A five-day global workshop on cybersecurity and data protection is being held at Amrita University’s Bengaluru campus. Over a dozen globally renowned experts and academics from diverse fields in computer science are attending the 7th International Summer School on Information Security and Protection (ISSISP). This is an annual global event on software security and protection which is being held for the first time in India. It has previously been hosted by the US, China, Belgium, Italy and Brazil.
Some prominent speakers include Dr. K. Nayak who recently retired as Director General, Micro Electronic Devices, Computational Systems & Cyber Systems, DRDO; Dr. Christian Collberg, University of Arizona, US; Dr. Arun Lakhotia, University of Louisiana, USA; Dr. Prabhakar Mateti, Wright State University, USA; and Dr. Roberto Giacobazzi, University of Verona, Italy.
“Cybersecurity is a $70 billion industry worldwide, with an estimated annual loss of $400 billion due to cybercrime and threats. This loss is expected to shoot up to $2 trillion by 2020. The shift towards cloud services and storage poses a challenge in securing data. An incredible amount of data is flowing around the Internet to servers at different geo-locations with minimal or faulty SSL encryption. The policies to protect this data are not on par with the growth of cloud-based services. The advent of Internet of Things (IoT) is another challenge. With new devices being connected to the Internet on a daily basis, it is hard to track the threat landscape because of new variables and attack vectors introduced by each device. It is also a challenge to incorporate security modules in these small devices which stay connected to the Internet. The ‘Bring Your Own Device’ policy increasingly being adopted by companies is also making data protection difficult.
To strengthen cybersecurity in India, concerted efforts are required to develop indigenous cybersecurity technologies. Open collaboration is essential between various security partners for sharing information about the latest cyber-threats. Unfortunately, there is an acute shortage of talent and technology required to effectively thwart cyber-crime and protect data. For majority of the Indian industry, cybersecurity is limited to just firewall, IDS and IPS.” says Dr. Krishnashree Achuthan, Dean, Amrita University.
“The rise of Internet of Things (IoT) has created a host of new threats. Cyber-attacks can compromise connected devices such as cameras, smart watches, smart cars and even smart homes, apart from mobile and computing devices. Cyber-criminals are now using ransomware to make money. This malicious software blocks access to a computer system until a sum of money is paid. It has proved to be an exceptionally lucrative business because the desperate, locked-out users are willing to pay exorbitant amounts for freeing their devices and data. Hackers can also exploit wearable devices. For example, they can hack smart watches to track hand movements and judge the pin code the user entered in an ATM machine,” says Said Dr. K Nayak, Director General (Retd.), Micro Electronic Devices, Computational Systems & Cyber Systems, DRDO.
“With the rise of new types of cybersecurity threats, new technologies have also emerged to tackle them, such as behavioural analysis and machine learning. Highly advanced analysis engine based on machine learning can make it extremely difficult for a hacker to bypass detection. Cloud-enabled ‘Security as a Service’ (SAS) helps block attacks in a better way and accelerates the insider response to intrusion attempts. Big data analysis to model and monitor cybersecurity threats is also proving effective,” adds Dr. K Nayak.
Security and protection of computer data has become a serious challenge for India. The country witnessed 50,000 cybersecurity incidents in 2015. More than 26,000 websites have been defaced and 91 lakh infected systems have been detected in India till now. Worse, 80% of cybercrimes go unreported.
Without strong software security and protection techniques, software-based systems at the heart of medical informatics, digital rights management, voting machines, power distribution systems, transportation systems, financial systems, etc. are vulnerable to devastating attacks from hackers and foreign intelligence agencies.