If the coronavirus showed us one thing, it was the importance of hand hygiene. Another thing that became apparent, if not immediately, then a few weeks into the lockdown, was just how much we would come to rely on the internet — for entertainment, to pay bills, to transfer money online etc.
And then there was the flip side — as the digital ecosystem evolved, so did digital frauds. According to the latest report by the National Crime Records Bureau, India reported 52,974 cases of cybercrime in 2021, an increase of over 5 percent from the previous year, 2020 (50,035 cases), and a jump of over 15 percent from 2019 (44,735 cases).
The onset of the pandemic and the forced switch to digitisation brought about by the subsequent nationwide lockdown made for happy hunting grounds for cybercrooks.
In such a situation, the role of the government in spreading awareness among the citizens to take steps and insulate themselves and their data online, and the host of companies that offer cybersecurity solutions, become crucial for enterprises and individuals alike.
One such company is eSec Forte - which has been empanelled by national cybersecurity watchdog Indian Computer Emergency Response Team (CERT-In) as an information security auditor. eSec Forte is a "Global Consulting and IT Security Services company with offerings across Cloud Security, Cyber Forensics, Malware Detection, Security Audit, Red Team Assessment, Threat Hunting, Security Operations Control, Penetration Testing, Secure Access Management, Risk Assessment, IOT Security etc.", as per its website.
As such, it is positioned to offer insights on several cybersecurity incidents that have surfaced in or impacted India in recent years.
Kunal Bajaj, the company's Chief Business Officer, touched upon issues like the Pegasus spyware, enterprise-level cybersecurity, ransomware attacks, online transactional fraud, data theft, and information security in an increasingly digital world.
Pegasus
The surfacing of Israeli malware/spyware Pegasus and subsequent revelations that several high-profile Indians were monitored using the software has made it a politically charged issue in India.
Bajaj highlights the loopholes in privacy laws in India. "The country has to thoroughly revisit these legislations in order to make sure that both matters of national security and the privacy of citizens can be balanced in a desirable manner," he says.
Meanwhile, at an enterprise level, several high-profile companies, such as Microsoft, Samsung, Uber, Rockstar Games, and NVIDIA, were affected by data breaches this year, begging the question, if technology companies aren't safe from hackers, then who is? How can they protect themselves?
Also read: If security is 'slack' — what happened at Rockstar Games could happen to your company too
"Increasing awareness of consumers about their information (shared with companies), coupled with intensifying threat of data breaches, has re-emphasised the need for strict cybersecurity controls and preventive measures," says Bajaj.
"Companies world over are employing top-of-the-line measures to safeguard their global Infrastructure and data points from hackers and anomalies," he adds.
Companies are also encouraging their employees to be cautious of potential threats which may target the end points by deploying effective:
"Besides all these efforts, companies are fully integrating flexible technologies and modular approaches so as to make a quick shift to a more advanced form of cybersecurity solutions," he explains.
Ransomware
Another cyber menace that rears its ugly head from time to time is ransomware. Simply put, a ransomware attack is an incident in which a bad actor had stopped you from gaining access to sensitive data, and holds that data to ransom — "pay me, or lose this data forever".
Just this year, the USA accounted for 60 percent of worldwide ransomware attacks, followed by Europe, Middle East and Africa, and Asia-Pacific — which includes India.
"There are many reasons behind the increasing number of ransomware attacks, with the biggest ones including the growing trend of remote working, unawareness about cybersecurity laws, lack of training, and unsecured data systems and networks among others," explains Bajaj.
By simultaneously working on all these fronts, organisations can dramatically reduce the instances of ransomware attacks and save themselves a lot of resources that would have otherwise required to be paid to hackers as ransom money, he says.
"Experts in the cybersecurity domain also point out the need of raising awareness among users about various steps that can be taken to safeguard their systems against ransomware attacks," he adds.
This can be done by first understanding the different ways in which a ransomware attack is deployed.
Transactional fraud
Simply put, a transactional fraud is basically a cybersecurity violation involving a digital payment. In a survey conducted by MasterCard, 90 percent of the consumers expressed their willingness to adopt new-age digital technologies to make payments safe.
The survey also expressed a growing need for stringent cybersecurity laws as there is a staggering 49 percent jump in the cybersecurity violations that consumers have witnessed in 2021.
"Banks, Financial Institutions, and other companies involved in the e-commerce space are also becoming aware of the increasing threat of cybersecurity violations, which explains the new methods of verification that have been now employed by various merchants across businesses and industries," Bajaj says. "One of the novel practices that may potentially increase is use of password-less technologies, which is really becoming instrumental in reducing digital frauds and becoming the favourite for innovating more such methods to arrest the growth of transaction frauds."
Information security
Information security is a set of processes and tools that are deployed in order to protect sensitive information of businesses and users from data hackers and scammers. "It is important to know that information security is part of the cybersecurity framework and should not be used as a replacement for the wider and holistic term of cybersecurity," Bajaj says.
Some of the prominent types of information security include application security, cryptography, vulnerability management, cloud security, and infrastructure security among others.
"The ability of information security to provide a swift response to cybersecurity attacks is one of the key distinguishing factors that set an excellent security system apart from ordinary ones. Today information security plays a crucial role in safeguarding the data and offering robust protection against the rising threats of data hacking and stealing of sensitive information," Bajaj adds.
Governments and regulators are also making their contribution in spreading awareness about information security and various laws associated with data breaches and hacking, he says.
"In the future the role of information security will become even more crucial and organisations with robust policies on cybersecurity will be preferred by customers over their competitors," he adds.
Emerging technologies
Artificial intelligence (AI), Machine Learning (ML), and blockchain technology have come to play a major role in cybersecurity.
"The use of AI is on the rise and its utility against cyber frauds is particularly relevant for keeping and preserving the data from the reach of hackers. ML is proving very useful in identifying the new patterns of cyberattacks and then training the machine to block any kind of suspicious activity," he explains.
"In addition to these new-age technologies, the distributed network of cloud computing, blockchain technology, and authentication through hardware are finding favour with cybersecurity experts," Bajaj adds.
The challenges ahead
According to Bajaj, overcoming all these challenges is not an easy task especially when it comes to the requirement of financial resources and spreading awareness among the masses. "Convincing policymakers and statutory organisations to allocate money for spreading awareness related to cybersecurity is a tough nut to crack," he says.
In a nutshell, cybersecurity requires a holistic and all-encompassing policy framework that will take into consideration the interest of each and every stakeholder while planning, designing, and implementing policies related to information security.
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
2024 Lok Sabha Elections | Why Kerala is in focus as the second phase begins to vote
Apr 26, 2024 9:33 AM
Bengaluru Rural Lok Sabha election: Over 20% voter turnout recorded by 11 am
Apr 26, 2024 9:11 AM