As the pandemic is making the cybercrime situation worse, and more and more Indian employees are working from home, India is still unable to fulfill the demand for a cybersecurity workforce.
It was way back in 2015 that NASSCOM President R. Chandrashekhar said that India alone would need one million cybersecurity professionals by 2020. Here we are, and enterprises have started increasing their security budgets, but finding qualified cyber talent remains the biggest pain point.
Even today, India doesn’t have even 100,000 cybersecurity professionals. At the same time, a study by specialist staffing firm Xpheno estimated that there are currently over 67,000 job openings in cybersecurity in the country.
Read more: COVID-19 Will End the IT Industry’s Mistrust of the Indian Remote Worker
Meanwhile, cybercrime has increased as the pandemic rages across the country, with the shift to remote working leading to changes in work environments. Trend Micro released new research, warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets.
To understand the reason for this gap in supply and demand of cybersecurity professionals and the role human vulnerability plays in encouraging cybercrime, The Tech Panda spoke to Rakesh Kharwal, MD, India/South Asia & ASEAN, Cyberbit, a cybersecurity solutions provider across both IT and OT networks.
The demand for cybersecurity professionals in India is on an all-time rise, but the dearth of educational institutions that impart cybersecurity training is a key factor responsible for the shortage of skilled professionals in the country
Kharwal believes that while India has a promising cybersecurity market that will achieve global prominence in the near future, the country is in dire need of cybersecurity training.
“The demand for cybersecurity professionals in India is on an all-time rise, but the dearth of educational institutions that impart cybersecurity training is a key factor responsible for the shortage of skilled professionals in the country,” he says.
Moreover, the pandemic has given cybercrime a boost, making the need for cybersecurity professionals even more significant.
“It has become even more important during the pandemic as more and more employees are working from home. So this gap of demand versus supply is going to further increase in the months and years to come,” he says.
‘Cybersecurity Training Can’t Be Taught in Classrooms’
At a global level, a slew of institutes offer many cybersecurity certifications to bridge the gap between demand and supply of expert cybersecurity professionals. However, Kharwal says, the irony of the situation is that when organizations are looking to hire experienced cybersecurity professionals, they still don’t find them.
“There is a fundamental flaw in how we have been training and building the cybersecurity workforce for the last so many years. Cybersecurity training can’t be taught in classrooms as theory classes, or by reading books and PPTs, or going through product videos. It has to be based on a real-life corporate environment using commercially available cyber tools,” he says.
There is a fundamental flaw in how we have been training and building the cybersecurity workforce for the last so many years. Cybersecurity training can’t be taught in classrooms as theory classes, or by reading books and PPTs, or going through product videos. It has to be based on a real-life corporate environment using commercially available cyber tools
This is why Cyberbit emphasizes more on training employees and security teams to address human weakness and to bridge the skills gap. Since lockdown and remote working are making physical training programs impossible, they use their Cyber Range solution to deliver remote training.
This solution helps organizations train their cybersecurity professionals in a simulated IT environment against evolved real cyberattacks using remotely accessible tools such as SIEM, Firewalls, EPP, and more. The best part about the solution is that it automatically tracks trainee goals according to the NIST Incident Response Framework, so that teams can align with the best practices for the response process.
“Therefore, it creates a positive impact on everything from the individual skill of a professional to the overall coordination of the team in keeping organizational data secure,” he says.
The Threat Landscape Has Altered Amid the Ongoing Global Pandemic
Cybersecurity breaches and phishing emails have always been common in India. However, the threat landscape has altered amid the ongoing global pandemic, says Kharwal. According to a study conducted by K7 Computing, the number of coronavirus-related cyberattacks involving phishing emails jumped by 260% in India.
“A majority of the cybercriminals have sensed an opportunity in the remote working scenario and have been launching a spate of attacks manipulating people’s fear and uncertainty. There has been an increase in the number of spear-phishing attacks, website impersonation, and business email compromise related to COVID-19 to distribute malware,” he explains.
For instance, cybercriminals have launched multiple fraud portals to lure thousands of Indians eager to donate for the cause of the fight against coronavirus.
“Many of these deceiving sites are quite sophisticated, virtually indistinguishable from their genuine counterparts,” he adds.
Malware, spam, phishing, bots, network attacks, web attacks, ransomware, and crypto miners are some of the most serious metrics on which the global threat ranking is based on. India emerged as the third most vulnerable nation in terms of risk of cyber threats, such as malware, spam, and ransomware, in 2017 after the US and China.
At present, we are observing a steady increase in the number of COVID-19-related spear-phishing attacks and the threat is expanding quickly.
“The variety in phishing campaigns is taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials, and scam users out of money. The industries that face a high risk of cybersecurity challenges include manufacturing, banking, corporate, government institutions, and education,” says Kharwal.
Preparing the Human Element for Cyberattacks
Malicious attackers are on the lookout for vulnerable human behaviour to take advantage of. Losing a work device, using weak passwords, clicking unsafe URLs or attachments, sharing passwords, sending emails to the wrong recipient by mistake, or leaving their devices unattended, are a few, says Kharwal.
It has become even more important during the pandemic as more and more employees are working from home. So this gap of demand versus supply is going to further increase in the months and years to come
“The consequences of such errors can prove to be disastrous and costly to any organization. While such human errors cannot get eliminated, organizations can limit them by training the employees on how to identify and report them,” he says.
Majority of cyberattacks are successful due to the possibility of human weakness and insider threats that include human error, malicious employees, and disguised criminals. While malevolent attackers take advantage of the users’ lack of awareness to carry out their intention of harm, malicious employees intently cause an immense amount of damage to their organization if they turn rogue as they have access to a lot of confidential information about their company.
Read more: How to make your startup workforce remote amid the coronavirus scare
“Clearly, human weaknesses are present through most organizations and their exploitation is a reoccurring theme in most cyberattack incidents,” he says.
With the pandemic deliberating upon remote working as the new norm, organizations must add an extra layer of security to prevent unauthorized access to their systems. Organizations must introduce the usage of tiered levels of remote access to minimize risks.