Introduction
1 Cyber Security. Computer security, cyber security or information technology security (IT security) is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
2. Cyber Espionage. Cyber Espionage is the malicious theft of data, information, or intellectual property through computer systems. Some method includes social engineering, malware distribution, advanced Persistent Threat (APT), and spear phishing.
3. Cyber Warfare. It involves the action by a nation-state of international organisation to attack and attempt to damage another nation’s computer or information networks.
4. Cybercrime. It is any criminal activity that involves a computer networked device or a network.
5. Cyber Terrorism. It is premediated, politically motivated attack against information, computer systems, computer programs and data which results in violence.
Digital India
6. Digital India. According to the NITI Aayog digitisation in India increased rapidly after Demonetisation. After demonetisation use of digital wallets is also increased but the cyber literacy is not adopted by the users. 2nd largest population of the world adopted the digitisation but the critical backend Information technology infrastructure is not developed or updated. In the COVID-19 pandemic situation work from home started and cloud adoption is also increased rapidly which also challenges for cyber security.
What India Makes so Vulnerable to Cyber Threats?
7. Widespread digital illiteracy makes India citizens highly susceptible to cyber fraud, cyber theft. Most of the Indian citizens cyber security is limited upto Antivirus. Most of the devices in India used inadequate security configuration/infrastructure. Rampant use of unlicensed software and underpaid license makes them vulnerable as well. Many of users are using the pirated windows operating systems. People also do not report cybercrime remains because of lack of awareness. People also does not know to how to report the cyber incidents. Most of the peoples does not know that Cyber Police Stations are also exists.
8. Maximum systems and process used in our country are outdated. Accelerated digital adoption, over a short span of time and lack of cyber security awareness is also vulnerable. Adoption of new technology in India is very slow like Artificial Intelligence (AI) and Machine Learning (ML) which helps in enhancing the cyber security.
9. Import dependency – India is the 2nd largest consumer for smart devices and 2nd larges number of internet users after China but we are totally dependent on Import of electronic devices such as mobile phones, infotech devices.
10. Cyber security adoption is very slow in India e.g. National Cyber Coordination Centre (NCCC) got approval from cabinet in 2013 but phase one of the NCCC become operational in 2017.
Agencies works in India for Cyber Security
11. NTRO. The National Technical Research Organisation (NTRO) is a technical intelligence Agency under the National Security Advisor in the Prime Minister’s Office, India. It was set up in 2004. It also includes National Institute of Cryptology Research and Development (NICRD).
12. NCCC. NCCC is an operational cybersecurity and e-surveillance agency in India. It is intended to screen communication metadata and co-ordinate the intelligence gathering activities of other agencies. Some have expressed concern that the body could encroach on Indian citizens’ privacy and civil-liberties, given the lack of explicit privacy laws in the country.
13. NCCC includes a cybercrime prevention strategy, cybercrime investigation training and review of outdated laws. Indian and U.S. intelligence agencies are also working together to curb misuse of social media platforms in the virtual world by terror groups.
14. CERT-in. Cyber Emergency Response Team-India established in 2004, CERT-In function under Department of Information Technology (DIT) mandated under the IT Amendment Act, 2008 to serve as the national agency in charge of cyber security.
15. C & IS D. Cyber and Information Security Division, Ministry of Home Affairs (MHA) created in 2017. Division deals with matters relating to Cyber Security, Cyber Crime, National Information Security Policy & Guidelines (NISPG) and implementation of NISPG, National Intelligence Grid (NATGRID) etc.
16. DCyA. Defense Cyber Agency (Under the Ministry of Defence) will focus on non-civilian cyber issues, including safeguarding critical infrastructure.
17. Coordination between above all agencies is also weak point for cyber Security of country and the softwares used by them are also outsourced from another countries.
Some Cyber Attacks Data Published by the Government
18. Government data shows that in 2019 alone, India witnessed 3.94 Lakh instances of cyber security breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Team (CERT-in) data shows that a total 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019.
19. According to Nasscom’s Data Security council of India (DSCI) report 2019, India witnessed the second highest number of cyber-attacks in the world between 2016 to 2018.
20. On September 22 2020 the Ministry of Electronics and Information Technology (MeITY) told parliament that the Indian citizens, commercial and legal entities faced almost 7 lakh cyber-attacks in just 8 months till August 2020.
IBM Data Breach Report – India
21. Indian Companies incurred an average of Rs 14 Crore total costs of a data breach in 2020, an increase of 9.4% from 2019. The top three root causes of data breaches were categorized as 53% malicious attack, 26% system glitch and 21% human error.
Sophisticated Cyber Attacks
22. Cyber attacks does not mean that only theft of money or data it can cause power outage, air traffic chaos and even shut down nuclear reactor. North Korean malicious attack DTRACK Nuclear Power Corporation of India Ltd (NPCIL) has confirmed that a malware had infected its system at the Kudankulam Nuclear Power Plant (KKNPP). It was similar to Stuxnet virus attack on an Iranian nuclear facility in 2018.
23. According to Kaspersky (Russian Anti Virus Company) reports that the MSMEs in India are more vulnerable. The healthcare sector, in particular faces major risks with cyberattacks on prominent companies recorded in 2020. Cyber attack on Dr Reddys laboratories and Lupin) Education companies like Unacademy, Whitehatjr also attacked and users data also sold on darkweb.
24. Ransomware attacks are going to see a rise in 2021. Ransomware scores like Maze, CI0p, Nefilmi and Netwalker have ben targeting different industries in India such as a Financial service, Oil Drilling services, Pharmaceutical, Commodity and service providers, Automotive supplies, footwear manufactures professional and consumer services and manufacturing & industrials.
Some notable Cyber-attacks in India
25. In July 2016, a phishing mail sent to an employee of Union Bank of India, hackers accessed the credentials to execute a fund transfer, unsuccessfully swindling Union Bank of India of $171 million.
26. The infamous Wannacry Ransomware attack even impacted servers in India state such as Andhra Pradesh and west Bengal.
27. Popular online grocery service provider, Big Basket faced a data breach by a group named “Shinyhunters” who reportedly have compromised the data or more than 2 million users.
28. F & B giant, Haldiram’s were demanded $750,000 as part of ransomware attack.
29. In MY 2020, It was reported that data of 40 million Truecaller Indian Users was reportedly put out for sale on the darkweb.
Conclusion/ Recommendations
30. Andhra Pradesh, Telangana and Haryana have allocated separate budgets for cyber security. Singapore, Korea and Israel also allocated separate budgets for cyber security.
31. India needs a Cyber Readiness Index like Swach Bharat to benchmark security practices in all states and UTs. India should play an active role in Global Cyber security dialogue
.32. Cyber University & Technology transfer – Global cybersecurity enterprises such as CISCO, CrowdStrike, Lucideus, FireEye and symentec etc all have key R & D hubs in India. Coordination between different cyber agencies need to increase.