Amid growing digitisation, India must gear up for cyber threats: report

20 Dec 2016

With India logging into the digital world as it seeks to become a less-cash economy, the threat of data breaches looms over both public and private enterprises, with several such cases being reported through the year, reports The Hans India.

In one of the financial sector's biggest cyber threats, millions of debit cards were compromised after a malware-related security breach was detected in a particular ATM network in October. The State Bank of India (SBI), HDFC Bank, ICICI Bank, Axis Bank and YES Bank were among those which reported several of their customers' debit cards being compromised.

India was also listed among the top five in the world to be attacked by ransomware malware that forces its victims to pay a ransom through certain online payment methods to regain their data as reported by Moscow-based Kaspersky Lab, a leading software security group operating in almost 200 countries and territories worldwide.

In September, Trend Micro Incorporated, a global leader in security software and solutions, reported that over 180 Indian companies were victims of ransomware in the first six months of 2016. Indian businesses lost over $1 million from data losses and downtime in the last 12 months, a survey by EMC Corporation, the world's largest data storage multinational revealed in July. According to EMC, 46 per cent of organisations in India suffered unplanned system downtime and/or data loss due to external or internal security breaches.

Amid this, Pavan Duggal, the country's leading cyber law expert, lamented that Indian cyber law does not have adequate provisions to deal with the growing cyber threats. "The Information Technology Act, 2000, amended in 2008, still does not comprehensively deal with all relevant issues in the cyber security ecosystem. India not being a signatory to any international treaty on cyber crime complicates the intrinsic ability of the immense law and legal frameworks to provide effective remedies against cyber crimes which are committed from abroad," Duggal said.

With increased 4G and 3G penetration, the internet user base in India is expected to double to 600 million users by 2020 from the current 343 million - so the threat will only grow. "With the surge in digital transactions via e-wallets and other online payment gateways, mobile frauds are expected to grow to 60-65 per cent in the country by 2017," warned Assocham and global research firm EY this month.

According to Oracle India managing director Shailender Kumar, security breaches have moved information security from a hidden corner of the IT function to a topic of strategic importance to both business and society. "Towards the beginning of 2016, cyber security had started to become a boardroom discussion. It has emerged to be a key concern for IT and business managers alike this year. In 2017, if security is not attended to, it will negatively impact not only the brand reputation but also the shareholders' trust, revenue loss and result in higher risks for organisation," Kumar said.

With more and more Indians buying phones, enhanced security for the devices became another concern this year. India is the second-largest mobile phone market globally, with over one billion mobile subscriptions.

Of this, smartphone users account for approximately 240 million subscriptions, which is expected to grow to 520 million by 2020, said a joint study by Assocham and Deloitte released this month. The threat gets bigger with more and more people embracing mobile digital payments in the wake of demonetisation. "Mobile continues to be an area of exposure. As we get more and more used to transactions with mobile banking or e-commerce, mobile becomes more of a financial gateway and the implications are huge," said Anand Ramamoorthy, managing director, South Asia, Intel Security.

Keeping this in mind, the IT industry's apex body Nasscom and the Data Security Council of India (DSCI) launched a detailed road map for the next 10 years.

Titled Growing Cyber Security Industry, Road Map for India, the report identifies Managed Security Service (MSS), Security and Vulnerability Management (SVM) and Network Security (NS) as attractive emerging opportunities globally. Nasscom-DSCI have also established the Cyber Security Task Force (CSTF) initiative that aims to create one million cyber security jobs and 1,000 cyber security start-ups by 2025.

As the year drew to an end, the hacker group Legion broke into the Twitter accounts of the Congress Party, its Vice President Rahul Gandhi, controversial liquor baron Vijay Mallya and TV journalists Barkha Dutt and Ravish Kumar, threatening to leak data that will create "chaos" in India.

The government later asked the micro-blogging website to strengthen its security and announced measures like audit of the Indian IT infrastructure and setting up a task force to quicken action on cyber security.