A recent report by cybersecurity solution provider Check Point has brought into light India’s vulnerability to cyber-attacks yet again with an increase of 18% in weekly cyberattacks in the first three months of 2023.
In India, every organisation saw an average of 2,108 weekly cyberattacks for the first quarter of 2023, compared to 1,248 attacks per week globally, a 7% increase in average weekly attacks.
With an average of 2,507 attacks per organisation every week, the education/research sector has been most severely attacked among all industries. In the transition to remote learning, many academic institutions are still having trouble protecting expanded networks and access points. The government and military sectors (1,725 attacks) and the healthcare industry (1,684 attacks) are the next in line. The highest year-over-year rise, at 49%, was in the retail and wholesale sectors, with an average of 1,079 attacks each week.
The APAC region was determined to have the most substantial year-over-year increase in average weekly attacks per organisation, while the Africa region had the highest number of average weekly cyberattacks per business.
The Checkpoint report additionally indicated that although the number of attacks has only slightly increased there have been several sophisticated campaigns from cybercriminals. Bad actors are using Chat GPT and other tools of a similar nature to create malicious code that may be used by less experienced threat actors to initiate cyberattacks.
Also Read: Cyber harassment, Trolls, And Cancel Culture: A Lingering Threat To Women And Queer People In Journalism
The report is indicative that India on its path towards increased digitalization has also become a soft target of cyberattacks due to its vulnerable cybersecurity infrastructure.
History of cyber-attacks in India
In November 2022, the All India Institute of Medical Sciences (AIIMS) were affected by the recent cyberattack and an estimated 1.3 terabytes of data was encrypted. Operations at the crucial national infrastructure were halted by the cyberattack. The Intelligence Fusion and Strategic Operations (IFSO) division of the Delhi Police eventually filed a case of extortion and cyber terrorism. Numerous organisations, including CERT-In, the CBI, and the NIA, are looking into the situation.
India witnessed 13.91 Lakh cyber security incidents in 2022, Minister of State for Electronics and Information and Technology Rajeev Chandrashekhar Informed the Parliament in the month of February. Because these figures only include data that was reported to and tracked by the Indian Computer Emergency Response Team (CERT-In), they still do not provide a complete picture of the country’s cyberattacks.
Last year also saw hackers from Indonesia and Malaysia launch an all-out cyberwar against India following former BJP leader Nupur Sharma’s comments on Prophet Muhammad during a television debate.
Based on the report, cyberattacks on Indian government institutions more than doubled in 2022 as India became the world’s most often targeted nation in this area. Additionally, it has been claimed that other Indian organisations, including Oil India Limited, Ladakh Power Grid, UIDAI, and others, have been the target of similar attacks during the previous few years.
Apart from these, there have been several instances of Cyberattacks on India the Chinese threat actor group named “Red Echo” targeted India’s power plants and seaports in 2020 amidst the Indo-China conflict, The cyberattack suspected by North Korea-based hackers on Kudankulam Nuclear Power Plant in 2019, another one on National Stock Exchange 2015 to name a few.
India’s vulnerability to cyberattacks
India continues to be an easy target for numerous domestic and international cyberattacks since it is the second-biggest consumer of smart devices and has one of the largest bases of internet users. Following are a few of the main causes of this vulnerability:
- While we do have access to smart personal gadgets, a sizable portion of corporate and business technology systems still rely on legacy infrastructure that is either old or insufficiently protected against cyberattacks.
- Since both public and commercial sectors have adopted digital technology widely, there has been little to no time to properly establish a backend cyber security architecture, placing a lot of data in danger.
- The installation of antivirus and malware protection software on individual computers and devices continues to be the extent of our understanding of cyber security and its prevention.
- The market for entrepreneurs and service providers in cyber-security is mostly unorganised and dispersed. Due to weak cyber security regulations, there is also a lack of a rigid legal framework for identifying and prosecuting cybercriminals.
- Smaller organisations and companies using independent cloud services are hesitant to invest in cloud security even as more companies adopt cloud computing, leaving them open to threats like data breaches, account theft, malicious internal threats, and even DDOS attacks.
India’s cybersecurity policy
The Indian government published the National Cyber Security Policy (NCSP) in 2013, which outlined several tactics for fending off security threats via the internet. Despite the passage of many years, there has been little implementation, and our nation continues to be one of those that are most frequently targeted with the obvious and growing risk of the absence of a comprehensive cybersecurity plan or policy.
The laws governing cybersecurity in India include, but are not limited to:
- The 1860 Indian Penal Code
- Information Technology Act (2000)
And various sector-specific laws. Each of these engages in an intriguing and oddly unchoreographed interaction with the others.
Even though threats coming from cyberspace are well understood, our country still does not have a policy that outlines how to combat them. There isn’t a formal necessary framework that specifies a reaction strategy if any of the two is attacked by an enemy to protect critical infrastructure for information and other national assets.
Also Read: Roasting Culture, Misogyny And Patriarchal Trends In The Cyberspace
However, there seems to be some light on the existing 2013 policy being revised. In 2020, the National Cybersecurity strategy was conceptualised by the Data Security Council of India headed by Lt General Rajesh Pant. The report focused on 21 areas to ensure a safe, secure, trusted, resilient, and vibrant cyberspace for India.
The National Security Council Secretariat (NSCS) has also formulated a draft National Cyber Security Strategy, which holistically looks at addressing the issue of security of national cyberspace, said the government in the Lok Sabha in December last year. The Government said its policies were aimed at ensuring an open, safe, trusted and accountable Internet for the users.
The Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs (MHA), has been designated as the nodal point in the fight against cybercrime. The RBI has issued various instructions in respect of security and risk-mitigation measures related to electronic/digital transactions. The MHA has issued National Information Security Policy and Guidelines to the Central Ministries as well as State governments and Union Territories with the aim of preventing information security breaches and cyber intrusions in the information and communication technology infrastructure, it said.
But despite all these regulations in place, there has not been any clear mention of Timeline by the government which again leads to more concerns about the cybersecurity issue in India especially with many reports like that of Check Point pointing out to India’s vulnerability to such attacks. Although the government asserts that it has increased protections and taken other precautions, it is still unknown how successful the new firewalls will be. All eyes are now on how effectively authorities stop such attacks, with the majority of reports pointing to an even more difficult year for India in terms of cybersecurity.
Also Read: Cyberbullying And Transphobia: Praveen Nath, Kerala’s First Trans Man Bodybuilder, Dies By Suicide