This was one of the key observations in a webinar titled ‘Cyber Safety Best Practices for MSMEs.’The webinar waspart of CUTS International’s ongoing project – Cyber Safe East, which is being implemented in partnership with the U.S. Consulate, Kolkata.
Speaking on the occasion, Bipul Chatterjee, Executive Director, CUTS International emphasised on the importance of building cybersecurity awareness for micro, small and medium enterprises (MSMEs), scope of enhancing support to the businesses and linking them to relevant network of cybersecurity experts to provide them with appropriate approach and expertise.
Taking the discussion forward Monica Shie, Public Affairs Officer, U.S. Consulate-Kolkata and Director, the American Center, Kolkata, complimented US-India partnership in combating cyber-crimes and developing a more robust cyber infrastructure.Monica also highlighted the importance of US-India cyber dialogues, best practices in cybersecurity, and combating disinformation.
“Businesses are more vulnerable than ever to cyber threats as many businesses moved online without understanding the cyber risks. To this end, both U.S. and Indian governments are working jointly towards creating a conducive environment for businesses to prosper and a digitally empowered society,” she added.
Moderating the session, Deepak Maheshwari, Distinguished Fellow, CUTS International,remarked that India has a huge informal micro sector including small shops and vendors, which first started accepting digital payments after demonetisation in November 2016. The adoption was further accelerated after Covid-19 pandemic. Inevitably, with increased use of ICT tools, the cyber threats have concurrently increased.
“While a breach in a bank or insurance company may make big headlines, however, the aggregate effect from loss to small shop owners due to cyberattacks is significant to the Indian economy. In this context, need for cybersecurity is pertinent,” he argued.
Anil Bhardwaj, Secretary General of FISME, articulated the challenges of the MSMEstowards cybersecurity. While few MSMEs were aware about the cyber attacks on their business. However, on the contrary, many MSMEs do not even realise if their business has been breached and thus, the losses to their business are unknown to them. Anil highlighted that the MSME sector is not ready for the increasing cyber threats and challenges.
“Since the sector is largely unorganised, the businesses were never ready, and accelerated digital adoption after Covid-19 pandemic made them more vulnerable. Absence of adequate capital is a key hindrance for MSMEs to build cyber safety capacities, compounded by lack of effective remedies and a weak judicial system,” he added.
On legal compliances, Karnika Seth, Managing Partner, Seth Associates, highlighted that while few companies may hesitate to report cyberattack on their businesses to safeguard reputation, but such an action may expose them to judicial injunctions, compensations, and criminal and civil cases. She highlighted the important role of Chief Technology Officer in a company towards administering IT rules and assessing use of relevant softwares and licenses.
On the issue of data privacy, Rahul Sharma, Founder, The Perspective, pointed out that it is essential to minimise the adoption cost of cybersecurity for MSMEs without compromising the compliance.
“Although, penalties as proposed under the Personal Data Protection Bill are high, any monies collected from fine and penalties can be used towards awareness generation and capacity building initiatives for cybersecurity. Similarly, stringent rules may overburden compliance and thus may disincentivise Indian businesses.”
According to Ranjeet Rane, Manager, Technology and Policy Research, ReBIT,the technology adoption charges for the MSMEs are significantly higher. To solve this challenge, RBI’s five pillaried strategy known as GUARD, specifically, Governance Oversight, Utile Technology Investment, Appropriate Regulation and Supervision, Robust Collaboration and Developing necessary IT and cybersecurity skills set, can reduce costs.
Tulika Pandey, Cyber Security Group, Ministry of Electronics & Information Technology (MeitY), Government of India, mentioned that India must identify the nuances of cyber threats.MeitY has a start-up hub with more than 2000 start-ups as members, to synchronise the industry in a single platform, facilitate procedures and processes that may be daunting for smaller teams.
“The hub facilitatea mutual soft landing program and cross linkages to build in cybersecurity processes in design and development of businesses,” she added.
As next steps, CUTS International will organise capacity building workshops on cybersecurity for MSMEs in Guwahati, Ranchi and Patna between March and May 2021. After the workshops, a Compendium of Cybersecurity of Best Practices will be released to help MSMEs safely navigate cyberspace and mitigate cyber risks.
