1. Reads
  2. Deep Dives

Countering Cyber Crime in India: Time To Step Up?

Dec 8, 2017 1:11 PM 4 min read

Information highways are getting stronger and being strengthened. Occasionally, accidents could occur. But do you stop constructing highways because two motor cars collide? - remarked Ravi Shankar Prasad, Union Minister for Electronics and Information Technology, in a recent interview when asked about India’s cyber space security.


With the Telecom Regulator (TRAI) upholding net-neutrality and the country recently hosting the fifth edition of the Global Conference on Cyber Space (GCCS), India seems to be geared up to embrace the digital revolution. It is therefore pertinent to probe how the nation fares both on regulatory and infrastructural fronts.


This year saw some of the worst cyber attacks, labelled as “ransomware”, in the form of Wannacry and Petya, infecting more than 300,000 computers worldwide. While McAfee’s Quarterly Threat Report records some 311 incidents of security violations which were publicly disclosed, they anticipate a much higher number of actual breaches.


As per the information reported by the Indian Computer Emergency Response Team (CERT-In), a government agency which deals with cyber crime, the number of cyber attacks reported in India up till June 2017 were 27,482. Major banks, telecom companies, IT firms and other vital industries have come under fire including phishing, probing or scanning, defacements, site intrusions, virus or malicious code, ransomware and denial-of-service attacks.


Zomato, a restaurant search and delivery service, was hit by a data breach which led to the details of 7.7 million users being stolen. Reliance Jio, a leading telecom player, reported an unauthorised data breach, which allowed the hackers to access personal details of Jio customers. Banks like Axis Bank and Yes Bank also witnessed reported similar breaches. And of course, there is the latest Game of Thrones leak by four Indian techies.


Such attacks while posing a threat to citizens' personally identifiable data can often lead to significant financial, operational, and reputational consequences. Interestingly, the reported incidents are only the tip of the iceberg. Given the lack of structured regulations regarding disclosure norms in case of a breach – except in financial services where it is mandated by the Reserve Bank of India – companies affected by cybercrime fearing loss of reputation often hide the incidents, even in cases where customers have been impacted. Hence, the actual extent of the impact remains unclear.


India is on the cusp of a Digital Revolution with the government launching multiple initiatives and applications like Digital India, BHIM, UMANG, JAM and MyGov to facilitate “ease of living”, ensure effective governance, and promote greater transparency. For instance, Prime Minister Narendra Modi in his speech at the GCCS reiterated that the conception of the JAM (Jan Dhan-Aadhaar-Mobile Phone) trinity has greatly helped reduce corruption and prevent leakages through better targeting of subsidies. He particularly highlights how Governance e-Marketplace has contributed to increasing farmer incomes. With the increasing digitisation of basic welfare services such as Direct Benefit Transfer (DBT) and Mahatma Gandhi National Rural Employment Guarantee Scheme, and an inclination towards a cashless economy, the government must ensure that the digital space is a secure and protected domain.


To add, frantic measures such as linking of Aadhaar with bank accounts, PAN, mobile number only increases the importance of data protection. While the IT Minister assures that Aadhaar is backed by a robust law granting due regard to one's right to privacy, he remains mum on the available data security provisions.


The government launched the National Cyber Security Policy in 2013 to set a framework around creation of a secure cyberspace ecosystem, driven by public-private partnerships and extensive training and awareness programs.


Following this, in June 2016, the RBI issued the Cyber Security Framework for Banks, pushing them to take proactive measures to strengthen their cybersecurity protocols.


These measures failed to result in any structural improvement as evidenced by India's deteriorating rank on the Global Cyber Security Index, moving from 5th position in 2015 to 23rd in 2017. 


It was perhaps this setback which has resulted in accelerated investment this year - resulting in the creation of national nodal agencies to perform real-time threat assessment and to safeguard critical information infrastructure (National Cyber Security Coordination Centre and National Critical Information Infrastructure Protection Centre). Moreover, the Ministry of Electronics and Information Technology has urged all ministries to allocate 10% of their IT budgets to cybersecurity.   


However the onus of improvement shouldn't only be the concern of the government. Enterprises also need to help themselves by mobilising funds and initiatives through existing sector-specific industry bodies or creation of new associations, using similar International agencies as a template. Considering 75% of responders in a industry survey conducted by EY believe that their company's cybersecurity function fails to serve their organisational needs, it is truly an indication to step-up.


With emerging technologies like Internet of Things and Artificial Intelligence, the future holds greater risk to cybersecurity. While technology has the potential of being an enabler, it also poses an innate risk to the economy at a large.