Promote your Business on Economictimes.com for free and reach out to millions of potential Customers
The global cyber attack that has almost affected computers across the world, including India, puts the spotlight back on network and data security in government agencies, banks and corporations.
According to media reports emanating from the US, security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 99 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefonica were infected.
While the damage in India can only be known by Monday, the ransomware incident does make Indian agencies edgy. So, how ready is India for such an attack?
In India, cyber threats fall in two categories. One, a computer is used to attack another computer via hacking, virus attacks, DOS attack, and so on. Two, the computer is used as a weapon to commit real world crimes like cyber terrorism, IPR violations, credit card frauds, EFT frauds, and pornography.
A report by Kaspersky, an international software security group, says India ranks fourth in the list of hacked servers available for sale via xDedic marketplace, which listed 3,488 Indian servers for sale as of May 2016.
Highly skilled fraudsters can get hold of personal information through a process of virus-driven automation and carry out a potential theft, which can cause monetary or reputation loss. Hackers can also spy ware on a PC to attempt to destroy the infrastructure of a particular network.
The data, once procured, is leaked for an amount or used to conduct fraudulent transactions online without the knowledge of the real owner of the account.
"Once it is out there, it is out there. There is nothing one can do," says AppKnox Co-Founder & CMO Prateek Panda. AppKnox is an automated testing tool for application developers and enterprises that help them identify and fix security loopholes in applications.
Individuals can take a host of simple measures such as ensuring password are tough to decode and include a combination of numbers, letters and symbols to protect their online accounts. Saving passwords on computers that have multiple users, email account as well on online payment wallets could pose a potential threat and must be avoided. Usage of public wi-fi should also be done with extreme caution, and only on devices that have a strong anti-malware installed.
Keeping a close check on financial accounts on a regular basis is also a way to ensure safety against cyber frauds. Ignoring fishy pop-ups can also ensure no unwanted malware loaded on the computer system accidentally.
Email services companies offering cloud service also offer the option of a two-step verification, which requires the user to enter his or her password and a verification code sent via SMS before being able to log on an online account. Opting for a two-step verification process could deter a potential hack.
The Information Technology Act of India states that when a cyber crime has been committed, it has a global jurisdiction and a complaint can be filed at any cyber cell. The victim can first file the complaint from any cyber cell of any of the cities and also send direct email on cyber cell police stations located in 21 cities.
However, Panda believes that India's battle against cyber crimes is a lost cause because of open-ended and obsolete cyber laws. He says strong laws, proper policy guidelines for businesses to follow and security audits both internal and external are the only ways to fight against cyber crimes.
Cyber law expert and Supreme Court lawyer, Pavan Duggal says laws pertaining to cyber crime are caught in a historic time warp with cyber crime legal provisions introduced only in 2000s, and amended last in 2008. "India requires distinct dedicated cyber crime courts whose only job would be to deal with cyber crime matters for expeditious disposal of cases," says Duggal. He believes only a time-bound approach in addressing cyber crime issues will instil Indian consumers' sentiment towards being protected against such crimes.
Duggal believes a majority of businesses are not sensitized on issues a consumer face when they are made targets of cyber criminal activity, and only proactive compliances mandated under law will compel businesses to adopt security measures. "We are thoroughly ill-aware and ill-equipped to understand the ramifications of cyber security breaches and India lacks the culture of cyber security," he says.
"The onus of protection against cyber threats lies not only on the government, but also on businesses and consumers" says of cyber security company Lucideus Tech, CEO, Saket Modi. He believes a culture to comprehend the digital world needs to be developed in the education system. "The fundamental framework for which you require training is missing in schools," says Modi. However, he adds that businesses are much more eager to address potential cyber threats now, compared to a year ago.