Relevance: GS-3: Challenges to internal security through communication networks, basics of cyber security.
Key Phrases: Ransomware Attacks, Cyber Security, Social Engineering Techniques, Hackers, Critical Data, Malware, Phishing, Ransomware, Denial Of Service, Strict Regulation, Security Loopholes, Exploitable Layers of security, National Cyber Security Strategy 2020, Cyber Swachhta Kendra, Cyber Surakshit Bharat Programme.
Why in News?
- According to Sophos study, the average ransom payouts by Indian organisations to hackers at $1.19 m.
Context:
- The number of ransomware attacks has gone up to 78 per cent in India in 2021, from 68 per cent in the previous year. This is the highest rate of ransom payment reported across all 31 countries surveyed by cyber security solutions firm Sophos for the State of Ransomware 2022 report.
- The average ransom paid by Indian organisations stood at $1.19 million, with 10 per cent of the victims ending up paying ransom of $1 million or more. About 78 per cent of the organisations had paid the ransom to get their data back, according to the report.
- After gaining access to the computer networks in an organisation using social engineering techniques, hackers steal critical data and block access to it. They demand ransom from the victims to unblock access. They also threaten to publish the data on online platforms if ransom is not paid.
Cyber Attacks
- A cyber-attack is an assault launched by cybercriminals using one or more computers against single or multiple computers or networks. Cybercriminals use a variety of methods to launch a cyber-attack, including malware, phishing, ransomware, denial of service, among other methods.
- Social engineering techniques typically involve some form of psychological manipulation, fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data.
- Commonly, social engineering involves email or other communication that invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file. Because social engineering involves a human element, preventing these attacks can be tricky for enterprises.
Why India Turns Happy Hunting Ground For Hackers?
- Indian digital space not driven by strict regulation as compared to other foreign countries like USA, Europe and Canada. It becomes comparatively an easier task for attackers to exploit security loopholes against exposed network devices and addresses.
- India’s cyber footprint is huge, to say the least. This adds to the probability of getting hacked too. And when it comes to phishing attacks, cyber awareness and cyber hygiene are indispensable in maintaining a strong defensive posture against attacks of this kind.
- There are several reasons why companies often find themselves in troubled waters like when they keep their databases behind single, exploitable layers of security, and do not have enough measures in place to prevent a breach.
- When customers/employees start accessing enterprise resources from unsecured networks or personal devices, it puts the entire network at risk. In most cases, the point of entry / access is the target and once credentials are stolen, the chances of protecting the data is very low as the intent of cyber-attack may vary from espionage, stealing IP or just ransomware.
- Since the pandemic has driven institutions and individuals to expose their applications, devices and data over the internet to collaborate, this has resulted in an opportunity for cyber threats.
Cyber Insurance Solutions:
- There are cyber insurance solutions available in the market to protect against losses caused by cyber attacks, including first-party and third-party losses, and cyber extortion.
- First-party insurance covers loss caused due to electronic theft, loss of electronic communication, e-vandalism, business interruption (income loss due to fraudulent access causing impairment of operations), and the like.
- Third-party loss covers disclosure liability (any customer claim due to system security failures resulting in unauthorised access), content liability (for alleged copyright infringement), reputational liability, and conduit liability. An expenses cover includes privacy notification expenses, crisis expenses and reward expenses.
- A few insurers even provide cover for proactive forensic services in a possible threat situation. Companies should first understand the need for cyber insurance solutions, rather than just getting a cyber-insurance cover.
- Interestingly, cyber insurance had come to the rescue of some organisations that are well covered. About 89 per cent of the mid-sized organisations had cyber insurance. And, in 100 per cent of incidents, the insurer paid some or all the costs incurred.
Government Initiatives for Cyber Security in India.
- National Cyber Security Strategy 2020: To improve cyber awareness and cyber security through more stringent audits. Under the policy, empanelled cyber auditors will carefully look at the security features of organisations.
- National Cyber Security Policy -2013: The policy aims at facilitating creation of secure computing environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders actions for protection of cyber space.
- Cyber Swachhta Kendra: The "Cyber Swachhta Kendra" (Botnet Cleaning and Malware Analysis Centre) is a part of the Government of India's Digital India initiative under the MeitY to create a secure cyber space by detecting botnet infections in India and to notify, enable cleaning and securing systems of end users so as to prevent further infections.
- Cyber Surakshit Bharat Programme: It aims to strengthen the cyber security ecosystem in Government organizations in the country. It was conducted by the NeGD under the Ministry of Electronics and Information Technology (MeitY).
- Notification - Pilot scheme for Notifying Examiner of Electronic Evidence Under section 79A of the Information Technology Act 2000
- Indian Cyber Crime Coordination Centre (I4C).
- National Critical Information Infrastructure Protection Centre (NCIIPC).
- Information Technology Act, 2000.
Way Forward:
- Nations and institutions, instead of waiting for the ‘Big Bang cyber-attack’, should actively prepare for a rash of cyber-attacks , essentially ransomware. The emphasis should be on prioritising the defence of data above everything else.
- Consequently, law enforcement agencies would need to play a vital role in providing effective defence against cyber-attacks.
Source: The Hindu BL
Mains Question:
Q. What are social engineering techniques? Why has India turned into a happy hunting ground for hackers? What measures are needed to build an effective defence against cyber-attacks? Examine. (250 words).