FRIDAY, MAY 17, 2024
Shivanand Pandit
Cybercrimes are increasing across the world. In particular, India has witnessed a tremendous jump in the number of cybercrimes. As per the information provided by the Ministry of Electronics and Information Technology (Meity) to a parliamentary panel, between 2018 and 2021, there was an over five-fold increase in cybercrimes and cyber fraud incidents recorded by the Indian government. On the other hand, amidst an increase in cyberattacks, the Central government is yet to execute the National Cyber Security Strategy which has been happening ever since 2020.
The Meity has told the panel that India has experienced a noteworthy upsurge in cases of cyber fraud and various cyber-linked occurrences in the previous three years. An increase in phishing attacks, financial frauds, mail-spams, and ransomware attacks were reported during the Covid-19 lockdown, when people largely worked from home, as attackers personated brands and deceived employees and customers.
As per the facts available with the Indian Computer Emergency Response Team (Cert-In) which is the government agency for computer security, the number of cybercrimes mounted from 208,456 in 2018 to 1,402,809 in 2021. That is approximately a 572% surge in 3 years! Also, 212,485 such incidents have been recorded in the first two months of 2022.
Indian organisations have seen a 218% surge in ransomware attacks in 2021, making India the 10th most targeted nation worldwide and second after Australia in the Asia-Pacific region. India was graded amongst the leading 10 countries out of 193 countries in cyber security posture for the year 2020. India climbed from the 47th position in 2018 to the 10th position in 2020. According to the American cyber security organization Palo Alto Networks' 2021 report, Maharashtra was the most targeted State in India — facing 42% of all ransomware attacks.
India is among the more reasonably lucrative areas for hacker groups and hence these hackers ask Indian firms to pay a ransom or money, usually using crypto-currencies, in order to regain access to the data; 25% of the Indian organisations suffered a ransomware attack in 2021. This is higher than the international average of 21%. Software and services (26%), capital goods (14%), and the public sector (9%) were among the most targeted zones. Also, according to the study done by CyberPeace Foundation (CPF), Autobot Infosec Private Limited, along with CyberPeace Center of Excellence (CCoE), cyberattacks on the Indian Petroleum Refinery network have been on the rise with massive attacks recorded between October 2021 to April 2022.
No action, only talks: The country's cyber security strategy recommends a distinct jurisdictive outline for cyberspace and the formation of an apex body to tackle threats, responses, and grievances. However, this has been pending with the central government for over two years. The strategy, conceptualised by the National Security Council Secretariat of India led by Lt General Rajesh Pant, has been in the works since 2020. Named the National Cyber Security Strategy 2021, the policy emphasises the need for a judicial framework to address the evolving challenges in the technology zone.
In the recent Budget session of Parliament, many MPs grilled the Meity on when the Centre intends to announce the policy. In response, the Centre explained that it has prepared a draft National Cyber Security Strategy 2021 which holistically looks at addressing the issues of security of national cyberspace.
The Data Security Council of India (DSCI) has prepared a 22-page report focusing on 21 areas to ensure safe and vibrant cyberspace for India. Some of the focus areas are large-scale digitalisation of public services, State-level cyber security, etc. The report recommends a national framework that should be set in collaboration with institutions like the National Skill Development Corporation and Information Security Education and Awareness to provide global professional certifications in security.
Although numerous industry specialists narrated the need for cyber security policy in India, the government is still not considering the issue on a priority basis.
The rise in cyberattacks and threats in India has brought to light the urgent need for strengthening India's cyber security. India should execute a strategy immediately and it needs its unique cyber security law and devoted authority expeditiously at par with global standards.
The strategy should target to configure a comprehensive system, with both State-owned and private companies having to obey cyber security yardsticks. It should stipulate a strict recurring cyber audit and suggest annual appraisals by the apex body that will be established.
The pandemic demonstrated severe warning for India's cyber security. Several Covid-19 test results were leaked and a cyberattack happened on systems of an airline service provider resulting in the leakage of personal data of 4.5 million passengers. As per the investigation by US cyber tech firm CrowdStrike, on average, companies across the world take seven days to respond to cyber security violations. In contrast, Indian companies take around nine days. India now has more than 1.15 billion phones and over 700 million Internet users which make it a big lake of digitally vulnerable targets.
From payments to e-shopping to working from home, the pandemic led to the greater adoption of interconnected devices and hybrid work networks. The above-mentioned facts and figures push India to the bottom of the list when it comes to dealing with cyber security threats and attacks. Undoubtedly, India is one of the fastest-developing markets for digital technologies. Therefore, the govt should introduce and implement a robust cyber security strategy immediately.
(The writer is a tax specialist, financial adviser and public speaker based in Goa)
