India may have a burgeoning Internet population but when it comes to cyber attacks, it is ill-equipped to handle sophisticated intrusions as there is a “serious shortage” of skilled professionals, IT security training firm EC Council said.
EC Council’s report, Talent Crisis in Indian Information Security, revealed major gaps in present day skill situation concerning IT security, which can impact handling of cyber threats in industries such as banking, defence, healthcare, information, energy, etc.
“India’s response to cyber terrorism is dis-jointed. To begin with, there is no central cyber command and there is a non-existent cyber-security training programme,” EC Council President and CEO Jay Bavisi told PTI.
Citing examples, Bavisi added the US Computer Emergency Readiness Team (CERT) alone spends over USD 100 million, which is huge compared to India’s about USD 7 million total spending on IT security.
“India is not prepared to handle a sophisticated cyber attack as it also faces a serious shortage of trained professionals, but from our discussions with officials, we understand that the government is working on it,” he said.
Bavisi said post the US surveillance programme reports, the Indian government has shown a renewed interest in this area, but, its pace in this direction is slow.
“There is a lot of talk, but things need to be figured out. There is an understanding that data is important, but nothing substantial is being done,” he added.
EC Council also unveiled its report, which said close to 75 per cent of the participants showcased low levels or a lack of skill in Error Handling, thereby displaying vulnerability known to lead to the disclosure of sensitive information and denial of service attacks.
The report covered more than 10,000 participants from over 100 colleges across India.
“A startling 73 per cent of participants were not adequately equipped with skills in File Handling, leaving only 27 per cent trained with the skill,” Bavisi said.
Experts have recognised that Malicious File Inclusions, Malware Distribution and DDOS attacks are known threats that can arise out of improper file handling and such threats are often used to synchronise attacks on websites or large networks, he added.
The report said only 28 per cent participants understood the process of Authentication and Authorisation, a skill crucial to data protection and an essential skill needed by programmer.
Prospective threats include credential theft, eavesdropping, brute-force, dictionary attack, data tampering, account hijacking, disclosure of confidential data among others.
“What we need in an evolving cyber security landscape is talent that responds to sophisticated threats in a timely manner,” Bavisi said.