When not if.

“When.”

If you’re an Indian, your identity and personal information are most probably going to be hacked, leaked or breached in the coming years. It’s just a question of when it happens, not if.

Perhaps some of your data has already leaked and you just don’t know it yet. Maybe it’s among the 10 million vehicle owners or 34 million subsidised food recipients in Kerala? Or among the 3.2 million debit card holders? Or the 100-120 million Reliance Jio mobile users? Perhaps the 17 million Zomato users or the 2.2 million McDonald’s ones? The 130 million Aadhaar users whose data was accidentally leaked?

Identity thieves took out a big loan in the name of the CEO of $10.5 billion Securitas, one of the world’s largest security companies, and then declared him bankrupt. Let me repeat that—the CEO of a security company that employs nearly 3 lakh people around the world had to step down from company boards because identity thieves declared him bankrupt.

So, remember, it’s when, not if. The sooner you accept that reality, the better.

The Hockey Stick Hypothesis

The average Indian has nearly 80 apps on her phone. The majority are cloud-based online services—cheap to build but tough to secure. Ninety-four percent of all cloud applications are not enterprise-ready in terms of security, said a report last year by netskope.

You may wonder why breaches keep happening irrespective of assurances of “Your data is safe” by the organisations to whom you entrust your data.

A simple explanation is that most organisations have neither the means nor motivation to secure your data. Online startups are in the early stages of their lives focused more on surviving, rather than spending their limited time and money on security best practices. Unless of course, they are in banking or fintech, where security standards like PCI DSS are mandatory for starting operations.

Once businesses get past survival, their focus turns to rapid growth and scaling. Again, security is an afterthought. The famous “hockey stick curve” is what most businesses go all out for. Caution is thrown to the winds as growth is chased at all costs. Issues start popping up. And these issues start getting noticed and reported during the consolidation phase that follows the growth phase when the businesses start looking at unit economics. Hence most breaches occur (or to be more accurate, are noticed or widely reported) during the consolidation phase that follows the growth phase businesses.

And if that wasn’t enough, the use of “super keys” like mobile number and universal ID Aadhaar makes it easier for hackers to join together data from various breaches to construct a fine-grained view of the digital footprints of victims.

AUTHOR

Anand Venkatanarayanan

Previously a Senior Engineer with NetApp, Anand describes his current affiliations as "Chief Financial Officer at HasGeek during the day, Security Researcher during evenings and Privacy Advocacy after dark. He was mostly into Data Security and recently has taken an interest in application and end point security. He is a known privacy buff and mistakenly believes that everyone should care about their privacy.

View Full Profile

Available exclusively to subscribers of The Ken India

This story is a part of The Ken India edition. Subscribe. Questions?

MOST POPULAR

Annual Subscription

12-month access to 200+ stories, archive of 800+ stories from our India edition. Plus our premium newsletters, Beyond The First Order and The Nutgraf worth Rs. 99/month or $2/month each for free.

Rs. 2,750

Subscribe
 

Quarterly Subscription

3-month access to 60+ new stories with 3-months worth of archives from our India edition. Plus our premium newsletters, Beyond The First Order and The Nutgraf worth Rs. 99/month or $2/month each for free.

Rs. 1,750

Subscribe
 

Single Story

Instant access to this story for a year along with comment privileges.

Rs. 500

Subscribe
MOST POPULAR

Annual Subscription

12-month access to 150+ stories from Southeast Asia.

$ 120

Subscribe
 

Quarterly Subscription

3-month access to 35+ stories from Southeast Asia.

$ 50

Subscribe
 

Single Story

Instant access to this story for a year along with comment privileges.

$ 20

Subscribe

Questions?

What is The Ken?

The Ken is a subscription-only business journalism website and app that provides coverage across two editions - India and Southeast Asia.

What kind of stories do you write?

We publish sharp, original and reported stories on technology, business and healthcare. Our stories are forward-looking, analytical and directional — supported by data, visualisations and infographics.

We use language and narrative that is accessible to even lay readers. And we optimise for quality over quantity, every single time.

What do I get if I subscribe?

For subscribers of the India edition, we publish a new story every weekday, a premium daily newsletter, Beyond The First Order and a weekly newsletter - The Nutgraf.

For subscribers of the Southeast Asia edition, we publish a new story three days a week and a weekly newsletter, Strait Up.

The annual subscription will get you complete, exclusive access to our archive of previously published stories for your edition, along with access to our subscriber-only mobile apps, our premium comment sections, our newsletter archives and several other gifts and benefits.

Do I need to pay separately for your premium newsletters?

Nope. Paid, premium subscribers of The Ken get our newsletters delivered for free.

Does a subscription to the India edition grant me access to Southeast Asia stories? Or vice-versa?

Afraid not. Each edition is separate with its own subscription plan. The India edition publishes stories focused on India. The Southeast Asia edition is focused on Southeast Asia. We may occasionally cross-publish stories from one edition to the other.

Do you offer an all-access joint subscription for both editions?

Not yet. If you’d like to access both editions, you’ll have to purchase two subscriptions separately - one for India and the other for Southeast Asia.

Do you offer any discounts?

No. We have a zero discounts policy.

Is there a free trial I can opt for?

We don’t offer any trials, but you can sign up for a free account which will give you access to the weekly free story, our archive of free stories and summaries of the paid stories. You can stay on the free account as long as you’d like.

Do you offer refunds?

We allow you to sample our journalism for free before signing up, and after you do, we stand by its quality. But we do not offer refunds.

I am facing some trouble purchasing a subscription. What can I do?

Please write to us at [email protected] detailing the error or queries.