Cybersecurity has emerged as a top priority for every enterprise and government with the proliferation of digital technologies in recent times. The increasing scale, complexity and repercussions of cyberattacks of late have escalated the discourse around the issue.
The Data Security Council of India predicts that the Indian cybersecurity services industry will witness a compound annual growth rate of 21 per cent to reach $13.6 billion by 2025. The industry generated cumulative revenue of about $4.3 billion in 2019, and this is expected to reach $7.6 billion in 2022. According to McAfee, more than 58 per cent of Indian enterprises are going to be impacted by cybersecurity incidents in their businesses compared to Singapore at 42 per cent, Australia at 16 per cent and 75 per cent in New Zealand.
Besides, in the wake of the Covid-19 pandemic, cybersecurity is gaining even greater attention from enterprises and governments. In a recent advisory, the Computer Emergency Response Team of India (CERT-In) highlighted that cybercriminals were taking advantage of the “new normal” brought about by the Covid-19 pandemic to lure internet users and steal sensitive data and information.
While companies are thwarting attacks from every sphere, they are also focusing on new measures to align IT and new technologies like artificial intelligence (AI) and machine learning (ML) with businesses.
A look at some of the initiatives taken by companies to address cybersecurity issues…
As a non-banking fintech company, DMI Finance relies on technology and innovation to revolutionise credit transmission in India. For better control and security, the company has adopted AI for the approval mechanism. Every approval is based on a historic event or a previous year’s request. The AI-based mechanism has improved cashflow visibility and helped keep a check on the compliance to be followed. This has helped the organisation to governance significantly improve. Remote work has been a challenge for the company amidst Covid-19 as there was no visibility of the data going out of the system. To this end, DMI did phishing simulation to help recognise threat actors masquerading as customers and to recognise frauds. Over the past one year, the company has been investing in restructuring the entire infrastructure to become a cloud-friendly organisation. Towards this end, DMI is looking at securing buckets, and managing internal end points and logging systems.
HSBC Oriental Bank of Commerce Life Insurance
In a bid to fight malware, HSBC Oriental Bank of Commerce Life Insurance uses AI and ML capabilities for document and ICR extraction, bots and risk analysis. In addition, the company has increased its reliance on intelligent analytics. It is offering a range of products, processes and services to reach out to customers. Further, the bank plans to use these capabilities for face match, signature match, voice match and voice-enabled capabilities. It is currently working on these initiatives and will be able to launch them soon. With rapid digitalisation on the charts, the bank relies on a simple yet robust architecture based on micro services to fuel innovation. As a company, it started the adoption of micro-ervice architecture in 2019. Micro-service architecture supports the ability to integrate and break down the functionality into manageable pieces of code. According to the bank, in terms of digital services, it has seen a higher adoption compared to the pre-Covid world. There has been an increase of around two times in payments through the online mode, close to 11 per cent increase in self-servicing through IVR (interactive voice response), and a multifold increase in the uptake on WhatsApp registration for servicing.
Having established a strong online presence, HDFC Life had a grave concern over the security posture. One of the major challenges that HDFC Life Insurance faced was to gain expertise to patch open vulnerabilities in legacy systems in a timely manner. The concern was not only about the possibility of application DDoS attacks leaving portals unavailable, thereby seriously impacting revenue, but also the constant exposure to DDoS attacks and new vulnerabilities. The company found a solution to its various challenges through Indusface app, Trana. This web application scanning solution can give accurate protection of known vulnerabilities using Indusface WAF, including custom rules to patch legacy systems. In addition, it is equipped with expert monitoring of web apps to detect and mitigate application DDoS attacks. This provides proof of vulnerability and extends support for the team to facilitate timely corrective action. The hybrid model ensures the best automated scanning, combined with manual testing, covering internal and external assessment of vulnerabilities.
To ensure security, the Indiabulls Group is rigorously scrutinising communication traffic at various levels. The company’s security operation centre is keeping a vigil on every potential threat to counter it appropriately. Besides the technology, human assets are being sensitised at regular intervals through Cybersecurity advisories. Further, the company adopted a seamless zero-trust network, virtual desktop infrastructure, thin clients, remote desktop gateway services and virtual private networks. While strategising the work-from-home (WFH) framework, Indiabulls scrutinised each and every aspect of cyber vulnerabilities, along with implementing security control mechanisms.
In a bid to secure the virtual WFH space, Info Edge is focusing more on software-based rather than appliance-based security to ensure uniform security across all end points without depending on the physical locations or IP addresses. According to the company, BYOD (bring your own device) can be widely adopted in the long run. However, this depends on the maturity of the company.
Airlines and airports are looking at new technologies and embracing AI to deliver contactless experience to customers. The aviation sector is shifting towards automation, with visible interactions of getting boarding passes and checking in bags. This has enabled customers to get the boarding pass through kiosks and web or apps. There are certain risks associated with the adoption of automation; for instance, if the app for issuing the boarding pass is not tested completely on all business logic aspects that are developed, it might turn into a vulnerability. This vulnerability could lead to data breach, thereby harming the digital brand. Going forward, the airline company believes that mobile interfaces can be secured with fingerprints, thus reducing vulnerability. That apart, the industry is trying to analyse behavioural biometrics to understand if the user is a genuine customer or a bot.
In January 2020, Paytm Payments Bank announced AI-driven security measures to safeguard users from fraudsters and protect their transactions. One of the new features analyses rogue apps on user devices, which might trigger fraudulent transactions and advises users to uninstall them. In addition, the bank is also leveraging AI to instantly detect suspicious transactions. Depending on the identified threat level of a transaction, AI either slows the transaction down or completely blocks the payment. The security feature will scan the apps installed on the user device and will pop up a security alert whenever a dangerous app is found that may put users’ accounts at risk.
The Indian cybersecurity services industry is growing twice as fast as the global market. However, while digitalisation has opened up cyberspace to manifold threats, it must also be seen as an untapped opportunity. A NASSCOM report identifies cybersecurity as one of the key growth levers for the Indian IT industry.
According to McAfee, cyber resiliency functions such as data protection, response and recovery planning, and response and recovery communications are the areas that the IT sector expects to be improve by 2021 in relation to their cybersecurity maturity levels.
In March 2020, the National Cyber Security Coordinator announced that the government is working on a new cybersecurity policy that would address all the issues related to the cyber ecosystem such as standardisation, testing, auditing and capacity building. While corporate India and citizens keenly await the new cybersecurity policy, it is hoped that it will provide robust protection for businesses and consumers and give them legal teeth to fight attackers.