Weak Ecosystem Hits India's Cyber Security

by CXOtoday News Desk    Oct 20, 2014


While the proliferation of web and mobile technologies has been a boon to the global economy, on the flipside this trend has given rise to widespread cyber crime globally as well as in India. “India has witnessed a massive rise in cyber crime incidents in about 10 years,” said Telecom Minister Ravi Shankar Prasad at the cyber security summit organized by The Observer Research Foundation and industry body Ficci, who believes in strengthening the cybersecurity ecosystem can better the situation.

Prasad expressed concern over the absence of technical and legal infrastructure to catch cyber criminals, as also the lack of mechanism to check the unhindered growth of network of infected computer systems and flow of global information to check cyber crimes. He told PTI, “In the year 2004, we had only 23 incidents of cyber crime. Last year we had about 72,000 incidents. Media reports show as to how cyber attacks are done to completely immobilize the financial infrastructure, information infrastructure.”

Both the country’s public and private sectors are seeing a phenomenal rise in the cyber security incidents - phishing, defaced websites, network breaches, virus attacks – over the last couple of years, in which the attackers compromise computer systems located in different parts of the world and use masquerading techniques and hidden servers making it difficult to trace them.

Moreover, while cyber crime may appear as an urban phenomenon, causing massive losses to large organizations, a recent data shows a majority of hacking and other cyber offenses are happening in small towns and rural areas in India. While this is also an indication that internet penetration in the country is increasing, but, businesses in these regions are not equipped to deal with these complex threats are suffering a huge setback.

As per the National Crime Records Bureau (NCRB) data for 2013, the year saw a jump of 122.5% in cyber offences over 2012. But most interestingly, hacking formed close to 60% of all cyber offences (under IT Act) in India followed close to 60% of all cyber offences (under IT Act) in India followed closely by obscene or derogatory posts (28%).

According to a recent government’s cyber security arm Computer Emergency Response Team-India (CERT-In) 62,189 cyber security incidents were reported in just the first 5 months this year, which was alarming.

Prasad stressed on awareness creation and capacity building in the cyber space. It was noted earlier  that the country would need 500,000 cyber security experts by 2015 to protect its IT infrastructure. As a result, they believe that the country should gear up to create a strong pool of cyber security experts to strengthen its cyber security space.

“There is great imperative to have proper ecosystem where there is meaningful cooperation. It is very important that information is properly shared. It is equally important that there must be mechanism for accountability in place in respect to crimes committed in cyberspace,” he said.

British Member of Parliament and Secretary of State for Culture Sajid Javid mentioned that multi-stakeholder model, both to governance and security, is the single best solution to the challenge cyber crimes. “We must ensure that the internet is safe, secure and successful, but we cannot allow that to be an excuse for further government control of cyberspace,” he said.

“The role of the government can be particularly important in facilitating information sharing and creating awareness when it comes to combating cybercrime,” says Art Coviello, executive vice president of EMC and executive chairman of RSA. “Most organizations, especially in the government rely heavily on traditional perimeter-based defenses, making it nearly impossible for them to identify spot unknown threats. An intelligence-driven security model, on the other hand, leverages analytics for pervasive monitoring, threat information sharing and intelligent controls,” he explains.

The India government and IT organizations both are however stepping up efforts to invest in resources to combat cyber security in recent months. In July last year, the government formed a new body called the National Critical Information Infrastructure Protection Centre (NCIIPC) protects assets in sensitive sectors such as energy, transport, banking, telecom, defence and space, apart from CERT-In that already protected cyber assets in non-critical areas.

According to several reports the government and top Indian organizations are investing in areas such as security personnel, advanced tools and training programs to counter large scale cyber attacks in the coming months. A recent survey by technology research and consulting firm BAE Systems Applied Intelligence suggests that global enterprises are already spending 15-20% of their entire IT budgets on improving security and the number is set to increase in the next one year.

Prasad said India will continue to support the framework of internet governance which must be inclusive and democratic.