Are we secure from cyber attacks?

Covid-19 has impacted the global economy severely with a large number of businesses shutting down or downsizing their operations. As a result, an increasing number of employees are losing their jobs and the world is heading to a recession. Many experts believe that this recession will be worse than 2008.

During the 2008 recession, the number of cybercrimes increased significantly as a large number of skilled workers were out of jobs.

As majority (96%) of cybercrimes are committed with financial motive, the number of cybercrimes can increase again as the pandemic puts over 25 million at high risk of losing their jobs. At a time when the whole world is impacted by coronavirus, an attack by digital viruses can create adverse situations for the nation and economy.

Since the beginning of the pandemic, multiple cases of cyber attacks have been reported around the world. Organisations such as The National Cyber Security Centre, United Kingdom, The US Health and Human Services Department have recorded an increase in the number of cyber-attacks during the ongoing situation. Even in India, multiple attacks have been observed during “Zoom” calls and ultimately, the government had to issue a warning against the usage of the application.

During this critical time, when digital infrastructure and applications are supporting a number of activities, an attack on them can put unnecessary burden on the already stressed nations and cause unsolicited repercussions. With more and more systems getting digitised and automated, the scope of cyber-attacks increases. One recalls an episode of popular TV soap Grey’s Anatomy, in which hackers attack the entire hospital infrastructure, from patient care monitors to machines for tests such as MRIs, for financial gains. Although it was a fictional show, the slightest possibility of any such incident happening in the present scenario is spine-chilling.

As per a study published by Harvard Business Review, Cybercrime alone costs nations more than $1 trillion globally, far more than the record $300 billion of damage due to natural disasters in 2017. The study ranks cyber attacks as the biggest threat facing the business world today – ahead of terrorism, asset bubbles, and other risks.

As a large amount of personal information of citizens, patient information, research findings and intellectual property, and information of national importance are at stake, there is a need to ensure the safety of the entire cyberspace and thus prevent any unwanted circumstances.

The big question is, are we secure, and are we prepared to handle such an attack? Over the past five years, multiple attacks have been reported in India – the phishing attack on Union bank, data theft at Zomato, ransomware attack on infrastructure container handling operations at JNPT, Agent Smith malware attack that infected 15 million android devices, cyber-security breach at the Kudankulam Nuclear Power Plant.

Dealing with cybercrime

It is high time that we evaluate our current exposure and embark upon a holistic approach to bridge the gaps in cybersecurity and make cyberspace safe and secure. A multi-pronged approach focusing on self-reliance, awareness and preparedness can help in improving cybersecurity.

India is largely dependent on imports for Information and Communication Technologies (ICT) infrastructure and cybersecurity hardware, which makes India more vulnerable to cyber-attacks. Hence, there is a need to promote manufacturing of ICT equipment under the “Made in India” program to increase our self-reliance. This will also prepare India for situations like Covid-19, when the entire global supply chain is wrecked.

More investments in cyber-security R&D will also help in improving the situation. Some amount from funds such as Start-up India Fund could be earmarked for start-ups that focus on development of Indian Cybersecurity capabilities. Development of domestic capabilities would also be in line with Prime Minister Narendra Modi’s desire for the nation to become “atma nirbhar”.

Awareness will also play a very important role in mitigating these cyber-attacks. It is critical for us to build a culture of transparency and awareness. Veiling our own shortfalls will lead to further deterioration of the system overall. Awareness not only about good cyberspace hygiene needs to be spread, but also about reporting of cyber-crimes. Although the National Cyber Crime Portal exists, very little, next to zero, awareness exists among people. Hence, people should be made aware about the portal and the procedure to report a crime. Even law enforcement agencies should be trained properly to handle cyber-crimes.

Apart from this, there is a huge need to create a system of transparency around cyber-attacks for quick learning. The affected organisations should share the details of such attacks so that other organisations can prepare themselves for any potentially similar attack. A nodal agency could be designated that compiles this data and shares it on a public portal, maintaining anonymity about the impacted company.

In current times, when a large part of the population is already working from home, the risk of cyber-attack increases manifold as the home networks are not as secure as the institutional networks. In such a situation, even though the current scenario is forcing companies to cut down costs, the companies should try to maintain the required security levels, to protect their data, thus to protect their company. Not only that, but the companies should constantly upgrade their security infrastructure. Cybersecurity audits should be mandated for firms. The country faces a shortage of cybersecurity auditors.

Lastly, a large number of experts in the field suggest adoption of the Public Private Partnership model for National Cyber Security. In Europe, the member states follow different PPP Models for cybersecurity- some use it for spreading awareness, some for policy formulation, some for using technological capabilities of the private sector. Hence, it is important to think about the modalities of the model. What would be the role of the private sector, what kind of information could be shared with the private sector, would it expose National Security to a greater risk? If deemed fit, inspiration can be taken from the existing PPP Model in the USA and the EU. However, if the partnership leverages the private sector for its technical capabilities, modalities should focus on non-disclosure of security measures, thus ensuring greater safety.

In the current world, it is important to build infrastructure to fight not only biological viruses, but also digital viruses. Both have the potential to devastate nations. Though the New National Cyber Security Policy is expected to be launched soon it would be helpful if the policy is properly implemented in a timely manner, so as to secure citizens, enterprises and the government.

(Pranjal Chugh is a Young Professional at Digital Communications Vertical, NITI Aayog.)

Disclaimer: The views expressed above are the author’s own. They do not necessarily reflect the views of DH.