Advertisment

India wakes up to digital security

author-image
Prerna Sharma
New Update
cybersecurity

By Onkar Sharma & Prerna Sharma

Advertisment

Cybercrime is nowadays a growing threat all over the world. Governments and businesses are facing the big time threat from cyber criminals. A lot of businesses have shut down and others are on the same path because of this threat. In an attempt to raise the awareness in the government and the private sectors, the International Conference on Cyberlaw, Cybercrime, and Cyber Security was organized recently in Delhi where experts, practitioners, and government officials took part in various sessions and voiced their opinion on several aspects of cyber security and cyber law. Justice TS Thakur, Chief Justice of India; Dr Gulshan Rai, National Cyber Security Coordinator, Government of India; and Dr Madan Mohan Oberoi, Director of Cyber Innovation & Outreach (CIO), IGCI, INTERPOL, among others shared their thoughts and suggestions with regards to cyber law and cyber security. In the light of recent terror attacks in Paris where cybercrime had played a big role, many experts believed that it was time for governments to emphasize on the Internet security and keep cyber criminals at bay.

Cybercrime is fast becoming one of the formidable threats globally. Despite elaborate security arrangements in and round for the IT assets in organizations and governments, a host of breaches are taking place. Hackers are able to sneak into networks and steal/damage critical data. The threat is growing to the unimaginable heights. A recent cybercrime survey report 2015 by KPMG says that over 72% out of 250 of India’s top companies faced cyber attacks over the past year. These attacks can compromise with country’s financial growth.

According to a cybercrime survey report by KPMG, 64% of individual seating on post of director/manager along with general staff are prone to cybercrime. The report also reveals that 63% of the companies that were attacked faced financial losses. Despite this, 58% stated that cyber defense expenditure forms less than 5% of total IT spend.

Advertisment

Over 94% respondents in the report on cybercrime see this as a major threat to businesses and 41% see it as a part of boardroom agenda. It is time for all of us to come together and opt for measures that deter cyber criminal from hacking into the networks.

IOT, CYBER SECURITY & CONNECTED MAZE OF LEGALITIES
In one of the sessions, panelists gathered to deliberate on the threats in the Internet of Things (IoT) space. While IoT promises to transform the consumer service and help humankind in different ways, it is being considered as the biggest threat to the human security. At a nascent stage, IoT is giving birth to myriad business models. But security experts have expressed their concerns. “IoT needs a robust telecom infrastructure in India so that protecting data on millions of devices is easy. Without the robust telecom infrastructure, it is not easy to build a cyber security defense mechanism,” opined Tilak Raj Dua, Director General, Tower and Infrastructure Providers Association (TAIPA). While countries are expanding their digital assets and there is focus on smart cities, it would be critical that multiple layers of security are stacked making it tougher for cyber crooks to sneak into the networks. “We need to focus on carrying out IoT prototypes to enhance learning.

This will reveal several facts. It has to take care of the law of the land,” suggested Debrata Nayak, Chief Security Officer, Huawei Telecommunication India. Security must be the foundational enabler for IoT. But there is currently no consensus on how to implement
security in IoT on the device. A prevalent and unrealistic expectation is that it is somehow possible to compress 25 years of security evolution into novel IoT devices. But it has to be believed that there is no silver bullet that can effectively mitigate the threats. “Digital technology is a mandate for success in today’s world. Since devices are a common thread in IoT, device manufacturers need to be governed by an international agency so that security is taken care of at the manufacturing stage,” said Felix Mohan, CEO, CISO Academy.

Advertisment

REGIONAL COOPERATION FOR CYBER SECURITY
Cyber security is an alarming issue and aims to destabilize any establishment. Given the intensity, it is important that governments begin to cooperate on the issue and work on intelligence sharing. Ibrahim Ahmed, Group Editor at Cyber Media, moderated a panel around the regional security bringing into the spotlight the core issue of regional cooperation for cyber security.

“Increasing dependence on IT, communication has left more loopholes which cyber criminals are able to exploit easily. Governments need to work together in the region so that there is no leeway for cyber criminals,” said Ahmed. Jurisdiction beyond the boundaries of a country is a debatable subject and is often exploited as cyber criminals try to commit a crime outside their country. In recent times, INTERPOL has solved cases involving crossborder financial frauds. If the governments build understanding between neighbors in order to gather information for crimes, there will be more trust. “It is a fragmented world. Cooperation will be helpful and improve the business environment,” suggested Rakesh Kharwal, Director, Enterprise Business at Intel Security. A common agency that looks into the security issues in a region is also suggested. “Awareness is key for safeguarding the critical assets. In my opinion, the countries in the region should set up a CERT (Computer Emergency Response Team) for Saarc. This will be a crtical step for cooperation in the region,” advised Raj Raj Pant, Chairman of ITSERT, Nepal.

PROTECTION OF CRITICAL INFORMATION INFRASTRUCTURE
Stuxnet can be used to destroy critical infrastructure of a country. This has been manifested in the operation Olympic Games which was executed by the US to delay the uranium procurement for Iran’s nuclear program. In such scenario, cyber criminals or cyber terrorists can exploit the technology to trigger attacks on any country in the future. Governments need to take adequate steps to protect telecom and communication infrastructure of their country. “Terrorists need not physically attack.

Advertisment

The Internet is a place where they are spending time to do the damage,” said Pawan Desai, Co-founder & Chief Executive Officer, MitKat Advisory Services. In addition, the protection of power grids is very important since it keeps a country running. “India has shown its competence in protecting the critical assets in grid failures. However, India needs to strengthen its capability so that cyber attacks on critical assets do not hurt the day-to-day business,” suggested Bindhumadhava BS, Associate Director, C-DAC, Bangalore. The spate of events recently has opened eyes of those in authority and forced them to consider cyber security seriously. “While awareness for security has gone up in the recent past, the governments are still not convinced if a cyber terror attack can damage critical assets. It needs to change. Crtical infrastructure is really important that has to be up and running,” added Subimal Bhattacharjee, Defense and Cyber Security Analyst.

DARK WEB – A NEW BLACKHOLE
Dark web is the new reality. It is an anonymous Internet where it can be accessed without being traced. In other words, it is collection of websites that hide IP addresses of the server that run them. This darknet is often referred to as the ‘Deep Web’ and ‘Hidden Internet’. It becomes a challenge for the investigating team to work out who is behind these sites. According to experts, darknet is at the center stage and increasing at a very fast pace. Darknet is no longer a law enforcement challenge but the biggest challenge for prevention. Countries are making sure that their law enforcement agencies and legal regimes are thoroughly well-equipped in dealing with these dark web.

NEW EMERGING CYBERCRIMES IN INDIA
Today dependency on Internet, starting from banking transaction to grocery shopping, has been increasing exponentially. “In 2014, 9,622 cases of cybercrime were registered out of which Maharashtra, Uttar Pradesh, and Karnataka registered highest number of cybercrimes,” says PK Malhotra, Secretary, Ministry of Law & Justice, Government of India. Assocham-Mahindra SSG study suggests that cybercrime is increasing at an alarming rate. The study also revealed that in the past attacks have been mostly initiated from the countries such as US, Turkey, China, Brazil, Pakistan, Algeria, Turkey, Europe, and the UAE, and with the growing adoption of Internet and smartphone, India has emerged as one of the most favourite countries among cyber criminals. Some of the new emerging cybercrimes that are adding onto the pressure are:

Advertisment

Drones: Companies across the world are using drones to provide superior shopping experiences to their customers. Many retailers have understood that they can only survive if they can become pioneer in the logistics race. But at the same time it is helping hackers to steal data by hacking drones. Cyber criminals are using drones to steal passwords, user names, band details, and even home addresses from the smartphones.

SAMC: The massive increase in cybercrime incidents can be attributed to the rising popularity of social media, growing usage of mobile technology in the enterprise, increase emphasis on analytics and big data, and the continuing move to the cloud services together is posing a challenge to the security landscape. As data is moving out from earlier controlled environment.

Wearable Devices: Wearable devices are making their own way into the workplace and corporate network. But along with the ease, it is posing high security and privacy challenges for IT heads and governing bodies as data is collected through these wearable devices are prone to cyberattacks.

Advertisment

Today, the criminals have skills and a lot of experience. It is important to analyze the growing cybercrime at a higher level and a better understanding of the potential issues.

In essence, cyber security would be further strengthened if all the stakeholders work together. Governments have to frame the laws around cybercrime in such a way that there is scope for law enforcement agencies to work closely with global counterparts. Besides, it is now government’s duty to invest in training of the law enforcement agencies to deal with cybercrime. It has to be a gradual process so that complaint redressal could take place. In addition, it is time that the agencies are prepared to take a look at even in crimes which go unreported and never come to light. While it would be a modest beginning, it can have far reaching impact in the safety and security of the critical assets, among other
things.

Advertisment