Thirty Percent of all transactions in India are digital, one of the highest in the world. Cybercrimes caused Rs 1.25 lakh crore loss in 2019 most of it to Ransomware attacks. This will continue to grow with the digital push, smart cities and 5G network, among other digitalisation initiatives, unless there is nothing to hide.
Security, whether physical or cyber, is precarious and uncertain, until we provide it for all and make it a part of our everyday life. What started as fun war games developed by Mathew Broderick way back in 1983, has turned into serious business just a decade later. Hacking now is real and fast emerging as a multibillion-dollar business.
The World Economic Forum (WEF) report 2022 notes that even as the world’s digital dependency increases, cyber threats too are growing, much faster than the society’s ability to prevent or respond effectively. Cyber-crimes such as online fraud, identity theft and ransom attacks are growing each year. These attacks are expensive and sometimes disastrous for individuals and organisations.
Earlier, wars were essentially traditional all-arms model of infantry, artillery and tanks of WWI/II. They have now evolved to include electronic warfare, information superiority and cybersecurity. Ukraine war is a case in point. Can technology provide security to technology inspired crimes?
AARP reports that Americans were hit by an unprecedented rise in cybercrime in 2021, with nearly 850,000 cases reported to the FBI and losses crossing $6.9 billion. Most of the attacks were Ransomware, Business e-mail compromises, Confidence scams and Cryptocurrency scams. Be it the Ukraine infrastructure breaches, or the Costa Rica’s Conti ransomware attack that crippled their import/export business were major ransomware attacks this year.
In India, Cybercrime related to ATM Debit/Credit Card, and Internet Banking increased to 64 Cr in 2021 from the previous year’s 59 Cr as was reported in the Parliament. It is indeed gratifying that RBI issued instructions providing for zero liability to the customer if the incident were to be reported within three working days. Be it as it may, India witnessed 18 million cyber-attacks and 200,000 threats a day in the first quarter of 2022, said Google’s VP-Engineering for Privacy, Safety and Security. The largest breach was Air-India. Its data service provider SITA, reported that in May 2021, data from Air India servers was breached and over 4.5 million passengers’ personal data was compromised.
The Unique Identification Authority of India (UIDAI), asserts that Aadhar data is fully safe and secure. Indeed, the Data of all Aadhaar holders is safe and secure in the Central Identities Data Repository (CIDR) of UIDAI. Do you know that Aadhaar database in CIDR has never been breached in all its years of its existence? It and even introduced a new concept of ‘Virtual ID’ which the holder can generate, differently every time he logs in, from a website and use for various purposes, including SIM verification, instead of sharing the actual 12-digit biometric ID, which gives its users the option of not sharing their Aadhar number at the time of authentication.
People are very innovative, disruptive, unstructured and technology savvy, way ahead of structured developers that governments depend on. Hence, Data theft, sometimes through hacking and sometimes by exploiting breaches in the last mile, or anywhere in the operational supply chain, is always a possibility. Security policy, regulatory compliance, user awareness programs, access control, security audit, incident response, encryption, firewall and finally anti-virus, are all important aspects of security.
The past of cyber security was young and immature. The attackers were more innovative than defenders who were mired in FUD (fear, uncertainty and doubt). Attack back, was illegal or classified. Currently, cyber security is a scientific discipline and is application and technology centric. Cyber security can never be “solved” but can only be “managed”. Today, attack back is an integral part of cyber security. Its vulnerabilities and threats can change in seconds. Protective measures also can become obsolete just as quickly.
India has an effective cyberspace security response system, a security threat and vulnerability reduction program and a security awareness and training program. We will need a Quantum Encryption to protect our digital assets and infrastructure from attackers. Further, we must influence an effective International Cyberspace Security Cooperation Model.