but also I expect that going forward, I am going to be working on the issue of cyber security and do more research in this area. I am participating in the cyber security framework with Government. I intend to work with schools, build awareness in workplaces, in Institutions on the issue of cyber security. And I’m also thinking about creating a social network for cyber security awareness and best practices, which is really in the very early stages. I do have a blog,, where these ideas will probably emerge in the future.

E-book or paper format?
I prefer paper format, though I do have a Kindle and I read a lot of e-books. E-books are great as they save the money on shipping and I can read the book right away and not wait for the delivery but still there is nothing like holding a book in the hands. I do prefer paper books, even if storage eventually becomes an issue!