A year after the Cambridge Analytica scandal, yet another data leak took place at Facebook in 2019. About 540 million records of Facebook users were publicly exposed on AWS cloud hosting service. To give you a picture, this is about 7% of the global population when a large chunk of it is yet to digitize. This depicts the current cybersecurity landscape as concisely as it can get.
Ironically enough, the exposé (via KrebsOnSecurity) took place within a month of Facebook admitting that 600 million users’ passwords were stored in plain text by the company and about 20,000 of its employees had access to them. Out of them, 2,000 employees conducted about 9 million searches for passwords already. Here, we have to acknowledge that Facebook is a globally leading tech giant. This kind of breach is known as ‘Malicious Insider’ and Facebook must ideally have the capability to identify even an isolated incident of this kind. The figure of 9 million searches simply goes through the roof.
There is a clear need of enhanced cybersecurity infrastructure and a better class of cybersecurity professionals managing it on a global level. A report by Cybersecurity Ventures forecasts that losses due to wide-ranging cybercrimes will increase to $6 trillion by 2021. This is $1 trillion more than what India envisions its GDP to become by 2025.
Technically, any digital enterprise is vulnerable to wide-ranging threats. Such threats could be IoT-based endpoint attack, malicious insider threat, Advanced Persistent Threat (APT), or even a zero-day attack (wherein the specific vulnerability and its remediation are not known to anyone until the attack takes place). Any cyberattack can wreak havoc on you in the form of regulatory and legal actions apart from eroded market value, customer attrition, and lost future prospects. Something that can save you is how you addressed your vulnerability or the incoming cyberattack.
However, at present, almost 60% of organizations have unfilled cybersecurity positions owing to the market skill gap (ISACA report) and 77% of leaders believe that an infrastructure breach can take place with far-reaching consequences (Black Hat 2019 report). On top of that, the fresh talent entering the field – even most mid-career security experts – have never experienced a real-life breach themselves and less than 30% of analysts have experienced a ransomware attack according to an ESG Report.
They will, therefore, not be completely prepared when a cybersecurity breach eventually takes place. The need of the hour is to quickly fill this void while considering the sophisticated cyberattacks that are surfacing of late (including IIoT attacks, AI-driven attacks, etc). After all, not everyone can get away with security breaches like Facebook apparently gets to!
Well, this global problem has also come across as the much-needed solution for India, especially as it aims to make its economy worth $5 trillion. Our nation can help bridge the global void by developing a cybersecurity force using the youth that we have. So, simulated cybersecurity training solutions such as Cyber Range must not only be deployed across business organizations, but also amongst our academic institutions. Only this will ensure that we tackle the modern threats holistically.
The approach will also prepare our next breed of cybersecurity professionals by equipping them with high-quality, hands-on experience as compared to the conventional ‘Baptism by Fire’ tactic. It will also add considerable thrust to our Skill India campaign and unlock avenues for more than 3 million Indians to achieve a global career trajectory.
In a nutshell, 2020 could turn out to be a year of unbridled opportunities for India. However, this is only going to happen if the nation aptly aligns itself in the emerging global landscape.
The author is Managing Director for India/South Asia and ASEAN at Cyberbit. Views are personal.