With the country logging into the digital world to become a cashless economy, the threat of data breach loomed over both public and private enterprises, with several such cases being reported through the year — forcing the government to wake up from its slumber and prepare for digital war.
In one of the financial sector’s biggest cyber threats, millions of debit cards were compromised after a malware-related security breach was detected in a particular ATM network in October. The State Bank of India (SBI), HDFC Bank, ICICI Bank, Axis Bank and YES Bank were among those which reported several of their customers’ debit cards being compromised.
India was also listed among the top five in the world to be attacked by ransomware — malware that forces its victims to pay a ransom through certain online payment methods to regain their data — as reported by Moscow-based Kaspersky Lab, a leading software security group operating in almost 200 countries and territories worldwide.
In September, Trend Micro Incorporated, a global leader in security software and solutions, reported that over 180 Indian companies were victims of ransomware in the first six months of 2016.
Indian businesses lost over $1 million from data losses and downtime in the last 12 months, a survey by EMC Corporation — the world’s largest data storage multinational — revealed in July. According to EMC, 46 per cent of organisations in India suffered unplanned system downtime and/or data loss due to external or internal security breaches.
Amid this, Pavan Duggal, the country’s leading cyber law expert, lamented that Indian Cyber law does not have adequate provisions to deal with the growing cyber threats.
“The Information Technology Act, 2000, amended in 2008, still does not comprehensively deal with all relevant issues in the cyber security ecosystem. India not being a signatory to any international treaty on cyber crime complicates the intrinsic ability of the immense law and legal frameworks to provide effective remedies against cyber crimes which are committed from abroad,” Duggal
With increased 4G and 3G penetration, the internet user-base in India is expected to double to 600 million users by 2020 from the current 343 million — so the threat will only grow.
“With the surge in digital transactions via e-wallets and other online payment gateways, mobile frauds are expected to grow to 60-65 per cent in the country by 2017,” warned leading industry body Assocham and global research firm EY in December.
According to Oracle India Managing Director Shailender Kumar, security breaches have moved information security from a hidden corner of the IT function to a topic of strategic importance to both business and society.
“Towards the beginning of 2016, cyber security had started to become a boardroom discussion. It has emerged to be a key concern for IT and business managers alike this year. In 2017, if security is not attended to, it will negatively impact not only the brand reputation but also the shareholders’ trust, revenue loss and result in higher risks for organisation,” Kumar told
With more and more Indians buying phones, enhanced security for the devices became another concern this year. India is the second-largest mobile phone market globally, with over one billion mobile subscriptions. Of this, smartphone users account for approximately 240 million subscriptions, which is expected to grow to 520 million by 2020, said a joint study by Assocham and Deloitte released in December.
The threat gets bigger with more and more people embracing mobile digital payments in the wake of demonetisation. “Mobile continues to be an area of exposure. As we get more and more used to transactions with mobile banking or e-commerce, mobile becomes more of a financial gateway and the implications are huge,” said Anand Ramamoorthy, Managing Director, South Asia, Intel Security.
Keeping this in mind, the IT industry’s apex body Nasscom and the Data Security Council of India (DSCI) launched a detailed road map for the next 10 years. Titled “Growing Cyber Security Industry, Road Map for India,” the report identifies Managed Security Service (MSS), Security and Vulnerability Management (SVM) and Network Security (NS) as attractive emerging opportunities globally.
Nasscom-DSCI have also established the Cyber Security Task Force (CSTF) initiative that aims to create one million cyber security jobs and 1,000 cyber security start-ups by 2025.
As the year drew to an end, the hacker group “Legion” broke into the Twitter accounts of the Congress Party, its Vice President Rahul Gandhi, controversial liquor baron Vijay Mallya and TV journalists Barkha Dutt and Ravish Kumar, threatening to leak data that will create “chaos” in India.
The government later asked the micro-blogging website to strengthen its security and announced measures like audit of the Indian IT infrastructure and setting up a task force to quicken action on cyber security.
Highlights of the Indian cyber security scene in 2016:
* The government announced it will set up the National Cyber Coordination Centre (NCCC) to provide near real-time situational awareness and rapid response to cyber attacks; expected to be operational by March 2017.
* India poised to build a cyber security product and services industry of $35 billion by 2025 and generate a skilled workforce of one million in the security sector.
* The Ministry of Electronics and IT ordered review of the IT Act 2000 and set up a crack team to respond to cyber security incidents quickly.
* Nasscom and the Data Security Council of India (DSCI) launched a detailed road map for the next 10 years.