On 12 May this year, the world woke up to a new threat that held it on ransom—WannaCry. Researchers from Avast observed 57,000 infections in 99 countries. This recent ransomware attack has shaken the entire world, including those who are not even directly connected with the digital world. India has seen ATMs going offline to patch the software, industries have been impacted, governments have been issuing directives and security community can be seen talking about what went wrong and how to be ready for another attack. There are some unconfirmed news reports spreading that an improved and deadlier version of ransomware called Eternal Rocks will be hitting us soon.
Digital-nativeness rarely equates to digital-savviness, and when it comes to security, millennials are either clueless or careless.
This is scary, especially for India. Rapid digitisation, increased government efforts coupled with rising penetration of internet and mobile make India a viable target for such attacks. Add in the fact that more than 50% of India's current population is below the age of 25 and over 65% below the age of 35. By 2021, young Indians will form 64% of the total workforce. This millennial workforce is the "net" generation—the "digital natives". That makes them highly adaptable and more prone to excel in businesses constantly disrupted by technology transformation. But, the flip side is that digital-nativeness rarely equates to digital-savviness, and when it comes to security, millennials are either clueless or careless.
Case in point—according to the "Norton Cyber Security Insights" report, 39% of Indian millennials have either experienced ransomware themselves or know someone who has. Millennials are willing to answer unknown survey questions (60%), install third-party app (43%), provide access to files while online (25%) and turn off their security software (24%) to gain access to free public wi-fi.
All these factors make organisations extremely vulnerable to cyberattacks. Every big organisation has identified cyber security as the main issue and they spend a big chunk of money to protect themselves. But as the WannaCry attack has shown, a big budget is not going to help young India.
So, how do we protect ourselves? How can companies help in not only making their organisation safe but also aid in security? There are two parts to this.
From the employee point of view, user education and cyber security training is the basic need of the hour.
From the employee point of view, user education and cyber security training is the basic need of the hour. Keeping in mind human behaviour, challenges of different communities and limitations of technologies in various geographies plus, the digital habits of millennials, organisations need to focus on policies that can balance technology freedom and security. The focus should be on the next generation as well. Preparing young India to be not just digitally savvy but security conscious is a big task that should be started during primary education itself. Cybersecurity needs to be part of school curriculum, teaching children about the pitfalls of being careless about mobile and internet access.
From the business point of view, companies need to focus on security vs. usability—innovative product lines that embed security right from design to planning and implementation.
India is on the cusp of a digital revolution, ably supported by a young and passionate citizenry. Therefore, it's imperative that the government and corporates do not bury their head in sand. Instead, we need to prepare for threats (right from entry level) and make sure that development is not hampered as we move forward towards a truly "Digital India."