Interview

"Indian firms must invest more in cyber security to address data breaches"

David Stulb, global leader, fraud investigation and dispute services, EY, on how to combat the threats facing a digitised economy

Soumik Kar

What’s your take on India’s demonetisation move?

Globally, the trend of demonetisation to deal with unaccounted wealth has been seen across several markets. For instance, the Eurozone is phasing out the 500 euro note and the US is currently debating restricting the circulation of the $100 bill in an effort to curb illicit international transactions. Governments around the world are under pressure to increasingly move toward electronic banking, which increases transparency and traceability.

The Indian government’s priority seems to be on implementing more checks and balances to make it difficult to move black money around – whether it is to off-shore tax havens, individuals, businesses or organised crime syndicates. I think the demonetisation initiative was intended to send a strong message to everyone.

In India, we have seen a slew of new legislations aimed at putting in place structures to curb corruption and frauds. What are your thoughts?

There has been significant progress with new legislation being introduced recently. But for me, the enforceability of regulations is of paramount importance. The US economy and financial markets continue to thrive, in part due to robust levels of enforcement and the resulting respect for the rule of law. Prolonged periods of minimal or ineffective enforcement can encourage inappropriate corporate conduct and this may be among the factors responsible for recent challenges in the Indian banking system.

Do you feel India needs to do a lot more in terms of digital security before aggressively pursuing a digitised economy?

The Indian market has immense potential and is at the forefront of becoming a digitally savvy economy. However, fraudsters tend to be one step ahead in devising creative ways to hack into computer systems. Identity theft with the objective of transferring large sums of money, phishing emails to the C-suite, and ransomware attacks to cripple IT systems have been some common ways deployed by cyber criminals to seek monetary gain. At EY, close to one third of our fraud investigation business is oriented towards forensic technology and helping organisations deal with fraud and cyber crime.

It is imperative for corporates and technology providers to be educated on the importance of safeguarding critical data by understanding the different types of breach and the motives behind such attacks. A robust cyber breach response plan is a crucial element in dealing with digital threats. The technology used to mitigate or react to breaches is evolving quickly and India has many people with strong computer and data science background who have the expertise to deal effectively with these situations.

In your interactions with Indian companies, do you feel they are well prepared to protect themselves against data breaches?

Our conversations with Indian companies show that increased automation of business processes is emerging as a key trend. Indian companies, however, will need to invest more in cyber security and the recruitment of IT specialists to address the increased risk of data breaches.

Where do you see the next big moment for cyber security coming from? Some reckon quantum theory could usher us into a new era of digital security?

While it is still in a nascent stage of development, technologies such as blockchain and quantum encryption could be strong tools in the fight against fraud, corruption and cybercrime. Investments in these technologies by both public and private sector organisations should be encouraged and we all eagerly await their commercial application.