Cybersecurity: Protecting Data and Privacy in an Increasingly Digital World

The Global Cybersecurity Index (GCI) led by the International Telecommunication Union benchmarks a country's commitment to cybersecurity globally. In the same index, India ranked 10th in 2020. In 2021, the National Crime Records Bureau registered around 52,974 incidents of cybercrime. For a clean internet system, strenuous tasks to protect the internet from attacks should be prioritized. In terms of targeted attacks, India ranks 2nd in a survey by Ernst and Young’s latest Global Information Security Survey(GISS). In a digitally empowered world, individuals depend on the internet for the most basic things. 

With the rise in technology, there is a rise in cybercrime as well. Thanks to technology today, all of our sensitive information like our address, credit card information, and bank account details. We have all become cyber-infused, so we require security from its potent threats.

Cybersecurity means the practice of protecting computer systems, networks and data from theft, damage and unauthorized access. It is protecting our cyberspace (critical infrastructure) from attack, damage, misuse, and economic espionage. We need to understand the development of cyber protection. In the 1990s came the development of antivirus and firewalls, and next was the coming of intrusion detection and prevention. With the late 20s came Botnets like DLP and application-aware Firewalls and SIM. Presently there are ATPs and Insiders (current) for cybersecurity. Today, we have all become so reliant on technology and the interconnectedness of systems. The concern is equally glaring for individuals, businesses and government authorities alike. 

Some of the common threats in the world of cybersecurity are:

Malware: To disrupt, damage, and gain unauthorized access to computer systems or networks. These include viruses, trojans, ransomware, spyware, and viruses. Out of these threats, ransomware is one big concern that has been causing major disruption. Attacks such as wannaCry are often executed by groups or groups of individual attackers who may know or may not know each other. Companies should maintain proper protection to protect themselves.

Phishing: The attempt to steal sensitive information using impersonating legitimate entities to trick individuals into sharing their sensitive information such as credit card details, personal data, or passwords. Culprits in this case masquerade themselves as reputable official beings from an organization to entice requests and lure them to gain their information.

Data breaches: A data breach is when sensitive information, such as financial data, intellectual property, or personally identifiable information (PII), is accessed or exposed without authorization. Several things can lead to data breaches, such as exploitation of software flaws, insider threats, and lax security measures.

Supply Chain Attacks: Cyberattackers often focus on infiltrating the software supply chain, aiming to compromise authentic software updates or components. This tactic enables them to distribute malware or illicitly access downstream systems, posing significant security risks.

Zero-Day Exploits: Cyberattacks exploiting undisclosed vulnerabilities in software or hardware, which vendors haven't yet patched, are known as zero-day exploits. These pose a significant risk as they enable targeted attacks to be launched before security patches become available, leaving systems vulnerable to compromise.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: By flooding a system, network, or website with traffic, these attacks seek to interfere with the availability of resources or services by making them unavailable to authorized users.

Social Engineering: Social engineering is the practice of psychologically manipulating, deceiving, or coercing others into exposing private information, doing acts, or jeopardizing security measures.

Further, there are additional vulnerabilities arising due to modern technologies such as the Internet of Things (IoT). The amalgamation of connected Internet devices has also led to new security information or user privacy. Internet of Things devices can be exploited to gain unauthorized access to networks, launch attacks and compromise user privacy. Along with this, individuals and organizations also face insider threats by individuals within their organization such as employees, contractors, or business partners who misuse their privileges that they can access, steal data and sell to some other competitor organization. Some cybercrimes and threats are more sophisticated and stealthy and may take a long time to get detected since they go undetected for an extended period.

Cyber Crises Laws in India:

For India, it was the “Kargil Review Committee” in 1999, that encouraged the need to have a competent cybersecurity infrastructure as a part of our national security. Now with the growing digital economy and the coming of data analytics, machine learning, artificial intelligence, cloud computing and others, cyberspace is just going to get more complex. To tackle these attacks, a strategic framework and a proper action manual are required. In India, we have (CERT), the Indian Computer Emergency Response Team that conducts a special training programme for administrators to be able to mitigate cyber-attacks.

Cybercrime management is essential for protecting an organization’s assets and reputation and, with continuously increasing cybercrime, a proper management programme is essential.