Cybercrime: A Colossal Monster Plaguing India’s Progress

Authored by Pavan Duggal, Cyber Law Expert; Advocate, Supreme Court of India; Chairman of International Commission on Cyber Security Law

India has embarked on a digital transformation journey of unparalleled magnitude. Bearing a testimony to the fact are a slew of initiatives recently undertaken by the Government of India, such as Digital India, Aadhaar, IndiaStack, and DigiLocker. However, as we are moving towards digitalization at an unprecedented scale, the need to protect data has emerged as a matter of paramount importance. Cybercrime is increasingly becoming a major area of concern, and could well end up as a major deterrent to fulfilling our ‘Go Digital’ dream.

The cybercriminals are turning vicious; not only are they trying to demonstrate their technical superiority, but also training their focus on financial gains and stealing confidential information and trade secrets. Besides, cybercriminals are also aiming at state installations, networks, and activities—which are prejudicial to the sovereignty and integrity of India. More importantly, the absence of any dedicated legislation for cybercrime has somehow put the entire ecosystem in a state of fix. In our country, the darknet is increasingly being used to perpetuate criminal activities. In this context, I think the nation needs to adopt more proactive security approaches to safeguard its security and interest.

If we look at the Indian enterprises, they are being affected by cybercrimes as well. This has triggered a myriad of technology solutions to address the challenge, opening up a new segment that is growing exponentially. However, the distinction between risk, threat, and vulnerability at the organizational level is getting blurred. Since enterprises are vulnerable, it poses a big threat to their data and network, which in turn put all kinds of corporate confidential data at massive risks. On the other hand, despite the growing adoption and use of new-age technologies like AI, AR, VR, and mobile, a majority of Indian organizations are still unaware of how these new technologies can be misused against their corporate interest.

Even the workforce may also pose a big threat to enterprise-level data protection. Over the years, I have come across several instances where the workforce not only carried corporate data but also misused or sold them for monetary consideration. I personally believe that the absence of any concept of data protection or data ownership and the lack of any ingrained norm of cybersecurity are the major contributors to data breaches at the enterprise level.

Taking cybercrime and data breaches in our stride

It’s time to address cybercrime and cybersecurity on a war footing basis across both at the government and enterprises.

- Fortunately, the government of India has now appointed Justice Srikrishna Committee to look at the feasibility of India to have a new data protection law. Hopefully, it should open the doors of more legislative actions pertaining to data protection in the country.
- In ather positive step towards data protection, the government of India, by the notification of January 2017, now made it essential for enterprises to report every incident of cyber security breach.

For enterprises, it’s a necessity, rather than afterthought, to become more proactive and adopt a consolidated approach where they must work simultaneously on all the three vectors, including risk, threat, and vulnerability. I think currently, Indian enterprises are working in a reactive mode when it comes to data breaches. However, organizations should understand that their survival very much hinges on cyber security. A significant portion of their efforts, therefore, should revolve around cyber security of their network and data, as a single data breach can pose a serious threat to even their survival.

Also, Indian enterprises should integrate data protection policies into their corporate DNA.  First, they need to implement a culture of cyber security so that they can stay abreast of continuously evolving new threats to cyber security, identify where their systems are vulnerable, and then take calculative risks. However, these measures should not be confined into only software and IT fields. Rather, enterprises have to:

- Adopt an all-inclusive capacity-building program across levels which will sensitize employees about the importance of data protection and cyber security.
- Security audit is another proactive approach to ensure data security at the enterprise level.
- Enterprises should put their best foot forward to empower their workforce with appropriate systems and software to avoid cyberthefts and crime.

Ultimately, if enterprises can take adequate steps to protect their infrastructure and data from potential cyber security breaches and risks, it will be a good strategy for them, going forward.

India has come a long way in realizing its ‘Going Digital’ dream. However, it still has a long way to go in unleashing its digital potential to the fullest. On this growth highway, the roadblock of cybercrime and data breaches need to be removed on a priority basis. It is a joint responsibility for both government and enterprises to battle out the dark shadow of cyber threats and smoothen the path towards digital transformation. 

What’s your idea about keeping your data protected and secured - the way Dell’s endpoint security solutions give your laptop #DataSuraksha? Share with us on Dell EMC India Twitter and Facebook

About #DataSuraksha Blog Series:

In our daily work life, we compromise our suraksha (security) many times—be it sharing our passwords, connecting to a public server, clicking phishing emails, travelling to work, off-sites, and meetings, or working from remote locations etc. 

Given these incidents, #DataSuraksha campaign was introduced with the intent to sensitize people about data protection and invoke them to Stop Comprimising!