TECH
28/09/2018 2:25 PM IST | Updated 28/09/2018 2:25 PM IST

Skill Gap In Cyber Security In India, Experts Warn

The cybersecurity needs of government departments are rising.

PIXABAY
Representational image.

CHENNAI, Tamil Nadu— As companies, and government departments move more and more sensitive data of employees and citizens online, India is facing an acute shortage of trained cybersecurity professionals, Tata Communication's Chief Technology Officer, Srinivasan CR warned.

"People with the right cyber security skills are in short supply," Srinivasan said. "That is why we are working with universities, and have been collaborating with the Sastra university to set up a cyber security lab."

Srinivasan made his comments on the sides of an press event to launch Tata Communications' new Cyber Security Response Centre (CSRC) in Chennai, the fourth for the company with other centres operating in Pune, Dubai, and Singapore.

Srinivasan's comments echoed Andhra Pradesh's chief cyber security officer's observations in an interview with HuffPost India earlier this year.

"There is a significant skill gap in the market, where people who are studying aren't in sync with the needs of the industry," Srinivasan added. "We are trying to do guest lectures, and set up internship programs, so that people come into the industry with the required skills."

SMART CITIES AND GOVERNMENT PROGRAMS A BIG BUSINESS

At the cyber response centre, Tata monitors traffic flows and tries to detect a variety of different attacks, such as phishing or malware, botnets and more.

"We do this using a combination of commercial feeds, open source data, and our own honeypot servers," said Avinash Prasad, vice president, managed security services for Tata Communications.

Honeypot servers are designed to look like they have sensitive data, and entice malicious attacks, in order to identify potential threats.

In the future, Prasad said, cyber security needs of government projects are going to be particularly high.

"State actors are a big aspect of what's happening now," he said, "and in the next two to three years they are going to be very big, so we're definitely paying attention to what's happening."

This is particularly the case for the upcoming smart cities, where critical infrastructure also gets online, Srinivasan added. "Cyber security infrastructure, and security centres for smart cities are going to be very important," he said. "Today there are threats from criminals who are out to make money, and there are also potential threats from state actors, and so being able to protect this infrastructure is critical."

However, beyond infrastructure, Srinivasan warned that is important to prepare for breaches.

"When it comes to security, you have to be ready to defend," Srinivasan said. "There is nothing called fool-proof security, particularly if your data is interesting. As the value of your data increases, someone will breach it."

INCREASING THREATS, AND REGULATORY PRESSURE

At the launch of the the CSRC, Rama Vedashree, CEO, Data Security Council of India warned that threats have escalated in terms of complexity, severity, and impact.

"A proactive approach as well as strong mitigation capabilities are imperative," she said. "Threats are evolving rapidly with the move to cloud and mobile, and there is a complete third party ecosystem now."

On regulatory issues, Vedashree explained that compliance will become more of a concern around the world.

"There will be strong data protection regimes everywhere, and this will become a barrier to businesses, like the GDPR," she said. "They will have to invest a lot more in data protection and also security."

"Here there is the upcoming data protection bill, which the government wants to fast track, and there are regulations for smart cities," she added. "There is DISHA in health as well, and the data law will mark health as sensitive data, not just personal data. The Ministry of Corporate Affairs is also talking about stronger breach notification guidelines, which will lead to more investment on security."

Breach notification guidelines would require companies to inform affected users in case security is compromised, something that is often not done in India.

READ: Over 100,000 Users' Data On FreshMenu Was Breached In 2016, And The Company Chose Not To Disclose This

Vedashree added that there are signs that these changes are taking place in India, beyond the regulatory environment, and said, "Thanks to the pressure to invest in cyber security, it is growing at a pace that is now far outstripping IT growth."