Cybercrime and need of robust cyber security policy
Cyber security and defence against cyber warfare assume greater significance due to rapidly increasing risks, vulnerabilities, threats, cybercrimes and fraud. The incidence of cybercrimes in the country went up significantly in 2015 where number of cases booked under the cybercrime category rose by 20.5%. This reiterates the need of an effective cyber security policy to thwart cyber threats.
What is cybercrime?
- Cybercrime is defined as a crime in which a computer is the object of the crime (hacking, phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes).
- Cybercriminals may use computer technology to access personal information, business trade secrets, military data or use the Internet for exploitive or malicious purposes.
- Criminals who perform these illegal activities are often referred to as hackers.
Today, criminals and rogue nations are increasingly attacking the technology assets of individuals, organizations and governments, stealing and selling valuable information, and in an alarming trend, holding data for ransom.
Some examples are:
- California hospital's technology systems and encrypted patient-care data was hacked. A ransom of over $5.5 million was demanded.
- A leading e-commerce company recently discovered that a loophole in its payment gateway gave the hackers opportunity to procure goods at 100% discount coupons.
- A hacker sent spurious email from CEO's mailbox to the finance department asking it to transfer funds to a fictitious vendor's bank account. Thus, new facets of cyber threats are emerging with advancing technology and new business models.
Use of internet
- The government and enterprises have now increased internet usage for critical applications like operating power grids and smart cities, conducting banking transactions etc.
- However, these increased usage has brought forward cybersecurity concerns.
Cyber terrorism
- Currently, state sponsored cyber terrorism, non-state terrorist groups, corporate and individual hackvists are engaged in different crimes, espionage, theft of patents, and other information assets.
- Nations such as Russia, China, Iran, North Korea are reported to use cyber capabilities as an effective geostrategic tool for espionage, propaganda attacks, to target critical infrastructure systems, for intelligence gathering and also to support political and military objectives.
- Non-state terrorist groups deploy internet "to organise, recruit, spread propaganda, collect intelligence, raise funds, and coordinate operations". Example: ISIS is found targeting sensitive information about US military personnel to spur 'lone-wolf' attacks for theft, extortion, and drug trafficking. It is also spreading its vicious propaganda through social networking sites which attract a larger number of people, mainly youth.
India Inc.'s cyber security preparedness
- Unfortunately, the Indian industries also don't have robust response to cyber risks.
- India ranks third globally as a source of malicious activities and its enterprises are the sixth-most targeted by cybercriminals.
- There have been investments in high-end security products, cyber-breach detection capabilities in most large organizations, yet they remain largely ineffective.
- Their crisis-response strategies also appears to be inadequate. In early 2016, EY conducted a cyber-attack simulation for 79 CEOs where they were asked how they would react when informed about their customer data being compromised.
- The responses ranged from contacting the chief information security officer to the chief marketing officer to the corporate communications officer. However, most executives did not have concrete plan with regards to cybercrime related to ransom demands.
Thus, the organisations have to protect their intellectual property, customer, vendor and employee data, strategic plans, financial statements, legal positions etc. which are at risk due to cyber threat and enhance their cyber resilience.
Way forward
Need for awareness and skilled manpower
- Now, the attacks cannot be limited just by installing anti-virus security. It has become far more complex.
- Cybercrimes include techniques like botnets (use of network of robots that spread malware),zombie computers (a computer that has been hacked into and is used to launch malicious attacks), app exploitation, and detecting problems in newer programming languages like Python, among others.
- Hence, now the cyber security is not only about protecting but also detecting and responding.
- Currently, there is a need for three lakh professionals but the availability is around 30,000. Hence, there has to be a dedicated cadre of cyber security professionals and experts.
Need of stronger national cyber security policy
- Cyber-attacks are not a matter of "if" but "when" in these times.
- India's existing cyber security policy of 2013 must be reviewed in the light of emerging cyber threats.
- India's cyber security strategy must be able to protect multiple digital intrusions at all levels:military and corporate espionage, electronic attacks disrupting critical infrastructure, ICT and IoT systems and data privacy, integrity and security of its citizens.
- A national cyber security agency should be set up to develop appropriate policy, strategy and action plan, linking key ministries.
- Dissemination of best security practices, intelligence sharing, intrusion reporting and effective coordination and partnership between private, corporate, government and international level organisations like the UN, the European Union and India's allies.
- Signing of MoUs on cyber defence with allies and international organisations may become unavoidable as cyber threats defy state borders and organisational boundaries.
- Thus, cyberspace is increasingly becoming a key domain besides air, sea and land warfare. The nation's top strategic, business, and technical leadership, both from government and private must work in tandem bolstering partnerships between central, States, and the local governments.
- Adequate funding for ICT and IoT security is inevitable for strategic research and development along with enhancing India's technological and investigative capabilities.