Indian telecom service providers offer the lowest data rates in the world. India is also the most populous country, with 1.3 billion people. More than half its population comprise youth below the age of 25 years. And smartphones are the primary source of Internet access for most Indians. With the availability of affordable data packs and falling smartphone prices, Indians are consuming more services (and data) on the Internet, through mobile apps, and of course, by watching a lot of videos! Digital payments and mobile wallets took off after the Government of India announced demonetization in 2016. All this makes Indian consumers prime targets for hackers who are out to steal user credentials (like credit card numbers and authentication details) and money from mobile wallets.
By Brian Pereira, Principal Editor, CISO MAG
A report from Symantec Corp. (now part of Broadcom) last year revealed that India is the second most cyberattacked country in the world, after the U.S. and China. This was widely reported in the media. Indian law, notably the Indian IT Act 2000, does not fully protect its citizens from new threat vectors like phishing, SIM jacking, ransomware, mobile payments fraud, bank fraud, malware attacks, social engineering, and DDoS attacks—all increasingly common these days. But the Indian government is expected to release a new cybersecurity policy this year. India’s Personal Data Protection Bill is also under review and is expected to be passed this year.
Speaking at the Cybersecurity India Summit 2020 in New Delhi last month, Lt. Gen. (Dr) Rajesh Pant, National Cyber Security Coordinator, Prime Minister’s Office, Government of India, said the new policy would be introduced in two to three months, that would make it May or June 2020. Pant said the new cybersecurity policy would address all the issues related to Cyber ecosystem like standardization, testing, auditing and capacity building. This was reported by The Economic Times.
In a presentation made previously, Dr. VK Saraswat, Member, NITI Aayog, said cybersecurity is crucial to all industries in India today–to protect critical infrastructure from attacks, damage, misuse, and economic espionage. He said the top five causes of “cyber disruptions” are phishing and social engineering, malware, spear phishing, denial of service, ransomware, and out of date software.
Most Indian organizations have already been attacked by hackers, though only few incidents are reported in the media. CERT-In (the Indian Chapter of the global Computer Emergency Response Team), has the authority to penalize Indian organizations that do not report breaches.
While corporate India and Indian citizens keenly await the new cybersecurity policy, we can only hope that it will provide robust protection for businesses and consumers—and give them legal teeth to fight attackers.