<p>The cyber-attack landscape has changed drastically. Broad, scattershot attacks designed for mischief have been replaced with advanced persistent threats focused on acquiring valuable data from an organization. The cyber-criminal community has evolved from pranksters, lone wolves, and organized gangs to hacktivists, cyber criminal groups, and state-sponsored threat groups.<br><br>It's a more dangerous world. 97 per cent of the organizations that FireEye has evaluated globally have been breached. India isn't an exception. FireEye recently revealed a decade-long cyber espionage campaign based in China targeting India and Southeast Asia. This attack group, called APT30, focused on targets in the public and private sector which hold key political, economic, and military information about the region. Its operations went undetected for a decade until we published the report, which doesn't speak highly of organizations' abilities to fend off targeted attacks.<br><br>Today no progressive country including India can afford to not acknowledge the gravity of the situation. Both IP and national security are at risk. Intellectual property fuels modern economies. If a nation's businesses can't secure their IP, their customer and supplier details, or their other internal information, they become less competitive in the global economy. Equally important concern is national security while increasing bilateral relations with the neighbouring countries like China. Information held by businesses and governments can be very valuable to adversaries to gauge military readiness, capabilities, vulnerabilities, and more. India cannot afford the status quo.<br><br>With the Prime Minister's vision for Digital India and Smart Cities in the years to come, we can anticipate increased avenues for attacks by the threat actors seeking sensitive government information and consumer data. From small sized businesses to large enterprises all kinds of organizations are susceptible to these data privacy intrusions.<br><br>Traditional defense-in-depth security measures, such as next-generation firewalls, antivirus, web gateways, and even newer sandbox technologies only look for the first move. This doesn't cut it. Today's advanced cyber-attacks are created to evade traditional network security.<br><br><strong>Adopting A Proven Approach</strong><br>There is no easy solution to shore up our cyber security. To succeed, we must adopt a different approach across three areas.<br><br>Technology is the first step. Coupling it with sophisticated technology and intelligence will go a long way in ensuring the companies are covered at the cyber security front. Proprietary virtual machine technology that can detect unknown threats, along with the intelligence and expertise needed to detect, prevent, analyze and respond to the threats of today and tomorrow should be the way that the companies should embark upon. Overall, it's not just about deploying a product but also providing resources to customers to help detect breaches. This proven approach has been adopted successfully by various organizations around the globe.<br><br>But technology can't do it alone. Shared threat intelligence is one of the most important weapons in our arsenal. Unlike other countries where the public learns of breaches thanks to breach disclosure regulation, most Indian breaches stay below the radar. This not only leads to a false sense of security, it makes us less safe. Today when a threat group breaches one organization, they can take the credentials from one theft to break in elsewhere - because people often reuse passwords.<br><br>Breach notification requirements would help the public take stock of the impact, and provide threat intelligence to help public and private sector organizations better defend against tactics which have been successful elsewhere.<br><br>Finally, expertise is required. According to a study done by EC-Council, a global certification body for information security professionals, nearly 86% of student IT talent pool in India display no awareness of cyber security basics. What's more, traditional cyber security skills are no match for today's targeted attacks. FireEye finds that breaches go undetected for an average of 205 days, clearly attesting to the shortcomings of traditional approaches. This is why organizations all over the world are increasingly turning to outside firms like FireEye to manage their security as a service. While this makes use of a limited skilled labor pool, we still need more skilled cyber security professionals to help defend organizations from attacks.<br><br>All too often, organisations approach cyber security reactively. In the face of escalating attacks, India can no longer afford this approach. It's time to step up our game plan to secure the future.<br> <br><em>The author, Ramsunder Papineni, is regional director (India and Saarc), FireEye</em></p>