As India firmly finds its place within the digital era, it is time to up its defences in cyber space.
India seems to have entered a new age- the cyberage. Wide-spread internet and smartphone penetration, especially within the Tier 2 and Tier 3 cities along with the widespread digitalisation the country has witnessed since the onset of the pandemic have all contributed to India squarely entering a new cyber age.
Of course, rampant digitalisation has not just meant more internet users, but also digital footprint. This included large number of e-commerce transactions, digital payments and money transfers. Data from the apex Reserve Bank of India (RBI) show that India is now clocking around 100 million digital transactions a day with a volume of $67 billion, about a five-times jump from 2016. RBI expects this to further grow five-fold to 1.5 billion transactions a day worth $200 billion.
The use of digital technology led to savings of nearly $23 billion, 98 per cent of this by eliminating erroneous beneficiaries. The advent of United Payment Interface (UPI), a real-time payment system developed by the National Payments Corporation of India and monitored by RBI has also changed the game for digital transactions.
Digital transformation across sectors such as manufacturing, education, healthcare, as well as government services and labour markets now has the potential to create $10-$150 billion incremental economic value by 2025.
Of course, criminals too seem to have upped their cyber game. According to an IBM report released recently, India was the second most attacked country by cyber criminals after Japan in Asia Pacific in 2020. IBM Security X-Force observed attackers pivoting their attacks to businesses for which global COVID-19 response efforts heavily relied, such as hospitals, medical and pharmaceutical manufacturers, as well as energy companies powering the COVID-19 supply chain.
To quote the report, “India was the second most attacked country in the Asia Pacific. Attacks on India made up 7 per cent of all attacks X-Force observed on Asia in 2020. Finance and insurance was the top attacked industry in India (60 per cent), followed by manufacturing and professional services.”
The report also stated that ransomware was the top attack type, accounting for around 40 per cent of total cyber attacks. In addition, X-Force observed digital currency mining and server access attacks had hit Indian companies last year.
Another report by The Kaspersky Security Network (KSN) states that India has seen a 37 per cent increase in cyberattacks in the first quarter (Q1) of 2020. The report showed that its products detected and blocked 52,820,874 local cyber threats in India between January to March 2020. With more users getting connected to the Internet and entering the digital payments ecosystem, cyber fraud incidents may go up in 2021, researcher at cybersecurity firm warned. "As more options for digital payments are introduced, we can see more similar cases in the future," the company said.
And it’s not just funds that are being siphoned off.
In this digital era, data is the new currency and hackers and cyber criminals are targeting firms databases as much as they are targeting their wallets.
Earlier, this year, Greenbone Sustainable Resilience, a German cybersecurity firm reported that medical details of over 120 million Indian patients had been leaked and made freely available on the Internet.
Indian pharmaceutical company Lupin confirmed an information security incident that has affected multiple internal systems, while Dr Reddy’s confirmed a ransome ware attack. In November 2020, emerging e-commerce giant BigBasket's database was on sale for $40,000 in the cybercrime market.
The Kaspersky researchers also warned that as lockdown has made many micro, small and medium-sized enterprises (MSMEs) to go digital, they will have to take essential steps to protect their customers personal information. Any loopholes in the setups may provide attackers an opportunity to go after MSMEs, Kaspersky said.
Companies in India largely tend to report cybersecurity incidents to regulators only where it is mandatory under applicable laws. Secrecy rather than reporting and remediation remains an issue in the event of data breaches. However, the upcoming amendments to the Personal Data Protection Bill 2019 (PDP) are expected to address most of these inaccuracies and discrepancies. However, India will have to come up with much stronger cyber security measures going forward and fast.