A CLSA report indicates the value of digital payments in India will grow three-fold – close to 1 trillion dollars in FY26 from 300 billion dollars in FY21. A Deloitte study has said India will have 1 billion smartphone users by 2026. As India’s internet base continues to widen, and the country digitizes at breakneck speed, a parallel rise in cyber attacks is worrying the government. According to the government, there were 674,021 cyber-attacks in the country this year until June, which translates to around 3,700 cyber-attacks a day.
According to a recent report published by the Indian Computer Emergency Response Team (CERT-In), a functional organization under the Ministry of Electronics and Information Technology (MeitY), Govt. of India, in the first half of 2022, ransomware attacks increased by 51% over the previous year. Hybrid work culture since covid pandemic and modernization of attack tool kits are identified as key reasons behind the attacks. CERT-In suggested that the victims of these attacks must isolate the infected systems from networks, report such attacks to the CERT-In or other regulatory authorities, and lodge an FIR with law enforcement agencies.
CERT-In mandated in a recently published guideline under the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response, and reporting of cyber incidents for Safe & Trusted Internet that all companies including both Government and Private Organizations are now required to report all cyber incidents to the CERT-In. CERT-in has also provided a list of cyber security incidents and details such as email ID, Phone, and fax numbers where incidents need to be reported. The directions are issued to augment and strengthen cyber security in the country and are currently applicable pan-India on all organizations, although some representations had been made from SMEs seeking more time to comply. The deadline now has been extended to 25 September, the Ministry of Electronics & IT (MeitY) said in a press statement.
In our discussion with Mr. Sourish Dey, Director at Trisim Global Solutions, an organization based out of Kolkata and Bhubaneswar, which focuses on providing cyber security solutions, the key points in the guideline are the requirements to maintain ICT logs in proper formats in India for at least 180 days and report any cyber security incident to CERT-In within 6 hours. Mr. Dey pointed out that although most corporates may be already complying with the guidelines, many government organizations, including those serving key citizen services, may not be yet ready. As the guidelines do not include any penalty clause, there may be some laxity in terms of speed to comply which may be highly detrimental in case of a cyber security attack in the future as effective logs and timely reporting always prove key to stopping the scale of a breach. However, there is some proactiveness witnessed with many government organizations approaching companies like Trisim Global Solutions to take effective measures to not just comply with the guideline but also go beyond and implement a Security Operations Center to ensure that the type of incidents mentioned in the Direction is quickly detected and risks mitigated effectively.
Mr. Debanuj De, Vice President at Trisim Global Solutions managing the Government business directly, advised that government agencies must realize that just securing the data center or the core network is no anymore sufficient. Endpoint security solutions and proper log management tools must be deployed over and above existing cyber infrastructure. Mr. De added that while of obvious value, this critical log data is often lacking. ICT logs are usually kept but nobody sees them. Proper log management solutions made with Cyber Security compliance requirements in mind, drill through the data and represent the critical changes that may represent a threat or an attack. Humio from CrowdStrike, which is a global leader in cyber security leader, provide an index-free log management solution that logs everything and realizes real-time observability for your whole system while cutting down on the costs of ingesting all data.
Other directives include synchronization of ICT system clocks; subscriber/customer registration details by data centers, virtual private server (VPS) providers, VPN Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers, and custodian wallet providers. The list of cyber incidents to be reported includes data leaks and breaches, attacks on mobile apps, unauthorized access to IT systems and identify theft and phishing attacks.