THE CURRENT STATE OF CYBER SECURITY IN INDIA

I.                   ABSTRACT

India witnessed the digital revolution a long time ago. The country is gradually implementing changes to make the society cashless. Aside from eliminating cash transactions, India is also digitizing a large number of things. Whether it’s for security, traffic management, or commodities manufacture, India’s economy is taking full advantage of digitalization in a variety of disciplines and industries. However, there is always a bitter side to every wonderful thing, and in the Indian context, there are plenty. Some of the hazards associated with the digital revolution include hacking, interrupting, manipulating, and tampering with technology or digital platforms. India has been the target of hundreds of painstakingly planned cyber attacks due to the country’s unstable status of cyber security. A cyber attack could target any firm that has confidential material or depends on real-time processing. These threats motivate us to build a strong cyber security system in India. An anti-cybercrime agency is required in the country to mitigate the risks of a breach.

II.                INTRODUCTION

Cyber security is the technique of protecting computers, network, websites, mobile devices, electronic systems, and information from hostile intrusions. In India, officials have paid insufficient attention to the matter of cyber security, to the point where the government has failed to meet the country’s growing demands for a competent cyber security apparatus. In short, India’s offensive and defensive cyber security measures are woefully inadequate. Furthermore, in comparison to other industrialized countries, India’s cyber security projects and activities are significantly less. Many of the Indian government’s relevant projects have only existed on paper. Over the last two years, the number of cyber threats in India has risen dramatically. India has made only little progress in building cyber security policy, according to a recent research report by the International Institute for Strategic Studies (IISS).[1]

 

III.             THE CONCERNING DATA

India has become one of the most afflicted countries due to cyber crime, with a rapid growth of online frauds, data leaks, and cyber scams. Here are some data on India’s cyber security situation.

1.      According to a data given by the government in parliament, India saw approximately 1.16 million cyber attacks in 2020, with a median of 3,137 cyber security incidents recorded every day of the year.

2.      According to IBM’s ‘Cost of a Data Breach Report 2020,’ in India, the median cost of a data breach in the year 2020 was $2 million, indicating an increase of 9.4 percent from 2019.[2]

3.      According to an article published by Inc42, India has seen a 4000 percent surge in phishing emails and a 400 percent increase in policy violations since the beginning of the COVID-19 pandemic. According to this Inc42 article, 66 percent of Indian companies have experienced a minimum of one data leakage or cyber assault since implementing a remote working style during the pandemic.[3]

4.      India is placed at third position among the first 20 countries which are affected by cybercrime, according to the FBI’s Internet Crime Report.

 

IV.             SOME RECENT AND MAJOR INSTANCS OF CYBER ATTACKS

The risk of computer systems employed by both business entities and civilians was highlighted and exposed as Indians started working from home on their personal laptops and computers because of the constraints imposed by the COVID-19 outbreak that swept the country in 2020. Apart from these increases in cyber attacks and offences, India has seen a slew of devastating cyber attacks on businesses. Here are a few of them:

1.      Unacademy, an edtech business, had a data breach in May 2020, exposing 22 million Indian customers’ information. On the dark web, the hacked accounts’ email addresses, usernames, and passwords were available for purchase.

2.      The user information from BigBasket, a massive online grocery business, was available for purchase at an online cybercrime marketplace in October 2020. For $40,000, the personal data of approximately 20 million Indian consumers was sold. Email IDs, names, PINs, phone numbers, password hashes, addresses, localities, dates of birth, and IP addresses were among the information available for purchase.

3.      Thousands of Indian patients’ COVID-19 lab test results were leaked online in January 2021, purportedly via government websites. On Google, the leaked information was made public. Dates of birth, full names, testing centers, and testing dates were among the sensitive information that was leaked.[4] 

4.      In February 2021, Air India, India’s national airline, had a data breach when their Data Management Service Provider, SITA PSS, was accessed unlawfully, resulting in the theft of a total of 4.5 million global customers’ information. Data from the year 2011 to 2021 was revealed in the hacked records. To avoid misuse, the corporation notified all of its users that their passwords needed to be updated. Because SITA is also used by Star Alliance and One World Airlines to maintain their databases, their data was also compromised.[5]

5.      On a database sharing forum in February 2021, 500,000 Indian police officers’ Personally Identifiable Information (PII) was put up for sale. The information was found to be linked to a police examination on December 22, 2019. Full names, email addresses, phone numbers, dates of birth, criminal backgrounds, and FIR records of exam candidates were among the information released.

6.      In April 2021, Upstox, India’s second-largest brokerage experienced a data breach that impacted 2.5 million consumers. Almost 56 million KYC data files, including email IDs, dates of birth, passports, PANs, and other personal information, were exposed. By accessing a third-party warehouse, the infamous hacker gang ShinyHunters was able to acquire access to the KYC information and contact data.

7.      Dominos, India’s popular pizza chain, suffered a massive data breach in May 2021. Names, location, delivery addresses, phone numbers, and email addresses of one million clients who had placed orders on their site via mobile or computer systems were all exposed in their entirety. There were approximately 18 million orders in total.[6]

 

V.                THE NEED FOR STRINGENT AND CONTEMPORARY LEGISLATIONS

As technology advances, so must a country’s legal framework. In India, there is a lack of regulation and strict cyber security rules, which limits the breadth of online offences that can be prosecuted. As a result, existing laws must be updated to identify, control, and prosecute internet criminals as quickly as possible.

The Information Technology Act of India[7]was passed in the year 2000, and the first significant revisions were made in the year 2008. Cyber security is covered by sections 43, 66, 66A, 66B, 67, 69, 70, and 72 of the amended Information Technology Act of 2008, which cover Data Protection, Hacking, Measures Against Sending Offensive Messages, Punishment for Illegally Possessing Stolen Computer Resources or Communication Devices, Protection Against Unauthorized Access to Data, Cyber Terrorism, Securing Access or Attempting to Secure Access to a Protected System and Privacy and Confidentiality respectively.

This pace is not rapid enough, when it comes to keeping up with technology. In order to be more watchful and attentive in the face of cybercrime, India implemented a National Cyber Security Policy in 2013. The strategy intended to secure information and information infrastructure in cyberspace, strengthen capacities to avoid and respond to cyber attacks, eliminate vulnerabilities, and minimize damage from cyber incidents, according to the Ministry of Electronics and Information Technology. The policy, however, turned out to be extremely weak. In 2014, the PMO created a new position inside the ministry, the National Cyber Security Coordinator, and appointed Dr. Gulshan Rai to lead it. He also stated that in the year 2013, there was a 50 percent increase in cybercrime.

We still lack a comprehensive data protection bill that safeguards citizens’ personal information online. Additionally, businesses have not made sufficient investments in security. The Personal Data Protection Bill of 2019 is currently in the works. The recent series of cyber security incidents has acted as a warning sign, and India must accelerate its efforts to improve its IT regulations.

VI.             TOOLS TO STRENGTHEN CYBER SECURITY

For a business’s and individual’s digital security and privacy, software relating to cyber security is a necessity. It protects against data breaches, cyber-attacks, and personal information theft. Application privacy, data protection, computer security, disaster recovery, security protocols, and other areas of cyber security are required to protect against many cyber threats such as Ransomware, Malware, Phishing, and others. As a result, cyber security solutions play a critical role in the safeguarding of confidential and valuable data held by enterprises and individuals.

1.      Nessus Professional is a robust remote security scanning application that examines a computer and notifies you if it finds any weaknesses such as missing patches or software problems that malicious hackers may exploit to get access to any computer on your network.

2.      Nikto is open-source security software that scans a web server for vulnerabilities that could be exploited and lead to the site’s invasion. A database of approximately 6400 distinct threats is included in the software. This database is updated on a regular basis by security professionals so that users can quickly identify new vulnerabilities.

3.      Another valuable technology is Flexible Identity Authentication, which can significantly minimize the likelihood of successful assaults. Passwords are frequently leaked or hacked, and they are also vulnerable to human mistake, so combining multi-factor authentication (MFA) with single sign on can help one to increase security.

4.      Next is an open-source network technology called Wireshark that can analyze network protocols in real-time and can improve security. One can use this security tool to sniff the network and observe network traffic in real-time because it is a console-based password monitoring and packet sniffer tool. Security specialists utilize this powerful software to collect data packets and analyze the characteristics of those packets, which aids in the detection of network security flaws.

5.      Then the next free and open-source software that allows users to communicate in an anonymous manner is Tor.  It conceals a user’s location and usage from anyone doing network surveillance or traffic analysis by routing internet traffic through a free, international, volunteer overlay network with over 6,000 relays. Tor makes tracing Internet activity back to a person more difficult. Tor’s purpose is to safeguard its users’ personal privacy, and also their liberty and capacity to communicate in confidence, by ensuring that their online activities are not tracked.

6.      Avira is one of the most effective security tools for network protection, scan scheduling, and traffic filtering. It has one of the greatest antivirus engines, as well as a VPN and a slew of other useful features that will help safeguard your privacy and will keep your computer working smoothly.

7.      Network Mapper (Nmap) is a free network identification and security monitoring tool that professionals use to scan individual hosts and big networks. Detecting unrecognized devices and discovering network difficulties for analyzing security flaws are two of its primary characteristics.

 

VII.          CONCLUSION

After reading the previous portions of the article, it is evident that cyber security is a problem that cannot be disregarded at this time. Cyber attacks on various government entities are becoming more common, posing a severe threat to the country’s overall security. Even though a crime-free society is impossible to achieve and only exists in the imagination, there should be a continuing effort to limit criminalities to a minimum by the application of rules. Crime based on digital law-breaking is sure to increase, especially in a society that is becoming increasingly dependent on technology, and law makers must go above and beyond to keep impostors at away. Apart from enacting stricter legislation, organizations should be prepared to spend funds on cyber security, and the tools mentioned above should be incorporated by organizations, particularly those dealing with confidential documents or those that rely on real-time computation, as they are vulnerable to cyber attacks.

To encapsulate the importance of cyber security, I would like to end this article with a quote from Christopher Graham:

“The knock-on effect of a data breach can be devastating for a company. When customers start taking their business—and their money—elsewhere, that can be a real body blow.” [8]

This Article has been authored by Sanjana Shikhar, a Second Year B.A.L.L.B (Hons.) student at Faculty of Law, Banaras Hindu University.

Image Source