Cyber Security in India: Are we Doing it Right?
By Arijit Banerjee
The digital revolution forayed into India a long time ago. The nation is now progressively utilizing the transformation for making the society go cashless. Apart from making the transactions cash-free, India is digitalizing a majority of other aspects as well. Be it the deployment of security, management of traffic, or manufacturing of goods, the Indian economy is rejoicing the benefits of digitalization in niche fields and industries as well.
However, with every good thing, there’s something bitter attached to it, and in the case of India, there’s more than one. Breaching, interrupting, manipulating and interfering with the technology or digital platforms are some of the threats that are linked to the digital revolution. These intimidations encourage to have a robust cyber security mechanism in India. To curb the hazards of breaching, an anti-cybercrime body is indispensable in the country.
Cyber Security in India: The Current Scenario
To keep at bay any cyber-attack, India introduced the IT Act in the year 2000 which was amended and brought into existence again in the year 2008. Technology literally evolves every single day. Thus, to be more vigilant and attentive against cybercrimes, India introduced National Cyber Security Policy in the year 2013. However, the policy turned out to be very weak.
When in 2014, the PMO made a new position in the ministry i.e. the position of the National Cyber Security Coordinator and made Dr. Gulshan Rai its head.He also mentioned that there was a whopping 50% rise in cybercrimes in the year 2013.
Till date, numerous cyber breaches have taken place in India. For instance, 1,791 cybercrime cases were registered in the year 2011. The number elevated and reached to 8,045 in the year 2015.
Here are some of the notable cybercrimes that took place in India:
- The cybercriminals (or popularly known as hackers) breached the website of Indian Railway Catering and Tourism Corporation (IRCTC). They stole the record and data of approximately 10 million customers of the service.
- In the year 2015, a total of 912 cybercrimes were registered in Mumbai. Out of these 912 cases, 178 cases were related to creating fake Facebook profiles and uploading of obscene media.
- Binny Bansal, co-founder, Flipkart became the victim of one of the hackers out there. The hacker spoofed his email account and sent two emails to the Chief Financial Officer of the firm demanding a transfer of $80,000.
- One of the cybercriminals attacked the website of Canara Bank and blocked some of its crucial payment services.
Retail is Taking Care of Cyber Security Detail
Not just the big names and brands are prone to cyber-attacks. Everyone who earns online, sells online, operates e-commerce portals, undertakes transactions online is vulnerable. An individual transacting online cannot undertake cyber security on his own unless his vendor, bank or his favorite online shopping portal takes an initiative.
The retailers fathom well the significance of undertaking cyber security and this is how they are doing it in India:
- Diversification of Risk: As people diversify their financial risk by investing in different schemes and assets, the retailers with a large chunk of data have various repositories located at different places. Therefore, these locations could be the systems of the corporate office, brand’s online portal, or perhaps with a trusted, reliable and verified third party.
- Continuous Tracking and Monitoring of the Data: Diversification is not the ultimate solution to face cyber-attacks. Retailers these days deploy various mechanisms, technology and applications to effectively and efficiently track how their data is moving into their IT infrastructure. Therefore, with the experts and applications in place, any loophole or breach in the system can be figured out on a real-time basis. Thus, avoiding any attack or leak beforehand.
- Tie-up with Third Parties: There are organizations and firms that offer high quality and securesafe data storage services. Usually called the big data companies, these players are efficient when it comes to handling, securing, transferring, storing and protecting the large customer database of the retail players. Many e-commerce giants of India rely on these players for the ultimate security of their data.
- Deployment of Encryption Policy: Retailers are now investing in the encryption policy for the security of their data. Hence, this implies that only a few of the individuals of the firm have the authority to access the data or the information from the pool. Any individual other than the authorized personnel trying to access the data faces firewalls and lots of other security arrangements that he/she cannot pass.
- Regular Audits of IT Infrastructure: Like everything that needs maintenance to run for a longer period of time, retailers are investing heavily in the audits of their IT infrastructure from time to time. It is done to eliminate any flaw from the system and make it foolproof against cyber-attacks.
The Plan of Action against Cyber Crimes
Demonetization that took place recently made the citizens of India realize the potential of online payment systems. Though many were doing it before but the same boosted after this major decision of the government. Even the government is encouraging people to go cashless. However, both the banks and government know the biggest risk associated with going cashless.
It is not just the lack of knowledge among the people on how to use the online banking facilities, mobile apps to pay, or to use debit card/credit card to pay their bills. It is also the concern of securing the online payment mode in order to safeguard the hard-earned money of the public.
For the same, the Government of India has taken various initiatives:
- Initiation of a major program for the development of cyber forensic tools.
- Development of tools and mechanism to trace digital evidences.
- Setting-up of a cyber forensic training lab at Training Academy of Central Bureau of Investigation to impart knowledge on cyber forensics to the police officers and new hires.
- Issuing of alerts and advisories on new cyber threats by The Indian Computer Emergency Response Team from time to time.
- Provision for Crime and Criminal Tracking Network and Systems (CCTNS) – an online portal for registering cybercrimes.
Fully Operational Anti-Cyber Crime Cell: The Need of the Hour
With the after effects of demonetization, online selling and buying reaching to a new height. And with the encouragement from Government of India to go cashless, a robust and operational anti-cybercrime cell in India is the need of the hour. Furthermore, anti-cybercrime cells will act as huge deterrents against the all kinds of cyber crimes.
It takes years to earn but a single breach by a cybercriminal is enough to make your vault empty!
About the Author:
Dr. Yogesh Bhat
Head and Director
Manipal Global Academy of Information Technology (MGAIT)
Dr. Yogesh is a Graduate from Indian Institute of Technology, Roorkee; Post-Graduate from CEPT University, Ahmedabad; and Fellow (Doctorate) from Indian Institute of Management (IIM) Ahmedabad.
Dr. Yogesh Kumar Bhatt is the Vice-President – IT Education and Training at Manipal Global Education (MaGE). He heads Manipal Academy of Information Technology (MGAIT). And he also looks after entire academic development and delivery of programs for Information Technology vertical. Furthermore, he has around two decades of experience involving employee competency development, education, training, delivery and consulting in Information Technology sector.
Prior to joining MaGE, he has worked for 16 years with Infosys, spending this time across various functions and roles. His last role at Infosys was as the Associate Vice President and Head.