Why has there been an upsurge in cyber attacks in the last 6 months?
Yes, we can say it's all because of a sudden shift in digital transformation as COVID 19 unleashed a new set of challenges for CISO of any organization. Many CISOs who were working on their routine tasks aligning with respect to the digital transformation, have to instead look towards the long-term goals of setting up a secured and efficient Work from home model to run the business operations. organizations have to face newly formed network threats that are targeting remote workers. Lack of focus on the security of internal infrastructure, applications, and assets due to more involvement in running business operations with remote workers can also be a reason for being victimized by cyber-attacks.
Also, there is a huge increase and competition of being online among all businesses which were running offline/physically during the past year, and that also extended the options for hackers to steal the data by cyber attacks.
How has the role of cybersecurity start-ups evolved in this regard?
Since the pandemic has totally changed the manner in which we work, the utilization of BYOD (Bring your own gadget) has become a new normal during work from home. Organizations are more focused on security after shifting on work from home culture by utilizing VPN, system hardening, tightening the policies, and so on but stills can't achieve a decent degree of security. Enormous amounts of information are in danger with the increase in the use of third-party solutions, for example, Employee monitoring tools, virtual communication platforms, and so forth, as well as all employees, have access to the sensitive information which rise the hacking/information theft incidents. On the other end, pandemics came with an opportunity for Startups like us to deal with different issues and work on solutioning such as SASE (secure access administration edge), Zero trust framework, corporate training frameworks, Vulnerability management platforms, DevSecOps and so on.
Being a Cyber-security start up, the past couple of years were amazing for us as well. We've achieved significant growth in terms of revenue. Have tapped into a few new markets with some most needed solutions these times, including Middle East, North-America and South east Asia. Numerous big brands are also making trust on start-ups due to great services in affordable commercials, we are also helping many Start-ups & SMEs belonging to BFSI, Fintech, Ed-tech spaces, as well as some big brands in North America and Middle east also trusted us to become their Security partner.
What are some of the new products you are working on to meet the challenges?
Since there are many challenges, especially the highly competitive Startup ecosystem in our country. In the Cyber security space, demand has been changing consistently and many brands need versatile solutions that can solve their day-to-day needs effectively and we are also working on such solutions.
Where and why is the government lacking in protecting users?
Our country doesn't have strong data protection laws compared to other western and European countries, Indian government has been working on the Data Protection bill of India but yet nothing is clear on its enablement. It's hard to comment on "why" the government is lacking but there are many places we are lacking with stronger data privacy and security regulations in our country. Like the European Union's GDPR, we should have a strict law in place for our users that binds the businesses running in India to comply and secure the data they are holding. It will not only secure our users' data but also make our country's cyber defense stronger.
What reforms would you like to see in this domain?
There must be a strong and impactful regulation to be formed and enforced on the businesses that have been holding and processing the sensitive personal and critical information of any users in India. Similar to the Financial industry and BFSI segment, there must be a regulatory body that regulates and ensure the online business to maintain the necessary security measures as RBI, SEBI and IRDA regulate and monitor the security incidents related activities in their respective affiliate companies. Above are the reforms I would like to see in this domain so that Indian companies can improve their security postures and keep focusing upon the user's data security by complying with all the regulations.
What are some of the preliminary caution a user can take to protect themselves?
There could be two types of users, the first is corporate users and the second is individual users, and using any application with due care is necessary for both. Corporate users should have a Standard operating procedure prepared for using any third-party application, any SaaS-based application should be verified against all clauses of Third-party application security, and must be going through the application Penetration testing exercise in each short span of time to avoid any data breaches. Organizations should arrange corporate training programs to aware their employees against cyber-security threats that can put their whole data at risk.
Individual users should check the authenticity of the applications before trusting them for online shopping, ordering, travel booking, or any other utility needs. Individual users should check the Privacy terms of any website before using it, how they are storing and keeping the sensitive data safe, whether the company is following ISO 27001 or equivalent measures to comply with data security regulations etc. Though it's difficult to spread awareness across India in a short time we've observed phenomenal growth by online users in understanding the cyber threats and that's the only way user can protect themselves from data theft and hacking attempts. We are also working with many NGOs and institutions to spread the awareness of cyber-security across the nation as well as working with organizations to train there staff against the complex cyber-threats.