Studies by the Data Security Council of India (DSCI), a self-regulatory agency promoted by the software industry lobby group National Association of Software and Services Companies (Nasscom) and the internet security industry, indicate a dramatic rise in attacks by cyber criminals on Indian entities in recent years. These have taken the form of hacking and malware threats driven by an attempt to blackmail. The data breach investigations report of the DSCI and internet security threat report of the security firm Symantec bear this out. This is not surprising; the Indian economy has been going digital at a fast rate in the past few years. The e-commerce space has been exploding and the government is spending heavily to use information technology and the internet to improve governance. These efforts have happened in tandem with rapid growth of naïve first-time internet users - enabled by an equal rise in new smartphone users - who are easy prey for cyber criminals.
It is necessary to counter this without losing a sense of proportion. Indians should not be caught napping even as they should not fall prey to scaremongering, of the sort that would impose harsh restrictions and regulations on online transactions. The security industry has not failed to point out that security spending by Indian business is woefully low. Individuals, businesses and the government need to respond in different ways. Individuals have to be educated to understand the need to create backups and also not part with sensitive personal information indiscreetly. Businesses can chalk out a path by looking at what their counterparts around the world have done. They also need to make their staff aware of the need for appropriate security drills even as they don't ask customers questions they should not. Perhaps the biggest responsibility rests on the shoulders of the government. It has decided to set up an apex National Cyber Coordination Centre and a computer emergency response team. Also, a special secretary for cyber security has joined the Prime Minister's Office. As over 700 government websites have been hacked since 2012, this emerging official set-up has its task cut out.
Here also it is necessary to maintain a sense of balance. Many an official website has to be accessed by ordinary citizens and introducing an elaborate security architecture can make access difficult. Also, the cyber security exercise of the government, a part of its overall national security posture, will need to maintain vigilance by monitoring and investigating breaches. These exercises have to take care to protect the privacy of individuals. Information obtained for security purposes can be misused. A US court has recently ruled that the blanket manner in which the National Security Agency had obtained telephone data of individuals was not authorised. The scale of what was happening came to light only with the revelations made by Edward Snowden. While the need to maintain a balance cannot be overemphasised, there is at least one area in which a lot more can be done aggressively - encourage and incentivise ethical hacking by competent authorised entities to find out the weak spots in the cyber security shield and correct them before hackers sneak in.