Cyber crime is a growing issue globally. There are daily news reports of cyber crimes across India and very few believe they will remain immune to cyber crime. Cyber criminals use sophisticated and simple techniques to commit crime; there is a growing awareness of cyber crime and of the need to create an infrastructure that protects against it.
Cyber crime statistics are alarming
Symantec, the global leader in cybersecurity published a report in January 2019 that revealed Indians are the third least honest people on the internet. The report highlights that more than half of all Indians have lied online. Such lies are told on social media to exaggerate a social networking profile and on professional networking sites to exaggerate a professional profile. It stands to reason that when hundreds of millions have falsified social and professional networking profiles, many employers have been duped into employing people whose true accomplishments are less impressive than those purported.
It gets worse; Symantec reveals that as many as 76% of Indians have been victims of cyber crime and 60% have been victimised by computer viruses and malware. Only a minority 8% believe they will never fall victim to cyber crime. The numbers reveal that a majority of those living in India believe cyber crime is a significant threat. Only 10% of Indians feel very safe online. Most alarmingly, not only do most people in India believe they will fall prey to cyber criminals, a majority believe those who perpetrate cyber crime will never be captured and brought to justice.
Cyber crime leads to emotions as well. In India 58% of people felt very angry when they fell victim to cyber crime; 51% felt cheated. Also, 46% of Indians felt upset and annoyed when they fell victim to cyber crime. After falling victim to cyber crime, victims changed their online behaviour and stopped visiting risky sites. Approximately 59% changed their online behaviour while 53% stopped visiting risky sites. 46% of those who fell victim to cyber crime immediately called their banks. On average the cost of a single cyber crime was 5,262 INR and such crimes were resolved on average in 44 days. Shockingly 45% of cyber crimes were never resolved.
41% of those living in India believe once tarnished by cyber crime, a company’s reputation can never be restored. The Symantec report revealed that cyber crime is growing; it showed there has been a 457% increase in cyber crime in India over the past 5 years. Globally, India has the third-largest number of cyber criminals and the third-highest number of cyber crimes occur in India. More cyber crimes happen in Bangalore than in any other city in India, a likely reason for this is that the technology infrastructure in Bangalore is highly developed. The city with the second-highest rate of cyber crimes in India is Mumbai followed by New Delhi; however, the number of cyber crimes that occur in Bangalore is 4 times that of New Delhi.
Types and instances of cyber crimes
Common kinds of cyber-attacks include DDOS, Botnets, identity theft, phishing attacks, cyber stalking, and social engineering.
In a recent cyber crime case, Microsoft filed a case against 2 Noida based call centres. The modus operandi of the call centres was to pose online on Google as Microsoft IT Support staff. At both call centres 500 staff worked and whenever each received a call from the US they would ask to be given remote access to the caller’s laptop. After gaining control of the laptop they would make up a reason for its malfunction and ask for $300 to $400 to repair it. Unless they were paid they would not hand over control of the laptop. After payment was made they would give control back to the owner. The FBI caught on and eventually 400 to 500 of those working in these 2 call centres including the owners were arrested. This case is an example of organized cyber crime- there are however many such cases that never come to light.
Identity theft is also a form of cyber crime. When an individual impersonates another for financial gain, it is known as identity theft. It is a commonly perpetrated fraud and recently was masterminded by a university employee who had a legitimate email address of the university. He promised others jobs in the university in exchange for money.. The fraud went on for 2 years and came to the notice of no one. Only after the perpetrator had stolen a significant sum from others did the fraud come to light.
Installing malware and viruses on other’s smartphones, laptops, and desktops is also a form of cyber crime. Malware installed on a device can monitor it and steal information such as passwords and gain access to bank accounts. Viruses can wreak havoc smartphones, laptops, and desktops. Every day in the news there are reports of cyber crime including instances of SIM cards being compromised resulting in OTPs being sent to unauthorized individuals. This often leads to money being withdrawn from bank accounts by unauthorized individuals.
Threats from within exceed those from without
It’s important to know that all companies face the greatest cyber security threats not from strangers but employees. When a data theft occurs the perpetrators are likely to work in the organization from which data is stolen. A reason for this is employees already have access to internal information and databases. Also, when there is intellectual property theft or identity theft in a company, the perpetrators are likely to be a company’s employees.
There is reason to be afraid
The risks present online equal or exceed those found in the real world. Companies that hold vast quantities of data should be especially concerned about online frauds because when data falls in the wrong hands it irreparably damages a company’s reputation. A recent report revealed that 69% of Indian companies are at risk of a cyber-attack. Hence the vast majority of Indian companies are at risk of cyber attack and the data they hold can easily be compromised.
Companies that store data on the cloud should understand that though the cloud offers considerable advantages, it gives rise to new risks as well. For instance, hackers and cyber criminals can gain access to data stored on even well-secured networks let alone poorly secured ones. Standalone systems more widespread a decade ago were less susceptible to such threats.
Cyber insurance is a potential solution
NASSCOM believes there is a need for cyber insurance. The same has also been proposed by the Data Security Council of India (DSCI). When cyber insurance is available it will help protect companies against data theft, intellectual property theft, and cyber attacks. Owners of cyber insurance will be suitably compensated when they fall victim to cybercrime.
By Dinesh Jotwani, Advocate, Supreme Court of India