You are here: Home » Companies » Features
Business Standard

Indian companies still to come out of the closet on cyber crime

Cases of cyber crime in Indian offices are on the rise, but mostly, such cases are settled by the HR dept

Aparna Kalra  |  New Delhi 

A labyrinth of confusion leads to the small but neat fourth-floor office of Unistal Systems in Delhi's Nehru Place.

The promoter of the Rs 20-crore company which manufactures data recovery software and tools, Alok Gupta, has battled a data theft case against a former employee since 2007. Gupta has the best legal brains on his side; well-known lawyer Pavan Duggal represents him in a civil suit, and the cyber cell of the Central Bureau of Investigation, or CBI, handles the criminal case. But Gupta is disappointed; the perpetrator never went to prison and the source code of the software stolen from him (source code is a language described by The Economist as a string of zeroes and ones) is still out in the market.

"They are selling it," says Gupta. "I have lost interest in the case".

Gupta says the Indian legal system is just not equipped to deal with cyber crime; the police is only a little better- it is just getting its cyber crime cells into shape. The CBI cyber crime cell, which handled Gupta's case, for instance, has jurisdiction in only eight states; 10 have rejected its request and 10 have yet to respond to the cell's request it be allowed to advice on cyber crimes the states cannot solve, or even collect evidence related to such crimes in those states.

No clear data exists on cyber crime in corporate India. The Reserve Bank of India releases figures only on fraud in Internet transactions in banks, which, in 2012, went up to Rs 53 crore from Rs 40 crore two years earlier. But cyber crime is more than just credit card fraud or software piracy. It includes a whole gamut of crimes such as data theft, sexual harassment, cyber stalking, cyber bullying, circulating sexually explicit material and unsolicited friendliness.

"Even if there is no sexual content and all you are offering is 'Have you read this book' and other stuff repeatedly to a colleague on intra-office messenger, you are guilty of unsolicited friendliness," says N S Nappinai, a lawyer who practises in the Bombay High Court and specialises in cyber law and privacy issues. She says cyber crime ranging from data theft to publishing sexually explicit images are on the rise in Indian offices.

The concern with cyber crime in the corporate world is a worldwide issue. "..this time my unease does not resolve around financial threats, but another issue - cyber security. Most notably, after chatting to corporate executives at Davos this year, it is clear many are suffering from a deluge of cyber attacks," wrote Financial Times columnist Gillian Tett in January.

Companies, however, don't want to talk about their exposure to cyber fraud openly. "..the overwhelming majority of today are terrified of talking too publicly about the issue for fear of suffering stigma or sparking panic. It is even tougher for shareholders to work out the degree to which individual are being targeted" said Tett.

  • Cyber crime can be against a person, a company or a nation and its institutions
  • Against a person, it is unauthorised access to personal content on social media or on a computer; against a company, it can be stealing of data against a nation it is attack on its bureaucratic sites, airport systems, or several together within its soil. (In recent months, The New York Times, Washington Post and Wall Street Journal have all disclosed that their operations have been attacked)
  • Most cyber crimes are done remotely; with the criminal far away from the victim, can even be controlled from another country.

  • In India, cyber crime is punishable under the Information Technology Act, its provisions are supplemented by the Indian Penal Code to make a case stronger.

  • A number of states have a cyber cell (such as the Mumbai Police cyber crime cell) but not all. The jurisdiction of the CBI cyber crime cell is limited as law & order is a state subject.

The reason why cyber crime matters is because its potential to damage business is huge. Data theft can rob a company of future earnings; for a bank, crores can disappear with the click of a button. For an individual, cyber crime can be as big as loss of personal data or even a morphed nude picture going viral.

Duggal, who has handled cyber litigation for 15 years, says of every 10 people using the Internet, six are victims of cyber crime. One reason why such cases are on the rise is that people are unaware when they are committing such crimes. They are equally unsure about reporting them or even who to turn to.

"There is no transparency or clarity on jurisdiction. Where do you go for your remedy-cyber crime cell or local police?" says Nappinai. "I always advise my clients to first register a case with the local police station and then approach the cyber crime cell; otherwise the case will get lost. To a large extent, it works."

The Information Technology Act was formed in 2000 with the intention to regulate e-commerce. Amendments were made to the Act in 2008 to widen its ambit to include cyber crime and child pornography.

The Act, in the news for its now-infamous Section 66A which concerns hosting offensive information of the Internet, draws different opinions in the legal world.

"It is a toothless act," says Duggal, who reports that only seven cases of cyber crime have reached conviction in the country. But the law itself is not the only problem. Policing in cyber crimes is slow, often not reacting fast enough results in evidence being obliterated.

Another reason for fewer convictions could also be the veil of secrecy that companies put over cyber crime. Mostly, such cases are settled by the human resource department within closed walls as they are wary of the publicity arising out of it.

"Ninety per cent cases are sorted out (out of court)", says Nappinai.

Data theft is hardly something any company wants to advertise, especially when it deals with personal information and multiple geographies such as the US and the UK where data protection acts are strong. To tackle crime, companies are increasingly coming out with Internet usage policies, privacy policies and Internet audits as part of their HR codes. They are also banding together to address this issue and smoke it out into the open.

The Bombay Chamber of Commerce and Industry, for instance, recently held a one-day session on mobile security. "A lot of companies such as in insurance, banking, online bookings and so on are conducting business on employees' mobile devices. It is easy to secure a laptop or a desktop, but how do you secure a mobile which anyone in the family can end-up using?" says Hanuman Tripathi, head of Mumbai-based banking software solutions company Infrasoft Technologies, who chaired the session which had a 60-strong audience of CIOs.

Lawyer Duggal says that hybrid mobiles or smartphones are the next frontier for criminals of the cyber world.

"You yourself are putting so much of your profile out there. Telemarketing companies have no problem getting cell numbers, e-mail identities, bank accounts," says Tripathi.

"We need special judges, who are trained in IT; we need forensic labs in at least the metros," says Gupta of Unistal.

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

First Published: Tue, April 16 2013. 23:28 IST