Last week, the Indonesian cyber attack group Hacktivist issued a “red notice” targeting 12,000 Indian government websites. Just a day after the incident, the Indian government said that all its websites were updated and “capable” of handling cyberthreats. In this story, The Probe speaks to several cyber police officials and top cyber experts in the country who say that our laws are ineffective, our cybersecurity systems are outdated, and our agencies are unprepared to handle the growing number of cyber cases.
Also Read: Sudden Spurt in Cyber Security Breaches, Govt Accounts Targeted
Cybersecurity expert Ritesh Bhatia speaks to The Probe’s Pavitra Utgikar on the mounting number of cybercrimes in India and India cyber security.
Mausmi Patil, a Police Inspector with the Cyber Police in Mumbai, states that cybercrimes have increased in the country post-lockdown, and cybercriminals are today more advanced than law enforcement agencies. “I have seen that even in Mumbai, we were flooded with cyber complaints after the lockdown. These cybercriminals are so savvy that they can make fake bank pages for many famous banks. They have better technology to do that. They are able to exactly make a duplicate version of these bank pages, and the customers sometimes get taken for a ride. Their customer ids and passwords are illegally acquired this way.”
According to a report by Fortinet, a cybersecurity company, 92 per cent of Indian companies were hit by cyber breaches. While these figures may seem extremely hard to digest, the Indian government’s own reports suggest that India witnessed a whopping 13.91 lakh cybersecurity incidents last year.
Also Read: CoWIN Data Breach Reveals Security Gaps In India’s Critical Information Infrastructure
The Computer Emergency Response Team (CERT-In) has stated that a total of 11,58,208 cases were reported in 2020, in 2021 the cases rose to an all-time high at 14,02,809 and dipped to 13,91,457 in 2022. However, many experts say that the government’s figures do not expose the ground realities, and the cases have only risen exponentially in the country.
Duggal explains that India does not have a dedicated India cyber security law. FIRs are few and far between, and convictions are a bare minimum. “We need a dedicated India cyber security law. The existing provisions on cybersecurity under the Indian Information Technology Act 2000 cannot deal with the growing cybersecurity breaches. The golden age of cybercrime started with the beginning of Covid-19, but the actual quantum of cases reported does not reflect the ground reality. Cybercrime convictions are too few in the country. The government of India has launched the national Cyber Crime Portal, which is a good move. But this is only a cybercrime reporting portal. It is not a cybercrime FIR registration portal or an investigation portal. Since policing is a state subject, these reported cases are referred to the respective states and on average, only less than 5 per cent of the total number of complaints received ultimately transforms into FIRs. The actual registration rate of FIRs is awfully low in our country."
Last month, India cyber security and cybercrime police station of Sivaganga district in Tamil Nadu busted a huge cybercrime gang operating out of Coimbatore. The police seized nearly 23,000 sim cards, around 300 mobile phones, several ATM cards, chequebooks, and other electronic accessories. Speaking on the condition of anonymity, a senior cyber police official told The Probe that it was only in April 2021 did the state of Tamil Nadu start registering FIRs under a dedicated cybercrime cell.
“From April 2021 only, we started registering cybercrime FIRs from all over Tamil Nadu in the cybercrime police station. At present, we have 50 cybercrime police stations in Tamil Nadu. We are now trying to create awareness amongst the people so that they know that once they get defrauded, they must report it immediately, and also, we are trying to create awareness about certain types of cybercrimes so that people don’t fall prey to these. But the fact is that cybercrimes are borderless, and there are many challenges, especially when the cases are inter-state or inter-country,” said the official.
The CERT-In has stated that it has prevented 2,83,581, 4,32,057 and 3,24,620 malicious cybercrimes during 2020, 2021 and 2022. Tejasi Panjiar, Associate Policy Counsel at the Internet Freedom Foundation (IFF), notes that it is time India took compensating cyberattack victims seriously. “Compensation is a whole different issue. So far, compensation has been part of the law under the IT Act of 2000. But in the draft Data Protection Bill, compensation for victims has been removed. If the Bill is passed, the users whose data has been breached will not be compensated. Why is there no compensation for breaches? The Bill, if it comes into being, would literally make the breach in the right to privacy a non-criminal matter.”
Also Read :-