Cybersecurity Talent Gap, Fintech & Metaverse Security

News Recital had an exclusive conversation with Stanislav “Stas” Protasov, co-founder and president of technology at Acronis, where they broached the subject of the cybersecurity talent shortage in India and got his thoughts on cybersecurity strategy for fintechs, among other things. For interview snippets, continue reading.

Excerpts:

We are aware that cybersecurity issues are happening more frequently than is safe. But why are businesses finding it difficult to combat rogue actors?

Attacking costs more than defending in physical wars; this is not the case in cyber fights. The attackers must commit just one error, while the defenders must commit none. Additionally, a failed assault frequently has no repercussions for the perpetrator. A phishing email is blocked or deleted, but businesses rarely look into the origins of the attack because they lack the capacity to do so.

The increasing complexity of IT and society’s reliance on it are further factors. Due to their dependence on important business processes and the high expense of modernising them, organisations struggle to add new layers on top of the outdated systems. In organisations that provide government services, the need for stability and the need to maintain existing operating systems are even more intense. Legacy systems result, which are susceptible and out-of-date, making them a prime target for attackers.

How are the decision-makers attempting to respond to these assaults?

Since they are primarily directed at state-sponsored terrorist organisations, current threat intelligence initiatives don’t appear to discourage attackers. This may be a reasonable strategy given that those APT organisations may be far more hazardous, but it also deprives small and medium-sized firms of law enforcement protection. India lags behind other nations in its attempts to prosecute cybercriminals, including the US, Singapore, and Singapore.

Fintechs handle private information. What are the best security practises for them? What kind of cybersecurity plan should they have?

There is no special fintech-related secret. Secure operations and software are the foundation of everything.

When it comes to internally generated software, secure coding standards, supply chain management, foundational secure architecture, and use of secure protocols are all necessary components of secure software. Adopting these principles will reduce exploitable vulnerabilities and assist stop supply chain assaults.

Secure operations refers to all the procedures we already know and love, such as the four-eyes principle, staff vetting, required 2FA, and phishing prevention. Adopting these procedures would help prevent situations like Solarwinds and other comparable ones from occurring again.

There is a glaring talent shortage in cybersecurity both internationally and in India. How can we close this gap?

Education has a significant impact. Indian Institute of Technology Bombay, which is now placed 177th, is the country’s highest-ranked university. Currently, India has no institutions among the top 100 universities in the world. There is a link between the quality and accessibility of education and the number of persons entering the engineering field, yet this does not necessarily imply that India cannot create smart and educated security engineers. Compared to Singapore, China boasts six top-100 universities, and despite its size, Singapore has two.

The “brain drain” is an additional problem. Many firms, as well as nations, struggle to draw in and keep top people in light of the global talent competition. Making work in India more appealing could help India win this race in the short and mid-term, but the long-term plan should focus on upgrading the educational system and producing more entry-level security engineers.

The metaverse is about to undergo a revolution. How would safety appear in the metaverse?

Although it is still in its early phases, the risks in the Metaverse are more widespread due to the increased adoption rate. Primarily, we’ll observe examples of account hacking and tampering, phishing, and asset theft as soon as digital property in the 3D universe will gain worth.

A significant challenge will also be device security. Platform and device hacking will become much worse, and they can have potentially fatal effects in the real world: for example, if you have epilepsy, hacking your Oculus headset could make you have convulsions, temporarily impair your vision or hearing, or reveal where you are in the real world.

Since there is no federal law governing data privacy protection in the US, US corporations now control the Metaverse platform. According to US law, Facebook owns the data it has obtained, and Facebook will undoubtedly benefit from it.