The complexity and frequency of security threats is rapidly increasing. A systematic approach to security is the need of the hour
By Amit Nath,
Country Manager, India & SAARC, TREND MICRO
Of late, there have been some large-scale security incidents across the world. Large corporations such as Lockheed Martin, Sony and Intel have been the targets of cyber attacks and Randy Vickers, responsible for ensuring cyber security of US Govt property had to resign recently owing to large number of security breaches of US govt sites. Indian sites are also being routinely targeted on a large scale. Whereas earlier we had global scale attacks such as the Melissa virus and the I Love You virus, the situation today is very different. Attacks today are so sophisticated that you might not even detect a security breach. On an average, a new malware is released every 1.5 seconds. As our lives move online, the frequency and sophistication of attacks is going up and we are exposed to vulnerabilities as never before.
The Korean Experience
On 4th July 2009, South Korea came under a massive cyber attack by Chinese hackers who tried to shut down the entire South Korean information infrastructure. The attackers succeeded in infiltrating a number of servers due to which the Korean eBay Auction site remained shut for 72 hours, several govt sites were shut down or compromised and a large volume of data was destroyed.
Following this a Cabinet Ministerial Level task force was set up to develop a security policy. The taskforce came up with the proposal for an anti-botnet initiative that was later legislated into an Act of the Korean Parliament.
The Ministry of Education and Public Administration asked Trend Micro to develop a comprehensive security system and today it is possible to centrally monitor the activity on every government computer in Korea and to automatically flag suspicious behaviour.
Ensuring Cyber Security
There are four things we need for adequate security. A central Command and Control Centre that can monitor govt computers across the country and flag any suspicious activity is the essential first step. This will put in place an early warning and mitigation system against cyber threats. Second, there should be a comprehensive Cyber Security Policy. The industry must be a very active participant in terms of how the govt frames its security policy. Security companies can open up their labs and conduct training for govt officials. If an officer does not understand security, how can he protect you? The third thing is the legal and regulatory mechanism. The conviction rates for cyber crimes in India are abysmal and we need to address this.
Finally, we need to engrain the security culture among our future generations by making cyber security a part of our educational system. Application security, server security and a Security Incident and Mitigation Plan are the very essential things that we need to start working on immediately.