India’s talent pipeline in information security skills are extremely weak, according to ‘The Talent Crisis in Infosec, Report by EC Council (International Council of Electronic Commerce Consultants), October 2013’. This could cast a shadow on the government, business and individuals.
What is Infosec?
Information security is the practice of protecting information from unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Protecting confidential information is a business, ethical and legal requirement.
Demand is big…
By 2015, India will need at least 5,00,000 cyber professionals. Government, IT/ ITeS, financial institutions, telecom organisations and hospitals are more vulnerable to cyber threats.
…Supply Situation is Bleak
Only 0.97 percent of Indian students have the basic skills in information security.
Just around 13 percent of students have an understanding of concepts and can be trained in information security.
More than 86 percent have not been made aware of skills or are not trainable.
McAfee’s Tweens and Technology Report 2013 said online tweens are potentially vulnerable to risky behaviour on the Internet a good number of them have chatted to someone online that they didn’t know previously.
“On an average, online tweens in India are using between 3 and 4 devices that can be Internet-enabled, laptop, mobile and desktop predominantly. While 61 per cent respondents said they user desktops, 40 per cent use tablets and 68 per cent use mobile to access the Internet,” the survey said.
However, a disturbing trend on the rise among tweens is their apathy towards their own online safety. 58 per cent of the respondents surveyed use risky or low level security passwords online and Almost half of the tweens surveyed share information about themselves over FB (41 per cent), it added.
McAfee’s report was conducted through a survey across Indian online tweens comprising of 572 male and 428 female respondents from Mumbai, Kolkata, Chennai, Bangalore, Delhi, Hyderabad and Ahmedabad.
Another dangerous trend that the survey by the US-based firm revealed is that Indian tweens are becoming more trusting of the virtual world to familiarise themselves with unknown people, in spite of being aware that it is risky.
Thirty-six per cent of the respondents said they have spoken to someone online that they didn’t previously know, while 22 per cent said they have shared personal information online. 26 per cent who did share this did not think it to be risky. “Tweens have a clear preference for not only the devices used for Internet connectivity but also the type of activity on these devices. So while desktop is preferred mainly for home work, tablets are dominant when it comes to exchanging pictures and playing games,” McAfee said.
Seventy per cent of the respondents covered said they use desktop for home work related stuff compared to 38 per cent, who use tablets. Almost half of the respondents said they use tablets for playing games and exchanging pictures compared to 40 per cent using desktop, it added.
About 22 per cent of the respondents said they spend 2-4 hours every day on Microsoft’s gaming platform Xbox, it said. Though the country boasts of producing the maximum number of engineering talent in the world, only 1 percent of Indian IT students have been found skilled in the information security space.
According to a study done by EC-Council, a global certification body for information security professionals, nearly 86 percent of student IT talent pool in India display no awareness of cyber security basics, while a mere 13 percent was found to be trainable in the space.
“This is very alarming news to the country’s corporate and defence establishments. India is known as the software and outsourcing capital of the world. However, recent industry data shows how vulnerable the Indian IT industry is. Lack of skills in both working professionals as well as students is a major area of concern for the nation,” says Amit Kumar, president and co-founder, Cyberfort.
The study is indicative of the fact that while the current curriculum has some introductory topics on the subject, focus via its inclusion as a separate subject is missing. India declared its first national cyber security policy in July this year, which aims to create 5 lakh information security professionals over next five years.
“Given the fact the 86 percent of the current IT talent has no awareness of cyber security, the role of academia becomes all the more challenging,” says Kumar.
In a recent move to up the ante on cyber security, the government has hired 4,446 experts.
However, the number is miniscule compared to the increasing number of attacks on websites every month. Financial institutions, telecom, mobility, internet organisations and hospitals are more vulnerable to cyber threats today, because of the data they handle.
According to reports by CERT-In, 4,191 Indian websites were hacked in the month of August this year, up from 1,808 in May this year. In fact, corporates too agree that they have a tough time filling up positions in the information security space.
“It is difficult to find basic engineering talent, let alone talent in information security space. The problem is not with students, but the whole system. You can’t expect them to be good at something they are not taught,” says the CFO of an IT company who did not wish to be named.