While India has had internet connection for a long time, it was the ‘Digital India’ initiative that really led the country to monopolise on data. Along with a growing monopoly, it also led to an increasing in cyberattacks over the years. In its first quarter reports of 2020, Fortinet mentioned India had a 17% increase in cyberattacks. February then had a 52% hike, which further increased to an alarming 131% in March compared to the corresponding period in 2019.
With the lockdown being announced, thanks to digitalisation, everything right from refilling of groceries to diplomatic meetings, has been happening uninterrupted. While no one minds the seamless flow of information and communication, the country’s exposure to cybercrime has been unattended. India is amongst the top five countries to be targeted by cybercriminals due to its inability to consider cybersecurity as a prime part of technological infrastructures and lack of liable cyber laws in place. For example, applications like Zoom, where its usage blew up immensely since the lockdown, had dubious privacy policies which were not paid heed to in India until a cautionary was issued by the FBI for its US users.
Now, with the additional unpreparedness of the lockdown and the sudden shift outside office firewalls has given more room to cybercriminals for exfiltration of data and compromise business operations. Having patched-up, up-to-date VPN services for protection against phishing e-mails wouldn’t just be enough to protect companies. Organisations should now be all the more prepared to protect its data. The salient aspects for a securer infrastructure are – one, the desperate need for change in mentality. Organisations need to start considering cybersecurity as an investment rather than an added cost. There is also a need for basic education at the grassroot level on how employees can beware of malwares and how and where they can report it, in case they detect a threat, since they are outside their workspace firewall. Two, there is a need for investment in innovation and change in government regulations. The government needs to make stricter data protection laws, which not just give basic protection from data theft but also impose strong cyber-secure infrastructure as a mandate for organisations. The data protection laws need to instil systems in place which hold organisations liable for malicious cyber activities. If need be, we can always learn from the secure data laws that are in place in countries like in US and Europe. For example, Facebook Inc had to pay a record-breaking $5 billion penalty and submit new restrictions and a modified corporate structure as punishment for breaching a 2012 Federal Trade Commission order and deceiving its users about their ability to control the privacy of their personal information.
In the times to come, the government would need to impose bank like auditing systems for organisations, wherein external IS/IT auditors, with a set of review policies and compliance, document everything, right from organisations’ security policy to outsourcing policy to data integrity. While only 51% of Indians have a digital banking set-up, 90% have their Aadhar card data on the internet, which has had third part leaks and data misuse even though UIDAI mentions otherwise. Quick upgradation to a secure technological infrastructure and compliant auditing laws, which hold organisations liable for breach, is the only way to ensure a secure cyber space and data safety.