Editorial: Demons of digital era

Cybersecurity poses a bigger threat than any other spectrum of technology. Cybercriminals misuse technology-controlled devices to commit frauds and thefts. India is among the most vulnerable nations in terms of cyberscams affecting individuals and cyberattacks targeting institutions. There were nearly 6.74 lakh instances of cyberattacks in the country this year until June — almost 3,700 […]

Cybersecurity poses a bigger threat than any other spectrum of technology. Cybercriminals misuse technology-controlled devices to commit frauds and thefts. India is among the most vulnerable nations in terms of cyberscams affecting individuals and cyberattacks targeting institutions. There were nearly 6.74 lakh instances of cyberattacks in the country this year until June — almost 3,700 per day, with the healthcare and banking sectors being the worst hit. Cybertools are being used to compromise state security by attacking critical national infrastructure. The April 2022 attack on Oil India in Assam was one of the most serious incidents of ransomware attacks. There has been a huge upswing in malware attacks and among the targets were at least half a dozen incidents when Covid vaccine research centres and institutions doing academic studies on immunisation were targeted. Cyberattacks in the country rose almost 300% in 2020 compared with the previous year, according to data from India’s Computer Emergency Response Team (CERT-In). It has been eight years since India unveiled its cybersecurity framework, but not much has been done in terms of creating a coordinated approach to address cyber threats and improve the country’s critical infrastructure that lacks encryption and certain security standards. The prevalence of legacy IT infrastructure across smaller towns in India is one of the biggest challenges in addressing cybersecurity. The problem is that there are not enough people to take care of it. In fact, there are an estimated 3.1 million unfulfilled positions in the cybersecurity area around the world.

India is expected to have over 1.5 million unfulfilled job vacancies in cybersecurity by 2025, the second-highest after China. Though cyber activities such as phishing, malware and ransomware are not new, they grew with the spread of the pandemic, from fewer than 5,000 per week in February 2020 to more than 2 lakh per week in late April 2021. In 2020, the cases of phishing attacks were higher in tier-II and tier-III cities with users in Ghaziabad and Lucknow facing almost 6 and 4 times, respectively, more attacks than users in Bengaluru. There is a need for augmenting investments in and maintenance of cybersecurity, such as firewalls, antivirus software, intrusion detection systems and security operations centres. At the same time, financial institutions need to recognise the human factor as a core element of the cybersecurity chain. The rapid move to work-from-home (WFH) arrangements increased the scope for cyber threats and dependence on third-party service providers. Greater reliance on virtual private network infrastructure and unsecured access points (WiFi networks) posed new types of challenges in terms of patching and other cybersecurity issues. While outsourcing to third-party providers, such as cloud services, seems to have enhanced operational resilience at financial institutions, increased reliance on such services may give rise to new challenges and vulnerabilities.