Changing Landscape of India’s Cybersecurity Infrastructure- Why and How?

Changing Landscape of India’s Cybersecurity Infrastructure- Why and How?

Let’s get into WHY?

51 % in the number of ransomware attacks across multiple sectors including critical infrastructure in 2022, said a report by CERT-IN.

The recent cyberattack on the All India Institute of Medical Sciences (AIIMS) has once again put the spotlight on cybersecurity practices at government and critical infrastructure organisations in India.

The Sophos State of Ransomware in Healthcare 2022 report has found a 94% increase in ransomware attacks globally.

This leaves organizations particularly vulnerable, and when to hit, they may opt to pay a ransom to keep pertinent, often lifesaving data accessible.

What is the PRESENT State?

Cyber security is the biggest challenge that India is currently facing. All networks — from the Mumbai grid the Kudankulam Nuclear Power Station and government websites to corporates and even individuals — are under attack. But we do not have any legal frameworks to deal with such vulnerabilities. India lacks a dedicated cyber security law. Countries like China, Vietnam, Singapore, and Australia have dedicated laws which are helping them to deal with cyber security challenges. The Indian Information Act 2000, the only act in place today, is not effective at all. The Act was enforced two decades back and it was aimed at enabling e-commerce in the IT sector.

"Cybersecurity weakness within this key sector has been observed here in India as well, where most of the government departments are still using decades-old security controls, using legacy versions of software which makes updating to newer technology difficult,” said Sundar Balasubramanian, managing director, India and SAARC region, Check Point Software Technologies. “Some opt for untested, cheaper versions of firewalls, adequate only for basic infrastructure security, feeling safe that they have implemented some sort of cyber controls but which in reality, cannot withstand the latest, sophisticated cyberattacks.”

No wonder, as India grows economically, instances of such cyberattacks are set to rise. During the Covid pandemic period, cyberattacks had seen an exponential rise. High level of digital adoption was the major factor behind this trend. According to cybersecurity firm Kaspersky, more than 4,00,000 new malicious files were distributed each day to attack users daily. Over 6.74 lakh cybersecurity incidents were reported in the country in 2022 till June, as per data shared by CERT-In (Indian Computer Emergency Response Team). CERT-In reported more than 14 lakh incidents of cyberattacks in 2021. So, cyber incidents are on a rise every year.

NOW THE HOW!

Robust cybersecurity infrastructure is desirable.

To achieve this, cyber awareness is critical. Most of the time, cyber breaches happen because of not following the protocol. The user or the individual is the most critical first line of defence against any cyberattacks.

Sharing of password, multiple users, easy access to outsiders, weak endpoint security, and other such practices lead to cyber breaches. Therefore, in this digital era, staffers have to be sensitised on the issue of following the good practices for maintaining a robust cybersecurity infrastructure.

Most organizations, though becoming adopters of digital channels, don't invest enough in cyber security tools. This makes the system vulnerable to phishing, malware, and ransomware attacks among others. Organizations, therefore, have to create separate budgets for investing in cyber security frameworks within their technology spend. Any negligence in this aspect can expose companies to severe financial and reputational risks. It's time that everyone takes the cybersecurity theme seriously for protecting critical data from cyber thieves.

DATA BILL PROTECTION ACT, 2022

The data protection bill is a landmark legislation meant to regulate how various companies and organizations use individuals’ data in India.

Bill says “Failure of data processor or data fiduciary to take reasonable security safeguards to prevent personal data breach under sub-section (4) of section 9 of this Act will cost a maximum penalty of Rs250 crore”.

What does it mean for the organizations?

It simply means that organizations need to stay on guard and ensure that the company's data is safe. They should know exactly how their data is used, who is using it, and where it is being shared.

Here are five ways in which organizations can ensure data security and ensure compliance with regulations:

#1 Zero Trust Security (Never Trust, Always Verify)

#2 Data Loss Prevention (DLP)

#3 Data Encryption

#4 Database Activity Monitoring (DAM)

#5 Endpoint Security

To safeguard your organization from the hefty fine of Rs 250 cr ($30 million) DeTaSECURE has designed a Data and Asset Protection Program to help you fight any kind of Data Breach and Personal Data leak.

On December 14th 2022,

The National Security Council Secretariat (NSCS) has formulated a draft National Cyber Security Strategy, which holistically looks at addressing the issue of security of national cyberspace, said the government in the Lok Sabha.