Excerpts from Shivshankar Menon's speech on cyber security at 17th Annual CIO & Leader 2016 Conference at Goa
Paying for Ransomware attacks is like “buying attackers’ silence” said, Shivshankar Menon, former National Security Advisor and a renowned diplomat, at 17th Annual CIO & Leader Conference, held in Goa between 29th July 2016 to 31st July 2016. Menon was delivering the keynote address at the conference, which is one of the biggest congregation of corporate IT chiefs or CIOs.
Talking about national cyber security, Menon said that India is facing an increase in number of cyber intrusions in sensitive servers in India. Thanks to these increased intrusions, organisations and government are forced to be more careful. He asked the organisations to be resilient and fight for themselves as “government can not treat individual illness but fight the epidemic.”
Menon said that one shall assume breaches will occur urged the businesses to “reduce attack surfaces” so that their impact can be minimized. This, according to Menon, is the time where role of CIO and demand for cyber security will only grow more.
He recognized ransomware to be one of the most prominent tools for breaches. He said that paying to attackers in a ransomware attack is like buying their silence. He suggested to fight back instead and said, “If you can destroy enemy in his own communication, you have done a huge thing”.
Awareness is the best defense per Menon. He said that there is a need to “setup forum where we can share data about hackers.” He further added that there is need to do more than the static primitive security. So that one “knows what is happening and that is how one can protect.”
He further said that India is attacked most through social media whereas, developed countries like USA are being attacked more via e-mails.
Menon also recognized primary issues leading to increased cyber attacks in the country and states that India spends only 2-5% of IT spending on security whereas US spends around 8-10%.
The former National Securiity highlighted the “real problem” in cyber security to be shortage of cyber security professionals. He stated that in 2013 India had 30,000 cyber security professionals against the requirement of 5,00,000.