Is India Cybersecurity - Ready In 2020?

Shomiron Das Gupta, Founder & CEO, DNIFShomiron is a highly experienced intrusion analyst & entrepreneur, who has been building threat detection systems for more than a decade

With the rapid advancements that information technology is making by the minute, it comes as no surprise that cybersecurity has indeed become one of the most crucial aspects in this hyperconnected world. And yet, strides in this space, although impressive, can't really be called adequate, especially in India. In fact, a recent report by Data Security Council of India (DSCI) revealed that India has been the second most affected country due to cyber-attacks between 2016 and 2018. Further, the average cost for a data breach in India has risen by 7.9 per cent since 2017, with the average cost per breach record mounting to INR 4,552.

Cyber-Attacks in India in Recent Times
India has been one of the global epicenters of cyber-attacks in the past 3 years. The country saw some fatal attacks in 2019 alone, the most talked about ones being the data breach attack on the Kudankulam Nuclear Power Plant in October and the attacks on ISRO prior to the Chandrayan 2 mission. But make no mistake, these were not the only cyber-attacks the India faced in recent times. If we go by Quick Heal's annual threat report for 2019 alone, a staggering 1,852 cyber-attacks hit India every minute on average.

Let's take a look at five recent cyber-attacks in India that hit businesses and government bodies big time!

1. Cosmos Bank Cyber-Attack
In 2018, a group of hackers siphoned off close to INR 94.4 crores from Cosmos Co-operative Bank Pvt. Ltd., which shook the entire banking sector. Cyber criminals gained illegal entry into the bank's ATM servers and stole the details of several debit card holders. Hacker gangs from around 28 countries used these details to wipe off money from the bank as soon as they were informed of the attack.

2. Canara Bank ATM System Hacked
A similar attack was targeted at Canara Bank's ATM servers in mid-2018, wiping off around INR 20 lakh from various bank accounts. Hackers deployed skimming devices to steal debit card information and made transactions of between INR 10,000 and INR 40,000 per stolen card details. Around 50 victims were directly hit while the ATM details of more than 300 users were stolen.

3. UIDAI Aadhaar Software Hacked
2018 began with a colossal data breach; personal records of close to 1.1 billion Aadhaar card holders were compromised. Unique Identification Authority of India (UIDAI) revealed that around 210 Indian Government websites were hacked to leak personal details like Aadhhar, PAN and mobile numbers, bank account numbers, and IFSC codes. What's more shocking was that anonymous sellers were selling such sensitive information online for just INR 500!

4. Attack on Indian Healthcare Website
In 2019, Indian healthcare websites became the victims of a grave cyber-attack. It was later revealed that 68 lakh records containing patient and doctor information were stolen from a leading Indian healthcare website. The security firm further said that the stolen data was directly being sold in the underground markets.

5. JustDial Database Compromised
In 2019, JustDial, a leading local
search platform was exposed to a data leak, resulting in the personal details of close to 100 million users being compromised. Leaked details included the name, email, phone number, address, gender, etc. This happened due to an unprotected application program interface (API), which, according to reports, was shockingly left exposed since 2015.

How is India Tackling Growing Cybersecurity Concerns?
With such growing cybersecurity concerns, companies are rapidly opting for cyber insurance policies. In fact, according to the DSCI report, about 350 cyber insurance policies have been sold in India till 2018, which is a 40% increase from that in 2017. But is that enough? Certainly not, because cyber insurance can cover losses only to an extent; there's no guarantee of prevention whatsoever. Plus, data breaches have far-reaching impacts, not confined solely to monetary losses.

It's a known fact in the cybersecurity space that attackers have till now led the learning curve, with cybersecurity professionals following lead to strengthen preventive systems and processes

As such, in the attempt of creating a cyber-secure nation for citizens and businesses, the government of India is all set to launch an updated National Cybersecurity Policy in 2020. Apart from that, here are a few initiatives that the Indian government took in 2019 towards drafting the aforementioned policy.

1. Indian Computer Emergency Response Team (CERT-In)
The Indian Computer Emergency Response Team (CERT-In) is the national agency handling the country's cybersecurity. Over the years, it has gone through several advancements, which have helped in significantly lowering cyber-attack rates on government networks. Further, CERT-In also helps raise cyber awareness among businesses and individuals by issuing alerts regarding the latest cyber vulnerabilities and countermeasures and spreading awareness about the dangers posed by phishing attacks.

2. National Critical Information Infrastructure Protection Centre (NCIIPC)
Established by the central government, NCIIPC's role is to protect critical information of our country, which has a massive impact on national security and economic growth. NCIIPC conducts frequent cybersecurity exercises to monitor the cybersecurity preparedness of the government and critical sectors, which include:
-Power and Energy
- Telecom
- Transport
- Strategic & Public Enterprises

3. Cyber Surakshit Bharat
The Ministry of Electronics and Information Technology launched the Cyber Surakshit Bharat initiative in 2019, aiming to raise awareness about cybercrime and build capacity for securing CISOs and frontline IT staff across all government departments. The initiative also aims to conduct workshops to make citizens and businesses more cognizant of cybersecurity best practices.

4. Cyber Swacchta Kendra
Started by the Government of India, Cyber Swacchta Kendra is a cleaning bot used for malware analysis and detecting malicious programs. The bot is also equipped with free tools to remove any malware. Plus, the government has also set up a department called National Cyber Coordination Centre (NCCC) to generate situational awareness about existing and potential cybersecurity threats.

5. Personal Data Protection Bill 2019
The most important initiative of all, Personal Data Protection Bill 2019 is expected to become a law in 2020 once it is reviewed by the joint parliamentary committee. The bill intends to put measures in place to regulate the storage and processing of any critical information related to individuals in India. The bill also aims at making social media companies more accountable and push them to solve issues related to the spread of offensive content.

The future
Attacks are evolving every minute in terms of the damages they can incur. The aforementioned initiatives can only work to an extent; the brunt of cybersecurity awareness still lies on individuals and businesses. It's a known fact in the cybersecurity space that attackers have till now led the learning curve, with cybersecurity professionals following lead to strengthen preventive systems and processes. How-ever, the scenario is now changing with advanced technologies such as next gen SIEMs and predictive analytics coming into the picture, which help detect threats without a rule-based system, thereby flagging potential threats in a much faster and secure way.

With adequate nationwide awareness around cybersecurity, robust policies and initiatives in place, India should be able to combat cyber threats more effectively in the future, incurring minimal damages.