Khushhal Kaushik, Founder and CEO at Lisianthus Tech & Cyber Security, talks to Team Optimist about India’s cyber security infrastructure and its future…
The Optimist: India’s cyber security market has been predicted to grow at a CAGR of over 19% during 2018-2023. This growth is expected to be driven by the rising number of government initiatives for digitizing government sector entities and processes, healthcare, BFSI, education and other vital sectors in the country. Is the growth rate of India’s cyber security market satisfactory? What are the major factors stalling the organic growth of this sector? How can we, as a nation, overcome the hurdles?
Khushhal Kaushik: I believe India’s current cyber security ecosystem has a lot of ground to cover in the near future. Although the market is growing at a promising rate, there are a lot of factors that can push this sector’s growth. Its biggest barrier is the lack of awareness about the importance of cyber security measures.
Despite several instances of cyber crimes, the general public and even corporates aren’t investing in better cyber security measures. An awareness drive should be launched on a national scale to expand the scope of the cyber security industry and make it more inclusive and approachable to the common masses, SMEs and start-ups. A national regulatory policy should be formulated and the government should act as a facilitator in promoting cyber security research and development. By creating an ecosystem of continuous evolution and innovation, India should be able to become a valuable contributor to — and a leader in — the global cyber security domain.
The Optimist: In an event organized by the Aeronautical Society of India-Hyderabad Chapter, Gulshan Rai, adviser to PM, has said there’s an urgent need for research institutes, industry and academia to focus on developments that can make India strong in cyber space. Do you agree? How can we proceed in this direction?
Khushhal Kaushik: Yes, I completely agree with this school of thought. Lack of a proper framework for research and innovation is one of the major reasons for the increase in the number of cyber crimes in the country. If the central government wants to move ahead firmly on cyber security, it must focus on building a centralised cyber security research and development unit that must focus on creating a future-ready cyber security technology for the public and private sectors. To make this a reality, the government should first define key research areas and partner with strategic and scientific institutions that can develop their own cyber security products. By following a structured approach, cyber security and privacy in the country can be bolstered.
The Optimist: On August 11, 2018, about ₹76 crore was withdrawn within two hours in a hacking attack across 28 countries and another ₹13 crore two days later. Over 4,500 cards were cloned and 148 ATMs were used. What precautionary measures should the government take as a safeguard against cyber criminals?
Khushhal Kaushik: Although the government was unable to predict the cyber fraud, I believe it was quite agile in limiting the damage. Much worse could have happened. The government’s campaign to increase awareness about ATM frauds was also a welcome step. However, I’d like to add a few points on how to prevent ATM frauds:
- One shouldn’t share the confidential details of his/her card with anyone while using an ATM
- A person shouldn’t ask anyone else to enter his/her PIN
- One also shouldn’t enter the PIN in front of anyone
In the larger picture, the government should introduce new-age ATM machines and replace the older swipe-based ones. In the new machines, the danger of cloning a card is reduced, because the card is auto-inserted and ejected. Also, banks must ensure that every cardholder gets an OTP on his/her registered mobile number during debit card payments. That way, debit card frauds can be reduced.
The Optimist: A report prepared by a NASSCOM task force chaired by Rajendra Pawar on the PMO’s request in 2016 chalked out a roadmap for India to become a global hub for cyber security products and services. About 1,000 start-ups are working actively in this space. Will the government be able to create a proper ecosystem for the growth of the cyber security market?
Khushhal Kaushik: Under the Digital India Program, the Centre’s doing a lot for the cyber security domain. To promote the country’s cyber security culture, the Centre should create a separate ecosystem for cyber security start-ups, with funds for research and operations. The government should ensure that such start-ups get access to local markets and, at the same time, are able to compete with global players.
The Optimist: To create capacity and skilled professionals in cyber security, the Defence Research and Development Organisation (DRDO) is holding talks with research institutes and academia. NIT, in Kurukshetra, and DIT, Pune, and the Defence University are already offering master’s degrees in cyber security. Should the government also include cyber security training in schools?
Khushhal Kaushik: Even in some of the smaller countries, cyber security is already a crucial part of the curriculum even at the elementary school level. India, too, should introduce cyber security at the primary, secondary and senior secondary levels to reduce cyber crimes in our country. Greater awareness about cyber security issues will empower people to deal with such cases.
The Optimist: India was ranked among the top five countries affected by cyber crimes, according to an October 2018 report by online security firm Symantec Corp. Is the law and order infrastructure not equipped with skilled manpower and advanced technology? How can the police and other enforcement agencies fight this threat?
Khushhal Kaushik: It’s a fact that India has underestimated the cyber security threat. It doesn’t mean that we’re weak. It’s just a global perception. To fight this notion, we must prepare ourselves, our law-enforcement agencies and the public departments for the bigger game. The government should employ people with technical expertise so that they can easily understand the technical glitches and solve them quickly. No one can become a cyber expert by simply using some tools or infrastructure. There’s no specific training in the world that can turn someone into an expert in a few hours. One must work for years in the industry, gather relevant experience and use insights to become more proficient. The government must also invest strategically in research, innovation and a skill-based approach to develop a cyber experts force that’s capable of handling technical issues effectively.
The Optimist: Can the government join hands with private players to strengthen cyber security and back law-enforcement agencies in fighting cyber crimes?
Khushhal Kaushik: Yes, the government should definitely join hands with private players in the cyber security domain. This way, the goal of making India a cyber-secure nation will get a new impetus and a clear direction. The government should engage only Indian private entities, or players, so that the country’s security isn’t at risk from foreign hackers. Private players, under strict government monitoring, can equip the law-enforcement agencies with skills to deal with advanced cyber crimes that are taking place daily in the country