GS Paper 3
Syllabus: Challenges to Internal Security, Basics of Cyber Security
Context: The DSCI released a study called ‘Bridging the Gap: Identifying Challenges in Cybersecurity Skilling and Bridging the Divide.’
Data Security Council of India (DSCI):
- It is a not-for-profit, industry body on data protection setup by NASSCOM in 2008.
- It is committed to making cyberspace safe, secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy.
- Cybersecurity refers to every aspect of protecting an organisation and its employees and assets against cyber threats.
- India, as a nation undergoing rapid digitisation across various sectors, is not immune to the increasing number and severity of cyber threats.
- To address these challenges, stakeholders in the ecosystem have implemented several initiatives to promote Cybersecurity in the country.
- These include –
- The Indian Computer Emergency Response Team (CERT-In), set up by the Government of India, to provide guidance and support in the event of cyber incidents;
- Programs like Cyber Shikshaa, implemented by Microsoft and DSCI, to skilled professionals in the Cybersecurity domain and to generate awareness among people.
- Though the cybersecurity industry has gained significant importance and is expected to grow rapidly in India, there is still a deficit of skilled workforce to cater to the demands of the sector.
About the study: It aims to
- Analyse the demand and supply of skilled cybersecurity professionals in India,
- Identify technical and social factors contributing to the shortage of skilled professionals, and
- Explore solutions to address these gaps through CSR and a multi-stakeholder approach.
Findings of the study:
The top three attacks:
- That are expected to see substantial rise in the near future are phishing, smishing, and vishing attacks, followed by ransomware attacks and zero-day exploits.
- Phishing scams trick users into divulging sensitive data, downloading malware, and exposing themselves or their organisations to cybercrime.
- Smishing often involves sending bogus text messages – have a sense of urgency and request the recipient click on a link or reply with personal information.
- Vishing (voice or VoIP phishing) uses voice and telephony technologies to trick targeted individuals into revealing sensitive data to unauthorised entities.
- Zero-day attacks take place when hackers exploit the flaw before developers have a chance to address it.
Three major trends: That will catalyse the demand for Cybersecurity are –
- Use of AI, ML and IoT by hackers resulting in increasing Cybersecurity attacks,
- Growing regulatory liabilities and
- Excessive usage of digital platforms resulting in exchange of large amounts of data.
- Cybersecurity Risk Analyst, Cybersecurity Analyst, and Penetration Tester are the most prevalent job roles at present.
- They constitute less than 5% of their company’s overall workforce.
- 43% of corporations have women participation between 21%-40% of the overall Cybersecurity workforce.
- Need for organisations to perform risk assessments at regular intervals and have robust security measures.
- There is a need for –
- Multi-stakeholder collaboration to map industry-relevant skills, and design and deliver skilling programs as per industry standards.
- Training providers/NGOs to promote the inclusion of diverse groups and formulate strong inclusive programs that can specifically cater for the needs of PwDs.
- Corporates can play a pivotal role [through their Corporate Social Responsibility (CSR)] by incorporating and sponsoring Cybersecurity certification (addressing the certification gaps) as a part of their skilling initiatives.
Keeping in view India’s internal security, analyse the impact of cross-border cyber-attacks. Also, discuss defensive measures against these sophisticated attacks. (UPSC 2021)