The recent data breach at BigBasket, in which the details of around 2 crore users were put on sale on a forum in the dark web, follows a larger trend of cyber theft that has held strong through this year. Data breaches have shown a steady increase, and India has seen a 37 percent increase in cyber attacks in the first quarter of 2020 compared to 2019.
India has also been figuring in the top countries that have been falling prey to data breach and theft since years and no substantial action has been taken to affect major changes to this. Besides this, Indian companies allowing employees to Work From Home (WFH) have not prepared them to deal with how to protect themselves from unauthorized access or usage. These companies have become a lame target for cyber criminals, causing cyber security breaches to massively increase.
“In India, data breaches have been happening at a very frequent speed. However, most of the time, these data breaches are invariably not reported. So the common man looking at the public domain tends to have a sense of complacency that everything is hunky dory and that there is no need to worry,” Pavan Duggal, advocate, Supreme Court of India and an expert on cyber laws told THE WEEK.
“The fact remains that cyber security breaches in the world generally and specifically in India are constantly on the rise. The coming of COVID-19 has the dramatic effect of steroids on cyber space. Ever since the advent of Coronavirus, we have been seeing a massive increase not just in cyber security breaches but also we have seen the ushering of the golden age of cyber crimes.”
This expert says that India does not have a dedicated law on cyber security. Consequently, the detailed nuances of cyber security legal frameworks are currently missing. The only provision we have in India is the Indian Cyber Law being the Information Technology Act, 2000 which though has given legal definition to the term “cyber security” still only provides lip service to cyber security legal frameworks.
“I feel that companies should automatically report cyber security breaches and that they should be complying with the provisions of the Indian Cyber Law and rules and regulations made there under. What is currently missing is the deterrent message. The government can come up with secondary legislation under Section 87 of the Information Technology Act, 2000. While cyber security is engaging the attention of corporate boards, criminal prosecution against corporate boards in India has not yet begun as the result of cyber security breaches,” added Duggal.
It has been observed that the surge in cyber attacks is mainly due to the digital shift that has occurred due to the conditions of the pandemic. Businesses have had to implement a WFH model and services can largely only be provided digitally. This shift has put a lot of people online for long periods of time, and has consequently increased the number of potential targets for hackers. According to a recent research, nearly 15 billion credentials are up for sale on hacker forums right now, indicating that hackers are making hay.
“Data breaches can occur primarily through two channels via employees or via technological means. Businesses must take adequate steps on both fronts to prevent data breaches. Businesses must still safeguard themselves from new threats such as cyber attacks on applications that use cloud based software, which nearly all businesses are now employing to facilitate in-home collaboration. Social engineering is also emerging as a popular tool for hackers to steal data and gain access to accounts,” said Krupesh Bhat, Founder, CEO of SignDesk.
Technology companies such as Quintype run continuous security audits on their platform and treat issues coming out of these audits very seriously and pick them on priority. They also issue public bug bounties to hackers who have penetrated our system. The company representatives have been open and transparent to hackers who write to them about this.
“Despite taking all the steps there are cases where users get compromised because they use the same passwords across sites. There are hashing tables available using which hackers predict common passwords for a user. We are working on systems which notify users and our customers when some part of their data is compromised. Web security is an ever evolving subject. It is super important for technology teams and leaders to keep track of this and act soon based on knowledge,” pointed out Ramsharan Gorur Jayaraman, Vice President Technology Quintype.
It has been further observed that as we move towards an increasingly digitised landscape, cyber crimes are only bound to increase. Companies can tackle this only by taking a serious look at their cyber security infrastructure and plugging the loopholes through increased coordination and collaboration between private entities and the government.
“We must encourage and develop cyber security talents who can assist organisations with protecting, and securing their data. These professionals must be fluent with the latest emerging technologies such as Artificial Intelligence and Machine Learning as these technologies fare much better in addressing security lapses,” observed Ravi Kaklasaria, CEO and Founder of SpringPeople.