In the past two decades, India has witnessed an exponential growth in Information Technology (IT) and E-commerce. These sectors encompass electronic transactions, software services, etc., that are highly susceptible to cybercrimes. In addition to this, the rapid push towards a digital economy by the Indian government through the “Digital India” campaign is changing the way businesses and governments operate in cyberspace.
The Digital India campaign was launched by the government of India to ensure that the government’s services are made electronically available to citizens, thereby digitally empowering the country. But with such digitalization comes the great responsibility to protect data. Cyber security has come to the forefront of today’s digital world and hence organizations and governments must take measures to incorporate better cyber security practices to establish a strong defense mechanism against cyberthreats.
The proliferation of the Internet of Things (IoT) and Smart cities has created a positive impact on the Digital India movement. However, the internet is not altogether safe as it harbors cybercriminals. Due to the widespread technological takeover, India has emerged as one of the major targets for cyber attacks. A recent headline from The Indian Express, “Cosmos Bank’s Rs 94 crore online fraud: SIT recovers money from ‘accidental beneficiaries’ of cyber attack” stated that 94 crores were fraudulently withdrawn using several cloned debit cards of the Pune-based cooperative bank. The money was withdrawn from thousands of ATMs in India and 28 other countries within seven hours. Issues like these are of major concern for India as multiple IT systems connected to the internet are deployed in various sectors such as banking systems, GST systems, railway networks, etc. All these systems are vulnerable to a multitude of cyberattacks and need to be secured.
As mentioned earlier, campaigns such as “Digital India ‘ and “Make In India” are transforming the cyber security scenario of the country. India, being one of the fastest-growing economies, catches the attention of cybercriminals immediately. As per the National Crime Records Bureau, 1,791 cyber security cases were registered in 2011, which grew to 2,876 cases in 2012 and 4,356 cases by 2013. Another debatable matter is the issue of Aadhaar cards as a method of authentication or identity proof. The Aadhaar card consists of a unique twelve-digit code issued by the Unique Identification Authority of India (UIDAI) by taking a person’s biometric details such as iris, fingerprints, and demographic information like their date of birth and address. This code is linked with bank accounts, pan cards, passports, etc. While breached passwords can be reset, biometric data cannot be reset once compromised. The Government of India has taken great measures and invested in critical resources to secure 133 crores of biometric data. That being said, no technology is powerful enough to stop cybercriminals. Hackers are increasingly using password cracking tools and twin masks to gain access to sensitive information.
A major cause for the myriad of tactics cybercriminals are using to steal data is the absence of strong cyber security technologies that can withstand these attacks. Another significant reason for India’s vulnerability in cyberspace is the lack of awareness of the underlying cyberthreats. According to reports, five years ago, there were 15 million smartphones in India. Today, there are nearly 3 billion smartphones, but a majority of people do not know how to use them securely. This creates a gap that allows cybercriminals to target them. Therefore, implementing cyber security awareness programs is essential to bridge the gap between cyber security threats and security actions.
It is essential to understand where we stand in this fast-evolving turf war for cyberspace supremacy. First and foremost, most of the technology including cyber security tools used in India are imported from elsewhere. There is no means to inspect hidden malware, backdoors, or flaws. The National Crime Records Bureau estimated that 58% of cyber attacks were for financial gains and 42% by foreign governments. This issue can be addressed in two ways- one is to inspect imported hardware and software for hidden malware, and the other is to build skills in this sophisticated area of technology to develop such hi-tech equipment ourselves. An estimate by NASSCOM’s cyber security task force says that India needs 1 million trained cyber security professionals by 2025. Currently, the estimated number of cyber security professionals in India is 62,000. To bridge this gap, enterprises should provide training and certification to upgrade the skills of their cyber security and IT staff. The government can provide long-term solutions by introducing cyber security courses in educational institutions and conducting hands-on training using concepts like virtual labs and cyber ranges.
At the launch of the “Digital India” campaign, the honorable Prime Minister of India had aptly said that India can play a big role in cyber security globally. According to reports, the digital economy today comprises 14–15% of India’s total economy and is targeted to reach 20% by 2024.
“I dream of a Digital India where cyber security becomes an integral part of our national security.” — Narendra Modi
The government of India is taking several measures to ensure the security of every citizen’s online and offline identities. A budget of 5 crores was granted to start-ups innovating in the field of cyber security. Apart from this, the National Informatics Centre-Computer Emergency Response Team (NIC-CERT) is striving to facilitate a safe and secure cyberspace environment for citizens. Therefore, cyber security is the way forward for the Digital India movement. It is also essential to understand that the responsibility of cyber security does not fall only on the government, but also on every individual in the country. Legislative acts for user data protection such as the GDPR and CCPA have already been implemented in various countries. The government of India should also take measures to formulate such laws for the protection of data.
The outflow of information that the internet has caused cannot be stopped now. This could not have been foreseen, but it can be rectified by building strong and secure defense mechanisms to combat cyberattacks and thereby digitally empower India.