Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Ransomware attacks are rising fast. India needs to be ready. And the data bill must factor this in | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The last two months of 2022 brought India’s cyber vulnerabilities into sharp relief. In November, securities depository CDSL said it had detected malware in some machines and disconnected itself from the capital market. Later, AIIMS, New Delhi, found its services compromised. GoI told Parliament that five servers were affected due to improper network segmentation. These two incidents are examples of a larger challenge confronting India. CERT-In’s India Ransomware Report for the first half of 2022 said that there’s been a 51% year-on-year increase in ransomware incidents. A majority of attacks are on datacentres.

Data has a unique quality, it’s non-rivalrous. Simply put, it can be used simultaneously by different people and not necessarily with consent of the data owner. It’s this quality that makes even temporary data loss deeply problematic. As India moves apace to a digital operating system for social and economic activities, loss of data or even temporary access to it have emerged as a public security challenge. This problem is global in nature. For example, last year Ireland was forced to shut down its public healthcare service for a while following a ransomware attack.

Coping with this challenge starts with everyone following basic steps to safeguard their data. The most serious problems come from organised cyber-attacks on large data repositories and critical public infrastructure. The extent and scale of attacks on critical information infrastructure are in the realm of speculation as GoI told Parliament that revealing details is not in the interest of national security. Of no less importance is ring fencing data repositories from cyber-attacks. On the legislative side, there are two aspects that India’s forthcoming personal data protection bill needs to emphasise.

Data breaches are inevitable. The extent of loss, however, can be limited if two principles are followed. Purpose limitation in collecting data by all regulated entities needs to be strictly enforced. Sweeping in more data than required on flimsy pretexts increases risks manifold. Highly sensitive data such as biometrics are collected by different government organisations who may not all have high standards of cybersecurity. Collection of biometrics needs to be limited. The other essential principle is narrowing down the discretion enjoyed by a regulator in choosing when to let potential victims know about data breaches. Given data’s non-rivalrous quality, offering a regulator too much leeway protects a regulated entity at the expense of potential victims.


This piece appeared as an editorial opinion in the print edition of The Times of India.



Click Here For The Original Source.

National Cyber Security