With everything gone digital and the alarming rate of cyber crimes, device and data security take the centrestage. At the Kaspersky Cybersecurity Weekend held in Bali, Indonesia, several aspects were discussed, from importance of security, recent incidents of hacks, security measures and so on.
India is the second largest phone market, and for many a phone is the primary or the first device for Internet access. However, surveys in the past have disclosed how online and device security isn’t taken seriously by many. We spoke to Vitaly Kamluk, Kaspersky Lab’s Director of Global Research and Analysis Team in APAC, who explained how awareness and government initiatives will play a major role.
Countries like Russia and Singapore have hoardings to educate general public around cyber crimes and taking precautions. In some European schools, students are thought about online protection, how to recognise scam, malware and so on. Maybe similar initiatives could help increase awareness. This way, it doesn’t really matter whether you access the Internet via mobile or desktop, basic awareness and essential precautions could help deal with it, he had said. You can read more on this here.
Lionel Tan, Partner at Rajah & Tann Singapore LLP, who specialises in data protection and cyber security issues and has over 20 years of legal experience explained how Singapore plans to update its law and introduce what is called Air-gap. “Singapore government has devised a policy that will go live next year wherein all civil services access to Internet will be separated. 100k computers by government and its officers wont access private data on those computers. If they want to do Internet research they need to access other computers. The idea is to create the ‘air-gap’ to prevent and minimise the disruption of govt services, minimise attacks that will take information from citizens.”
However, Singapore is much smaller comparatively. But, it is to be seen how successful the initiative gets, and we could probably take some lessons from them.
Ruslan Stoyanov, Head of computer incidents investigation at Kaspersky Lab, said that the threat line keeps changing and threats become more complex and hidden. Again, India could probably take examples from other countries with stringent regulations and adopt it in its national landscape.
Talking about security in enterprise and IT networks, Anton Bolshakov, Managing Consultant, IT Defence Asia said, “It (cloud) is easy to backup and scale and has a lot of advantages, but the difficult part is you may lose control on data. In Singapore, for example, there are regulations that force cloud to be hosted in one country and you can have control across the globe.”
But, isn’t the Bring your own device (BYOD) culture settling in rather quickly, for the sheer convenience it provides. Will that make security difficult? Bolshakov explains, “If the company allows you to use virtual desktop, you can bring your own device. It is a virtual client that will run a corporate image, for example. So, if a company allows mobile devices and installs good containers, in terms of security it will have more controls. It is easier from forensic point of view too.”
The increasing number of data security incidents has also put cyber insurance in a prominent position within a company. For instance, in the most recent, Sony Pictures had to cough up $8 billion to settle a hack lawsuit with employees. For bigger companies, a cyber insurance seems like an important investment, especially if they are dealing with a lot of data. But, what about the others? In India, most tech startups are data driven, and investing in cyber insurance has to be a feasible option. Tan explains, “Startups are constraint by resources and with people investing in the company, they want to ensure the business is viable. However, cyber attacks can wipe off a company. It is important to invest in IT security and have a look at cyber insurance. The breach will have impact on revenue. So, it becomes worthwhile to think about cyber insurance with an affordable premium.”
Pavan Duggal, Advocate, Supreme Court of India and who specialises in cyber laws believes that cyber insurance is not just the future but the need of the hour. “Sony Pictures hacking case has demonstrated, that how a legal entity’s entire intellectual property rights can get prejudicially impacted by cyber security breaches. Hence, cyber insurance becomes a good option for corporates,” he said.
“Currently, this is not very prominently used by Indian entrepreneurs. This is so because Indian entrepreneurs believed in ‘chalta hai’ approach. Lot of people believed in Indian Jugaad School of Management. They think that they can do jugaad in cyberspace. However, the fact remains that the said jugaad do not work in the context of cyber security breaches; therefore cyber insurance needs to gain far more prominence and acceptability amongst the Indian entrepreneurs. It has to be the defacto way forward for all corporates in India,” Duggal further added.
In India, we don’t have a dedicated cyber security legislation. But, there are laws in place that will let the affected person get some compensation.
“The Indian Information Technology Act, 2000 is India’s mother legislation to deal with all aspects pertaining to activities in the digital and mobile world. Data breach takes place by unauthorized extracting, downloading or copying of the data. The said data breach is often done by the person without the permission of the owner or person in charge of the relevant computer system or computer network. Hence, any affected person can seek damages under Section 43A of the Information Technology Act, 2000 up to 5 crore Rupees. These damages can be granted by the special authority created under the Information Technology Act, 2000 known as the Adjudicating Officer. In addition, affected person can also seek damages beyond Rs 5 crores under the Information Technology Act, 2000 before the normal Courts of law,” Duggal explains.
He further said that the law presumes you must seek for compensation at the earliest opportunity. The earlier opportunity can either be from the time the data breach has taken place or from the time when the person gets actual knowledge of the exact data breach. “This portion of Indian Cyberlaw is relatively weak inasmuch more work needs to be done to provide expeditious grant of damages to affected parties under the law,” Duggal further added.
Publish date: October 12, 2016 10:10 am| Modified date: October 12, 2016 11:20 am