Five essential points that the upcoming cyber security policy should remember


By Shikhil Sharma, Founder & CEO, Astra Security

The year 2020 has proven to be a testing year for businesses globally. The Covid-19 pandemic has disrupted businesses worldwide and has forced companies around the globe to reorganize their operations in order to adapt to these extraordinary times. Due to several restrictions and lockdowns imposed far and wide, the IT on which the businesses have long banked, for example, their cloud tools, data centers, and the digital devices their employees used to stay connected to the company’s data – turns out to be significantly more indispensable.

With most organizations empowering an unforeseen work-from-home arrangement for their employees, the danger of cyberattacks and security breaches have likewise intensified. According to IBM, one in two Indian companies have experienced a data breach involving a loss or theft of more than 1,000 records containing sensitive or confidential customer or business information in the past two years. The COVID-19 has not only accelerated the need for security for the country’s critical information infrastructure (CII) assets but also the need for a new and improved cyber policy & compliance enforcement for public & private companies in India. The main aim of the new cyber security policy should be to protect information and information infrastructure in cyberspace and build capabilities to prevent and respond to these cyber threats. While currently CERT-IN is stressing heavily on performing web penetration testing for all key websites both private and government ventures, further compliance around security is becoming important too.

Here are 5 major points that the new policy should touch on including ID theft and fraud.

Employ and develop a strong cyber-workforce

Owing to the huge number of IT industries based out of India, India is in a dire need to up its cybersecurity workforce. As the Data Security Council of India estimated it, 1 million cybersecurity professionals are required to cater to the growing needs of cyber security in India. The number is 9% higher than the global average. This would eventually mean that the Indian government needs to invest more in the skill development of niche cyber security professionals to bridge the widening gap.

Expand the push for training, education, and awareness

This effort must be taken by the government as it is of high importance. The government should organize workshops and seminars to brief people about cyber threats and provide them the right tools they need to protect their businesses, their homes and, more importantly, themselves.

To expand awareness, nationwide tools in local languages should be released that educate people against social engineering attacks. Millions of people experiencing internet for the first time are the most vulnerable, hence need to be educated and protected.

Security framework for 5G & IoT devices

With 5G technology making its way in India, the rise of IoT devices is inevitable as it will increase the number of devices connected to the Internet. This, again, makes it crucial for the government to define a security standard for all the 5G devices coming to the market. To make it more secure, the government can define the security standard of these new internet-connected devices with the help of security companies.

Impose security standards on privately owned businesses & rewarding

To help businesses counter cyber-attacks, the nation should have a cyber security standard defined for every private company as every company has a website even if it is not an internet business and uses emails for communication and. The concerned authority should characterize what is expected from privately owned businesses with regards to network & data protection and cyber security, also the consequences of not meeting the expectations.

SOS lockdown policy

To check the damage afflicted by the COVID-19 pandemic on the Indian cyberspace, the government took some quick counter steps. This included formulating a special response team such as – Black Swan by CERT-in (Indian Computer Emergency Response Team), issuing advisories for public welfare by DSCI and more. These SOS policies did its bit in containing the cyber-attacks for the time but the fact that the Indian cyber policy needs a renovation still holds true.


Please enter your comment!
Please enter your name here