Cyber crime in India is growing dangerously and assuming alarming proportions. To prevent this menace from getting out of hand, the government, society and public sector need to work together to device effective defence soloutions that can help keep cybercriminals at an arm’s length.
Often hailed as one of the fathers of Internet, who also happens to be Google’s Vice President, Vint Cerf recently scribbled on his blog, “Internet is borderless and belongs to everyone. It has brought in an unprecedented freedom to billions of people worldwide – the freedom to create and innovate, to organize and influence, and to speak and be heard.”
It is an undisputed fact that Internet today has become an integral part of our lives. Two million people are now connected to the Internet and their numbers are growing by 200 million every year. Right from the digital wave created by tech-savvy youth (based on the exponentially rising sales of smartphones) to the brisk spurt in the growth of e-commerce portals over the past two years, besides of course the heady popularity of social media sites like Facebook and Twitter, the influence of Internet is all pervasive and palpable.
There have been several reports that underscore how Internet offers a much-needed boost to a nation’s productivity levels. In the context of India, Internet’s contribution to the nation’s GDP is set to grow exponentially from $30 billion in 2011 to a whopping $100 billion in 2015, according to a Mckinsey report. Private and public companies in the country are swiftly integrating Internet-based services into their business models. The aim is to take advantage of New age offerings in order to cut down on the ever increasing costs.
Global consulting firms predict that India will overtake the United States by 2015 to become the second-biggest Internet user in the world after China. Naturally, the corporate world and the Indian government are going gaga over the prospects and how it would help lift all boats. On its part, the Indian government has already announced plans of up to Rs.200 billion for broadband expansion across the country where more than 10% of the population (150 million to be precise) is on web now. But as always, there is a flip side to the coin as well. As businesses and societies in general increasingly rely on computers and Internet-based networking, cyber crime and digital attack have increased around the world. These attacks include financial scams, computer hacking, downloading pornographic images from the Internet, virus attacks, e-mail stalking and creating websites that promote racial hatred. According to the Norton Cyber Crime Report of 2012, 1.5 million people are impacted every day across the world – close to 18 people per second – falling prey to cyber crime, including attacks, malware and phishing. Globally, the financial loss as a result of cyber crimes has been to the tune of $110 billion in 2011.
More than 42 million people in India were victimized by cyber criminals last year, with approximately $8 billion in direct financial losses, the report said. According to the report, 66% of adults in India have been victims of cyber crime in their lifetime. In 2011, 56% of adults online in India experienced cyber crime, translating to more than 115,000 victims of cyber crime every day or 80 victims a minute and more than one a second. One in three adults online (32%) has been a victim of either social or mobile cyber crime in the last 12 months, and 51% of social network users have been victims of social cyber crime. Specifically, 22% of social network users reported to have been a victim of identity theft.
Even government websites were not spared. There have been incidents of defacement of top government agencies like the Central Bureau of Investigation (December 2010), Bharat Sanchar Nigam Limited in December 2012, Oil and Natural Gas Commission in November 2008 and other ministries and departments (which totaled 294 till October 2012). Indian websites catering to diversified industries have been defaced at regular intervals. While 9,180 websites were hacked in 2009, the figure shot up by 57% to 14,392 cases during the first 10 months in 2012.
Clearly, the growth in cyber crime has started assuming disconcerting proportions. But surprisingly, the Indian Penal Code has not figured a way to define “Cyber Crime” precisely. It’s only after the latest amendements to the the I.T. Act, passed in 2008, that a large number of cyber crimes have been brought under the ambit of the law. Currently, there are stringent provisions related to cyber security under sections 66C, 66D and 67(1), under which any conspiracy for cyber terrorism is punishable, and the sentence may extend to life imprisonment.
However, laws alone cannot curb cyber crime, which is often conducted in jurisdictions where timely extradition, trial and punishment in a cost-effective manner are difficult and, hence, ineffective as a deterrent. The criminals know this and exploit the situation. Also, cyber criminals inhabit regions across the globe which makes policing and apprehending them a challenging proposition. As such, governments need to react fast to cyber crimes, and law enforcement needs to keep up with the innovations that criminals have access to.
But with governments generally being slow in responding to the challenges posed by cyber crime globally, companies worldwide have been working hard to influence the minds of consumers, creating awareness and building the trust factor over the safety of online transactions. Can they succeed where governments have failed so abjectly? Rajesh Kharwal, Director Government Business, McAfee India, opines, “Awareness is of course essential, but is that enough? There needs to be an understanding of the risks, so that people can modify their behaviour because the implications of not doing so could be far-reaching.”
Realising the gravity of the situation, the Indian government has of late started taking steps to build up awareness and preparedness to take on the challenge of fighting cyber crime. In July 2010, the government proposed establishing a unit of specialized hackers to counterattack international hacking activities. In January 2011, the proposal was formally announced under which the government aims to train five lakh cyber crime warriors under a public-private partnership with an estimated cost of Rs.1 billion. It has also been pushing for summary arrests of cyber criminals with the help of cyber crime police stations. In 2011, the National Crimes Record Bureau registered 1,184 arrests for cyber crime under the IT Act, a hike of 67% from 799 arrests in 2010 (a mind boggling 768% up from 154 cases half a decade back).
Going further, the goverment has entrusted Internet service providers and social media platforms like Facebook and Twitter with self governing powers to regulate the content under their scope. They are regularly asked by the government to be vigilant against malicious and invidious content or be held accountable for propagating any unlawful information. In a recent incident last year, hundreds of websites were blocked by the government following unrest in the Northeastern states of India.
But the big question remains whether these steps will suffice to check the rising meance of cyber crime? According to McAfee’s report for the third quarter of 2012, the volume of SPAM in India’s Internet territory touched the 40-million mark. Though the figures have been slashed by 60% y-o-y (100 million in September ’11), there still remain areas where one needs to look into at the earliest. Also, cyber attacks are becming more sophisticated and harder to detect. Mahesh Gupta, Vice President, Borderless Networks, Cisco India & SAARC in an exclusive conversation with B&E said, “New and changing methods of cyber attacks and the lack of up-to-date intelligence and knowhow to prevent such crimes have made system exploits even harder to detect.”
Today’s sophisticated threats require a layered approach to security, encompassing security, disaster recovery, along with information management to protect information irrespective of where it resides. To address these concerns the government, private sector and civil society need to come together and work in tandem “to adopt an integrated, adaptive and collaborative security approach,” says Gupta. The government needs to ensure a regularly updated legislative and institutional framework is in place while the private sector should lend its expertise to government agencies for putting up basic defences in place, as many government agencies don’t even have the resources required to take on cyber crime. The private sector can come forward to provide technology such as data encryption, data loss prevention, protective monitoring, vulnerability management and a range of managed and cloud-based services to government agencies for better protection against cyber crime. As the penetration of computer technology and communication into all walks of life evolve at a dizzying pace, the need for montitoring our systems and networks against the risks of cyber crime is bound to become more complex and demanding. To avoid giving cyber criminals the initiative, it is important that government, society and the public sector come together to anticipate the risks and plug the loopholes in our cyber security.
