A boundary becomes significant when there is a threat of breach and harm. The lack of such boundaries has proven to be detrimental in cyberspace where everybody is prone to cyber attacks such as phishing and ransomware. No such physical borders exist on the internet to protect one’s privacy from breach. Although there are few softwares which have been effective in protecting data, the hackers have been efficient in overriding even the most safest data protection softwares. However, it is better to take precautions and hope for the best.
The Law governing cyber crimes in India is the Information Technology Act, 2000, which prescribes certain penalties for hacking, phishing, ransomware, etc. It also provides for the establishment of Indian Computer Emergency Response Team which is the national nodal agency for responding to computer security incidents upon occurrence.
The Internet has been a boon and a curse during the prevailing pandemic times. It has helped companies perform large scale work online, thus preventing them from going under major economic losses. On the other hand, work-from-home has also exposed the companies to a huge pool of hackers awaiting an opportunity to siphon money. A company’s database is a goldmine for such hackers, they threaten the company by restricting access to the database unless a certain amount of ransom has been paid.
During these challenging times, the company as well as its consumers are under threat. The IT Act contains certain provisions which require the company to update their security systems regularly in order to prevent such cyber crimes. The Law has been put in place to ensure the safety of the company and its consumers, compliance can prevent unnecessary cyber attacks.
Indian Computer Emergency Response Team [CERT-In] has also issued a warning against the rise in cyber attacks such as phishing. The threat has always been present, but companies are more prone to such attacks due to economic constraints all over the world, amid the pandemic. Necessary security updates have to be installed, consumers have to be alerted, anti virus, antispyware and antimalware softwares have to be installed. Backing up of data and data encryption can be ensured in order to protect data from being lost. The employees must also be warned against opening spam mails which might contain spyware, ransomware and other such scams. The threat can also be reduced by entrusting access to confidential data to a restricted number of people, restricting the amount of administrator accounts can also be useful.
Irrespective of the necessary precautions, if the company faces a cyber attack, then the CERT-In must be notified of such security incidents immediately. They provide emergency measures for handling cyber security incidents and respond to the incident as required. The required forms may be filled and submitted online on the official CERT-In website by companies who experience cyber security incidents or vulnerabilities. Phishing, computer virus or malicious code, system misuse, website defacement, spam, email spoofing, denial of services, website intrusion, bot/botnet, IP spoofing, technical vulnerability, social engineering, user account compromise, and network scanning/probing/break-in/root compromise, are some of the security incidents which can be reported.
An independent survey of 5,000 IT managers across 26 countries, conducted by Sophos, shows that 82% of the Indian organizations were hit by ransomware last year.
Such a large number of cyberattacks is due to poor cyber hygiene and extensive use of pirated software. This has weakened the cyber defences and made organizations more vulnerable. In 73% of the ransomware attacks, the cybercriminals successfully encrypted the data and demanded ransome. Upon paying the said ransome, the data was given back to certain companies, while the others did not get it back. Out of 94% of the victims about 50% used backups to get their data back. Sophos also made a few recommendations which help reduce the risk of ransomware, a few of them include investing in anti-ransomware technology to stop unauthorized encryption and making regular backups.
Technology has yet to evolve to make the internet a safe and secure place. Until then, necessary precautions as prescribed under the Law must be complied with. Fortunately, the law has evolved in order to help the companies take necessary precautions and has established organizations under such laws to aid the companies overcome security incidents. It is for the companies to ensure compliance in securing the data and providing a safe environment for their consumers to transact. In case the attacks do occur, such cybercriminals can be penalized under the IT Act.