Rows of young people sit glued to their workstations in a room behind a reinforced glass panel. Each has his or her own PC to work with, attached to two side-by-side display monitors; they may look fresh out of college, but these 300-odd specialists are protecting each one of us from cyber-attacks.
On one of the screens in front of them is real-time data of 50-60% of India’s Internet traffic. And every single person in the room is trying to detect and stop anything that can jeopardize India’s Internet connection. Talk about no pressure.
This Chennai-based cyber security facility at Tata Communications, which is at the frontline of protecting Indian businesses and people from online threats, is a sign of things to come.
Between 2015-2017, India was the second-most targetted country for cyberattacks in the world after the US, according to an April 2018 ‘Internet Security Threat Report’ by Symantec — a security company. India is the second-most impacted country by spam and bots, third in terms of network attacks, and fourth for ransomware.
In May 2018, Union Home Secretary Rajiv Gauba warned about a “phenomenal” increase in cyberattacks and espionage by corporate entities and hostile governments to “steal state secrets, sensitive corporate information, intellectual property or military superiority,” according to an India Today report. He also said that cyber attackers are more organised than ever before, with many of them having significant funding to wreak havoc online.
… and breached
In May this year, the Employees’ Provident Fund Organisation was allegedly hacked, and millions of Indians’ personal and financial data was leaked. In fact, just between April 2017 and January 2018, more than 22,000 Indian websites – with 114 government portals – were hacked, according to government data, says a Quartz report.
What’s worse is when you learn that not only the private sector companies, but even the Indian government, is powerless in stopping or containing these cyberattacks. “The Government does not have adequate in-house capabilities, expertise or inherent strength” to stay ahead of cyber attackers, admitted Rajiv Gauba.
IBM claims in a study that on an average it takes over six months for Indian companies to realise they have suffered a data breach, and just under three months for them to apply some sort of fix. And each time a company suffers a data breach in India, it costs them Rs 12 crore on average in terms of financial loss.
Training cyber security soldiers
In this increasingly dangerous scenario, cyber security facilities (like the one I’m in) with round-the-clock trained manpower for online vigilance, monitoring and patrolling becomes a fundamental need. For Tata Communications – which runs a major part of the global Internet backbone, handling 25% of the entire Internet’s traffic – it’s a no-brainer.
But finding cyber security experts isn’t easy. “Cyber security professionals are significantly less in number compared to what’s needed by the industry,” says Srinivasan CR, Chief Technology Officer, Tata Communications.
He further highlights how the skill gap is magnified because people who are studying or getting cyber security training right now are not equipped to handle the demands of the industry. That’s why the need to partner with academia to jointly train and develop the next wave of cyber security experts.
“Many of the universities in India are forward-looking, and they’re more than happy to invest behind cyber security skill-building.” Srinivasan highlights how Tata Communications works with Tamil Nadu’s SASTRA University to train and teach cyber-security to undergraduate students through guest lectures and internships. “This way they get a feel for what cyber-security entails, and choose their career path accordingly.”
The need for security will only grow
Rama Vedashree, CEO, Data Security Council of India — an industry body that’s responsible for the safety and security of cyberspace in India — adds to Srinivasan’s point. Unlike security in the real world, where government-owned police and the military play a big part in keeping people safe, online security is completely owned and managed by a third-party ecosystem. This complicates matters immensely.
“In such a scenario, a proactive approach towards cyber security is a must, along with strong mitigation capabilities,” says Rama Vedashree. With Internet-of-Things, Smart Cities, and 5G coming along, the need for cyber security is only going to increase significantly.
Vedashree also mentions how the government is currently trying to fast-track the Data Protection Bill, which may be debated and passed by Parliament as early as the upcoming Winter Session. It’s expected to have stronger breach notification guidelines, which will compel companies who suffer from data breaches to legally inform their users of the breach within a short time period, something that isn’t often done in India right now.
The massively big screen on the wall displays real-time network threats, with red pop-ups that indicate incoming cyber threats. The trickle of red on the screen is unrelenting. Yet the room behind the glass panel seems calm and composed. Pros who know what they’re doing. Attacking threats and setting up defenses to protect our personal, professional and financial data online.
On my way out of Tata Communications’ Cyber Security Response Centre in Chennai, I find a group of young professionals sipping tea and grabbing a snack at a tea stall just outside the building’s gate. I see all of them wearing a white-and-blue badge. The same badge I saw people wearing inside the cyber security response centre just minutes ago.
That’s when I realized not all superheroes wear capes. Some look just like you and me.