Cybersecurity will underpin the national agenda presented in the Union Budget 2024

Finance Minister Nirmala Sitharaman unveiled a 33% capex increase today, signifying that the Government of India is committed to making certain that the India growth story continues into 2024. This is further emphasized by the seven key priorities of the budget: inclusive development, reaching the last mile, infrastructure and investment, unleashing our potential, green-growth, youth power and the financial sector. For this Indian dream to become a reality, the fuel we need is technology interventions, innovations and advancements. However, the boon of a digital India comes with the bane of cybersecurity challenges.

Per a Cloudsek report in Dec22, India was the most targeted country in 2022 as attacks on government agencies more than doubled. Industry experts believe that hackers will target cloud services in 2023-24 due to growing impetus to digital transformation within the country. This will impact government bodies, businesses and individuals. Impact of a lack of equal cybersecurity impetus by the government would be seen in financial losses, lower business resilience and a downgrading of consumer trust. These factors, combined with the ambitious plan shared in the budget raises the need for comprehensive cybersecurity protection at all levels for the government and private sector organizations in the country.

The updation and implementation of a robust cyber security framework (strategy, policies, procedures, etc.) gains importance in this context. The goal would be to protect the digital infrastructure from inside-out, minimize risk and ensure business continuity by preemptively safeguarding the eco-system from impact of cybercrimes and breaches. So, what would be the key requirements for this cybersecurity protection plan? First and foremost, the government should create a regulatory authority for cybersecurity responsible for the entire national cyber ecosystem. Second, this authority would have the overarching responsibility of creating a National Cybersecurity Framework considering inputs from all the relevant authorities and other experts within our ecosystem. Third, the regulatory agency should be tasked with the implementation, monitoring, reviewing and improving the National Cybersecurity Framework across all key public and private sector organizations within the country. Fourth, the regulatory authority should mandate the use of supervisory and compliance technologies to ensure effective implementation, monitoring, reporting and near to real-time updates on the potential cyber risks at the national and sectoral levels. SupTech has huge potential for nation-wide management, monitoring and improvement of cyber security compliance mandates that leads to better cyber security hygiene and thereby a cultural change within the mindsets of organizations and citizens towards a more cyber aware and secure nation.

There still remains the larger task of awareness and education amongst large enterprises, SMBs and individuals on the importance of adopting cyber-safe behaviors and practices within our country. Television programs like ‘Jamtara’ are a mirror to a lack of cyber-safety culture. While there are some efforts that have begun towards this end, we need to take this up on a war footing immediately – just like we did when we had to win the fight against polio. Using similar principles, we need to start including an understanding of the challenges of cybersecurity and important cyber-safety rules at the school curriculum levels. This should cascade upwards into awareness, graduate/ post-graduate programs that will help the country create much-needed army of cyber warriors.

Further, we need to develop an indigenous culture of cyber-safety. At the simplest level, we need to grow awareness and understanding of the fact that exploiting basic human tendencies by creating situations leading to Trust, Fear and Greed stand equally true in the cyber world, where scamsters have now started using this modus-operandi extensively to dupe institutions and individuals via novel techniques in the digital eco-system. This is easier said than done in a country where usage of smart devices are growing every second thereby. Thus, building and managing adoption of a cyber safe culture that will reap us many rewards on our growth journey.

Combined with strong laws and directives, the cyber security ecosystem can then be managed top-down to ensure a safe cyber space within our country.

(The author is the Co-Founder & CEO,  SecurEyes, a pure-play cybersecurity consulting, services, and products company that also provides cybersecurity training and education. The author can be reached at [email protected],   and the views expressed in this article are his own)