India braces up to fight rising cybercrime

Bengaluru: India has witnessed a spike in cybercrime incidents during the last few years. The NCRB (National Crime Records Bureau) data reveals that cybercrimes have shot up by 270 % between 2016 and 2020. It also claims that 65.81 % of the cases were pending investigation at the end of every year and an average of 45.57 % of cases are taken up for investigation in a particular year. Observing the situation, the MeitY (Ministry of Electronics and Information Technology) issued directions to strengthen cybersecurity in the country.

According to a statement provided by the Ministry of Electronics and Information Technology, the CERT-In (Indian Computer Emergency Response Team) extended a deadline for going by its cybersecurity guidelines, till 25th. The ministry said that the deadline was extended after MSMEs, data centres, VPS, VPN, and cloud service providers requested for some time to 'build capacity' required to implement the guidelines issued by CERT-In on 28th April.

What are the new guidelines?

♦ Reporting cybercrime incidents within 6 hours – Companies must have a tracking mechanism to report cybersecurity incidents and a well-equipped incident response team along with a response plan to report a suspected security breach.

♦ POC (Point of Contact) to communicate with CERT-In – Companies must assign POC with whom CERT-In can interact for any information.

♦ Maintaining logs for 180 days – All companies should maintain logs for a period of 180 days which means that the companies will have to look into their log management policies, logging capabilities of devices and apps, secure log storage and accessibility.

♦ Synchronisation of time clocks to NTP (Network Time Protocol) servers of NIC (National Informatics Centre) – The UTC (Coordinated Universal Time) and the local time must be recorded while storing logs of devices, applications, database and so on.

Why are ransomware attacks increasing?

We have noticed a higher number of incidents targeting the manufacturing industry says Raj Sivaraju, Arete's APAC President. "Cyber incidents mainly occur due to loopholes in the IT systems of organizations, existing vulnerabilities of tools used by the organizations, or missing security infrastructure. It could be due lack of centralized cyber security governing bodies administering the regulations. We have witnessed more maturity in the financial services and pharmaceutical industries. This is primarily due to the HIPAA (Health Insurance Portability and Accountability Act)/FDA (Food and Drug Administration) guidelines," he continues.

What measures can be taken by the government to prevent such attacks?

"Industry-focused approach toward streamlining the processes and bringing the cybersecurity and role of CISOs (Chief Information Security Officer) to the boardroom across industries is key to a sustainable risk management solution for organizations. The government could streamline the industry/sector-wise growth and security at a broader scale to monitor the Indian entities effectively. Additionally, to bring more visibility centrally to regular users, the government can take threat mitigation steps like blocking the TOR (Onion Routing Project) connections or blocking IPs (Internet Protocol) for known variants at the ISP (Internet Service Provider) level," he adds.

KYC norms are standard across industries as they assist in identification. "They help identify, validate, and retrieve information from time to time. Therefore, it becomes even more critical for network organizations serving businesses globally to know their customers and identify, validate, and retrieve information in case of a risk. Data Forensics helps understand the attack patterns, loopholes, information collected, and damage caused by a cyber-threat. This could be valuable information in identifying and fixing security lapses and creating awareness," he explains.

"The cybersecurity norms are designed by keeping privacy concerns in mind. As we have a reference from developed nations, I think there should be information masking criteria to ensure the customers' privacy and pre-emptive guidelines in case of any national-level serious incidents," he says.

Global norms in cybersecurity vs norms by CERT-In

Although the new CERT-In guidelines are progressive, India still has a long way to go. "Globally, cybersecurity norms are at varying levels. While countries like the United States have relatively superior cybersecurity norms, others are still drafting policies and guidelines. Our CERT-In regulations are evolving with time, but we still have a long way to go. The latest CERT-In directives are on the right path. They discuss the stringent empanelment process, threat advisories, and supporting governing bodies like CERT-IN, MoD, and RBI. CERT-In, is trying to align major bodies that already oversee network systems and areas where security is needed. So, impanelling key members is unique in the CERT-In guidelines, which can be a game-changer for India's cybersecurity future," he adds.

"The new CERT-In guidelines are bold and progressive. In today's fast-evolving market dynamics, such guidelines are peremptory. CERT-In gives a comprehensive perspective to all stakeholders that the government is taking IT security and threats extremely seriously," he expresses.

"Security isn't the responsibility of the governing bodies. It is an integral part of every individual. Thus, it should be treated accordingly. While companies have started considering IT investments carefully, it is useless until it is executed and planned correctly. You can have all the tools in the world. But, unless you know how to use and manage these tools well, they are nothing more than a random stone. Companies must look beyond positive ROI and consider how adequate IT investments create a risk averse business environment," he concludes.