Recent data leaks have exposed India’s lack of cyber-security manpower and could slow down the government’s ‘Make in India’ and ‘Digital India’ initiatives.
Cyber security experts point out that as India starts consuming more technology, it is also getting vulnerable to the kind of attacks that it is unable to anticipate.
A large part of the problem is due to the fact that the country lags behind — both in terms of quality as well as quantity — in cyber security-related skilled workers.
“To achieve the objectives of Digital India, the country needs a robust cyber security infrastructure — both in terms of personnel and technology — which is changing at a fast pace,” Marc Kahlberg, Director and Group CEO, Vital Intelligence Group, told
“It is no longer about just installing some anti-virus software. The attacks are far too complex,” says Sastry Tumuluri, founder and CEO of DSD Infosec, a Chandigarh-based company that provides security solutions for small and medium businesses.
The complexity that Tumuluri mentions has to do with attacks on websites that use techniques like botnets (use of network of robots that spread malware), zombie computers (a computer that has been hacked into and is used to launch malicious attacks), app exploitation, and detecting problems in newer programming languages like Python, among others. “Unlike in the past, when one could only protect, now it also about detecting and responding,” says Kahlberg.
These cyber attacks are putting a dent on India’s economy. According to an ASSOCHAM and Mahindra SSG report, cyber crimes have cost India about ₹24,630 crore in a year.
Additionally, government data says that last year, about 50,000 cyber security instances were reported and one-fourth of the government’s sensitive departments are now under threat. Then, there is the issue of lack of availability of qualified cyber security professionals.
Manpower deficit“There is a need for three lakh professionals but the availability is around 30,000,” says Sunder Krishnan, Advisor to ISACA, an international independent association that consists of security and IT governance-related professionals.
Others like Ravdeep Sodhi, a cyber security advisor and consultant, point out that one doesn’t get to learn about cyber security before getting into MTech, as educational institutions do not teach the same curriculum in schools and colleges. “It is not treated with the same degree of seriousness,” adds Tumuluri.
Also, gaps in the IT Act — in the form of lack of an encryption policy, and data retention and privacy concerns — pose challenges going forward.