‘Indians most concerned about identity theft’

According to the recently released 2020 Unisys Security Index, identity theft tops security concerns of Indians, with family health being a priority considering the Covid-19 pandemic. It finds that India has the second-highest level of security concerns of the 15 countries surveyed. The Unisys Security Index score of 223 out of 300 signifies that Indians have a high level of security concern across the breadth of national, financial, internet, and personal security covered by the survey.

While identity theft tops the list with 83% of respondents being seriously concerned with it, 82% were concerned about computer viruses and hacking and the security of online transactions. Next in line was India’s economic stability and healthcare infrastructure (80%), with 79% being concerned about their personal physical health. This was followed by being scammed about/because of the pandemic (72%) or suffering a data breach while working from home (71%). One must note that 90% of the responses from India was collected before the commencement of the official lockdown.

This was the first year that India was included in the research, which Unisys calls the “longest-running snapshot of consumer security concerns”. Globally, the index stands at 175 out of 300 points for the second year in a row. The number remains at the highest level in the 14 years that the survey has been conducted. Globally, the 2020 results show an increase by five points each in personal security and national security concerns, and a drop by four points in financial security concerns, and eight points in internet security concerns. Personal security concerns were at their highest level in 14 years, because of the pandemic. And according to the index, identity theft and bank card fraud continued to be the top two of eight security concerns measured by the index—for the fourth year in a row.

Fortune India asked Sumed Marwaha, regional services vice president and managing director for Unisys India and Seshadri P.S., senior director-governance, risk and compliance, Office of the CISO, Unisys India, what the findings mean for businesses, the India story, and what businesses and individuals should do to step up security in an email interaction. Edited excerpts:

Globally, national and personal security concerns rose during the Covid-19 crisis, while financial and internet security concerns fell, says the survey. Can you explain why this happened? Do you think the mood would have been different if the survey was conducted now?

Marwaha: Across the globe, national and personal security concerns rose during the Covid-19 crisis and financial and internet security concerns fell, according to the 2020 Unisys Security Index. This is expected, given we faced a pandemic of this scale wreaking havoc across countries. The contagion was fast and difficult to control and the number of cases were shooting up everywhere. In situations like this, it is very natural for people to be worried about their individual safety and security than financial and internet security. The inability of even developed nations to cope with the pandemic would have added to the concerns. Everywhere across the globe, we saw that the healthcare infrastructure, however advanced, was unable to cope with the sheer number of cases that came up. This certainly gives people a sense that they have no control over the current situation and this loss of control certainly makes them more anxious.

We expect these concerns to be around even now, because the situation has not changed drastically. The pandemic still continues to maintain its grip across the globe. So, until we see some hope in terms of medicines or vaccinations for Covid-19, we expect these concerns to stay. However, there is also increasing awareness about cyberthreats in the present times and we can expect people to be more vigilant than before.

How does India compare to the other countries?

Marwaha: Measured on a scale of 0 to 300, where 300 represents the highest level of concern, India’s overall index at 223 was 48 points higher than the global average of 175. This is considered as a high level of concern and is in fact, the second highest among the 15 countries surveyed [The Philippines was on top, with a score of 238].

Like most of the 15 countries surveyed, Indian consumers identified identity theft and credit card or debit card fraud as the threats of greatest concern. In India, identity theft is the top security concern with 83% of people concerned about this issue.

Family health is the No. 1 concern for Indians in a health crisis like Covid-19, followed by the country’s economic stability and healthcare infrastructure. These concerns are similar across many countries surveyed and the impact of Covid-19 on the general psyche is apparent across the world.

Would the heightened concerns for the health of one’s family persist? Or would they be replaced by national and internet security concerns subsequently?

Marwaha: We believe that until the pandemic subsides or till we have an effective cure for Covid-19, heightened concerns around family health are bound to stay. The pandemic has also made many of us realise the importance of personal and family health and this learning will stay on with us well after the pandemic. National and internet security concerns have always been around and will remain irrespective of the pandemic. The shift in priority would, however, depend on external factors such as the situations created by the pandemic, geopolitical environment, presence of strong protective and preventive mechanisms, a strong regulatory framework that protects and preserves individual interest, etc.

How can businesses take advantage of these findings? What can companies do to ensure that they are protecting themselves in this new work from home (WFH) environment?

Seshadri: Businesses can leverage these insights to understand what matters to their consumers and act where it makes a difference. They can also leverage these findings to identify potential gaps in their efforts to secure their data and infrastructure and take necessary action.

For instance, the survey found that only 32% people were seriously concerned about a data breach while working remotely, reflecting a false sense of security. This certainly puts the onus on organisations to secure their data and assets from malicious attacks which are so rampant now. There are a few things that companies can do to ensure they are protecting themselves in this new WFH environment:

Reduce dependence on VPNs: Make it easier for employees to be secure when connecting from home, and that means less use of old-style VPNs that don’t scale and aren’t suited for the Covid era. Companies should embrace a zero-trust approach and technology, including always-on encrypted direct access, identity verification tools, and a software-defined perimeter to limit the damage from malware getting in.

Empower employees to manage the risks of a WFH environment: Employees are a critical link in the security net of any company and it is important that we empower them with the right knowledge and skill sets to combat the threats of a WFH world.

Leverage technologies like biometrics to enhance security: It is time to explore technologies such as biometrics to extend safety precautions in the age of work from home. Firms can equip their employees with additional security controls such as multi-factor authentication, or even biometric logins such as facial recognition or fingerprint scans, which are not as easy to breach as some of the more traditional approaches.

Leverage emerging technologies and approaches to fortify the security ecosystem: Companies should look at how they can embed technologies like artificial intelligence and machine learning into their security ecosystem to improve their cyber posture. They should also embrace approaches like microsegmentation to strengthen their security posture.

Prepare for an attack: Cyberattacks are considered a matter of ‘when’ and not ‘if’, given the level of sophistication of cyber threats. Reducing the attack surface via approaches like microsegmentation could go a long way in protecting corporate data and systems. Organisations should also look beyond ‘winning’ with security and focus on resilience and trust as this could be the difference between whether an organisation recovers or not after a cyberattack.

How can individuals protect themselves from identity theft?

Seshadri: The survey revealed that identity theft is the topmost security concern in India with 83% people being concerned about it. For the past four years, identity theft has remained the top concern among consumers globally as well. One reason for this is the high threat recognition and clear potential impact that identity theft has among consumers. Identity theft is often associated with financial crimes, illegal immigration, terrorism, espionage and blackmail, making people seriously concerned about the issue.

Individuals need to stay cautious and work harder to stay safe in this new environment, whether working from home or just sharing and interacting more online. Here are a few tips that will help:

* Be aware of the IT security policies and procedures of their organisation. In case they are using personal hardware or downloading software for work, it is recommended that they seek approval from their IT department

* Update passwords on hardware such as cable boxes and internet modems regularly and not share any passwords with anyone

* Install all applicable software patches and updates to keep their personal and official devices secure. This has to be done on an ongoing basis

* Trust their intuition and ignore suspicious calls or emails that ask for personal information

* Verify all hyperlinks by examining the domain in the URL and using online search engines to verify links independently

* Secure their hardware by updating to the latest firmware and checking the brand and model for security risks

* Protect their video calls by using new links and making sure meetings are password protected

What should for individuals, businesses, and governments do to increase security?

Seshadri: The results of the index prompt us to suggest actions that individuals, businesses, and governments should take to increase security:

Individuals: They need to be more aware of the security threats in a remote working environment and never drop their guard. They must follow IT security guidelines to secure their personal data and organisational data that they deal with as part of their work.

Enterprises and governments: They need to take actions to increase security and address the security concerns cited by consumers. This could include:

* Adopting a zero-trust security model in their organisations that assumes all network traffic is a potential threat

* Not neglecting security basics like standard password protection and employee education

* Approaching security with clients, customers, and constituents in mind

* Collaborating with business partners to address common challenges

Governments also have a role to play in creating and implementing regulatory frameworks that address the concerns raised and ensure greater security for individuals and businesses.