By Sandeep Godbole, vice president, information security, Atos Syntel, and member, ISACA Emerging Trends Working Group
India in the recent years has reaped great benefits from digital solutions. For a country that is large and diverse in many respects, the digital world has been a great enabler. As per data available from the National Payments Corporation of India, in the month of August 2021, transactions valued 6.4 trillion rupees were made through 3.55 billion transactions using the Unified Payments Interface (UPI) ecosystem. The UPI ecosystem has provided its set of applications, however the growth has been made possible since UPI has encouraged banks and others to develop their own applications around the UPI platform. This has accelerated the adoption and ensured interoperability across the different payment interfaces.
Flagship solutions including the UPI, the Cowin Application to manage the COVID-19 vaccination, and the Aadhar authentication have emerged as clear winners that have enabled a better life and experience for citizens in the country. Multiple aspects of our lives – payments, health and administrative processes have been significantly simplified by these solutions. The advantages were even more strongly demonstrated as the world and India experienced the pain of the COVID pandemic. This is just an indicative example, from one of the very large number of solutions, that have been ingrained in our lives.
Digital solutions require multiple enablers. The maturity of the intended user base, an enabling regulatory framework and the ability to address cybersecurity and compliance requirements, are some of the important enablers. While the first two factors are only partially within the control of the individual entities or organizations, the responsibility and accountability for security rests largely on their own shoulders. This is true not only for solutions that have a huge user base but also for internal or for corporate applications and solutions. Designing and implementing cybersecurity requires experts to secure different technology layers. The term cybersecurity expert is used in a generic sense. In reality, these experts include different cybersecurity specialists across different areas of cybersecurity.
Most organizations have understood the significance of cybersecurity in ensuring not just the security but also the acceptability of IT systems. During the challenging times of the COVID pandemic, IT systems have provided much needed support to organizations working from dispersed locations. These organizations have been enabled by their IT systems and the IT systems in turn have been enabled by ensuring cybersecurity. Considering the importance of cybersecurity, it is useful to understand the trends and developments in this space. The State of Cybersecurity survey report published annually by ISACA provides insights that help to understand the cybersecurity trends.
As per ISACA’s State of Cybersecurity Survey 2021, cybersecurity experts are challenging to recruit and retain. A very large percentage of organizations have experienced staffing shortages in the area of cybersecurity. The shortage is very much a global phenomenon, and India is impacted as well, with 46 percent of respondents from India indicating that their cybersecurity teams are understaffed according to Part 1 of this year’s report. The need for cybersecurity professionals is striking when looking at the cyber threat landscape; Part 2 of the survey report found that 32 percent of respondents in India had experienced more cyber-attacks than the year before, and 29 percent say that their organization is likely to experience a cyber-attack in the next year.
Staffing challenges and shortages in general cannot be resolved by indiscriminate hiring and staffing. Cybersecurity teams must not merely identify those who seek opportunities but also ascertain that they possess the necessary skills and knowledge. Given that market driven organizations are accustomed to meeting challenges, many of them have attempted to seek a resolution to the cybersecurity workforce shortage through multiple initiatives. One of these approaches is to equip available staff, particularly those with IT skills, with the necessary security knowledge. The re-skilling approach can be effective when candidates have allied skills related to IT infrastructure, programming and a willingness to learn. This approach often works well since these people can often better understand security nuances relevant to their individual functional areas and implement related security tasks. Compared to core IT content in many of the colleges and universities, the curriculum does not adequately cover the security aspects. Hence there is a need for aspiring cybersecurity professionals to supplement the knowledge and skills related to the security domain.
Industry certifications and training provide the opportunity for attesting the skills and knowledge of experienced professionals and directing the learning for budding security professionals. Certifications are available across different roles from practitioners to strategic management positions in the security domain. Professional organizations like ISACA play a role in building the capabilities in this space, including through credentials like the ISACA Information Technology Certified Associate (ISACA ITCA), which includes a Cybersecurity Fundamentals certificate, or its CSX Cybersecurity Practitioner (CSX-P) or Certified Information Security Manager (CISM) certifications.
To conclude, the ever-expanding footprint of IT systems is here to stay. The pandemic has only accelerated this trend. While organizations may be facing challenges in recruiting and retaining cybersecurity talent, through upskilling and developing capabilities through education and credentialing, they can build their teams and ensure that cybersecurity can continue the trust in these systems.