CYBER SECURITY
Published on 04 Feb 2025
According to the Information Technology Act, of 2000, “Cyber security means protecting information, equipment, devices computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.”
Some common types of cybercrimes are
Hacking: The practice of gaining unauthorized access to systems or networks to steal or manipulate data.
Example: Indian activists, lawyers, and scholars were spied on via WhatsApp using the Israeli software Pegasus.
Phishing: Tricking individuals to reveal their sensitive information such as password by posing as a legitimate entity.
Example: Jamtara phishing scam
Ransomware attack: Use of malicious software that encrypts a victim’s data and demands payment to decrypt it.
Example: WannaCry ransomware attack.
Cyber espionage: Cyber espionage involves infiltrating computer networks to gather sensitive information for political, economic, or military advantage.
Example: Night Dragon operation where Chinese hackers targeted American and European energy companies.
Cyber bullying: Cyberbullying involves using digital communication tools to harass, intimidate, or threaten individuals online.
Example: Bulli bai scandal in India.
Data breaches: Involves unauthorised access to sensitive data stored by organizations, resulting in the exposure of personal or confidential information.
Example: True Caller data breach
Identity theft: Stealing someone's personal information, such as name, address, Social Security number, or Aadhaar number, to commit fraud or other crimes.
Need for a sound cyber security architecture
With the development of technology, cyber security threats have increased dramatically in multiple forms which threaten the security of individuals as well as the nation. The following are some of the reasons for the increasing significance of cyber security architecture in present times.
Fundamental Right: A robust cybersecurity framework is essential to safeguard against threats like unauthorized access and data breaches, emphasizing the need for privacy as a fundamental right.
Example: Supreme Court in Puttaswamy judgment affirmed that the right to privacy is essential for the protection of personal autonomy and dignity
National security concern: A solid cybersecurity architecture safeguards India's critical infrastructure, defence systems, and government networks from cyberattacks that could compromise national security.
Example: The "Operation Red October" cyber espionage campaign targeted various Indian government agencies, including defence establishments.
Digital transformation: The growth of the digital economy with increased online services has increased the avenues for financial frauds.
Example: Digital Payments and UPI related cybercrimes witnessing an increase in recent times.
Increase in cybercrime: Technology has facilitated the rise of cybercrimes which necessitates the development of more security infrastructure.
Example: As per National Cyber Security Coordinator, around 3500 fraud cases are being reported daily in India.
Promotion of digital governance: E governance has led to increased storage of sensitive information online which are vulnerable to cyber-attacks.
Example: India was the most targeted country for cyberattacks on government agencies in 2022 (CloudSEKXVigil research)
Need to protect critical infrastructure: Attacks on critical infrastructure carry the capacity to create significant disturbances and incur substantial losses.
Example: The Mumbai power outage in 2020 was allegedly caused due to a cyber-attack on the power grid by Chinese hackers.
Protection of Businesses and Intellectual property: The need to secure sensitive corporate data and customer information from cyberattack is critical for India’s growth prospect.
Example: The "Tata-Mistry Corporate Espionage Case" highlighted the risks of intellectual property theft.
International reputation: A strong cybersecurity posture enhances India's international reputation by demonstrating its commitment to addressing cyber threats, thereby fostering international collaboration and trust.
Factors contributing to rise of cyber attacks
Cybercrime incidents have hiked tremendously over the recent years bringing security concerns across the world. Many factors have led to such an increase in cybercrimes which are being discussed below
Rapid digitization: Internet penetration and push for digitization has exposed more data on cyber space increasing the potential for cyber-attacks.
Example: As per NCRB report, cybercrimes in Delhi increased by 111% in 2021.
Inadequate cyber infrastructure: Institutions and individuals may not have robust cybersecurity measures in place to defend against evolving cyber threats, leaving them susceptible to attacks.
Example: The AIIMS ransomware attack encrypted 1.3 TB of data due to lack of adequate security measures.
Insufficient regulation: Gaps in cybersecurity regulations and weak enforcement mechanisms can embolden cybercriminals to carry out illegal activities without fear of significant consequences.
Example: Absence of strong data protection bill has resulted in incidents of Aadhar data leaks.
Globalization of cybercrimes: The borderless nature of the internet allows cybercriminals to operate from anywhere in the world, making it challenging to track and prosecute them.
Example: Cybercrimes on western world from China and Russia have been difficult to track down due to this borderless nature.
Emergence of new threat vectors: The development of new technologies, such as IoT devices and mobile apps, creates new avenues for cybercriminals to exploit vulnerabilities and gain unauthorized access.
Example: AI used to create misleading Deepfake videos like recent Rashmika Mandana issue
Lack of cyber awareness: Many individuals and organizations lack adequate awareness about cybersecurity best practices, making them vulnerable to cyber threats and attacks.
Example: As per Surf Shark, between 2020 and 2022, there have been 275000+ cyber victims with age over 60. These people lack cyber awareness.
Lack of skilled manpower: The shortage of skilled cybersecurity professionals can result in organizations having inadequate personnel to defend against complex cyber threats.
Example: As per State of Cybersecurity report 2022, 40% businesses claim that their cybersecurity team is understaffed.
Thus, there exist multiple factors on diverse fronts which has contributed to the increase in cyber security incidents. Thus, protection from cyber threats involves a multi-pronged approach addressing a majority of these challenges.
Cyber warfare
Characterized as the fifth domain of warfare, cyber warfare involves conflict conducted via network-based methods, wherein nation-states execute politically motivated attacks against others. State-sponsored actors aim to disrupt organizations or nations, often pursuing strategic or military objectives in these operations.
Features of cyber warfare
Borderless: The borderless nature of the cyber world makes cyber warfare more unpredictable and difficult to defend.
Covert operation: Determining the true source of a cyber-attack can be complex due to the ability to hide behind proxy servers, compromised systems, or false flags.
Target critical infrastructure: Critical infrastructure, such as power grids, water supply systems, and transportation networks, is often a prime target in cyber warfare due to the potential to cause significant disruptions.
Contactless war: Absence of a physical contact between the adversaries is another feature of cyber warfare.
Rapid deployment: Cyber-attacks can be carried out quickly and remotely, making it easier for attackers to strike at any time and from any location.
Low cost: Cyber-attacks are often less expensive than traditional warfare, as they don't require expensive military hardware and equipment.
Some examples for cyber warfare
In April 2022, China used trojan ShadowPad to target power grids in Ladakh.
A Chinese hacker group named Stone Panda targeted vaccine manufactures Pune Serum Institute & Bharath Biotech of India.
Slothful Media - An information stealing malware used by a Chinese technology company against targets in India and other countries.
Alleged misinformation campaign by Russia in the 2016 US Presidential election.
Stuxnet - A malware which attacked nuclear facilities in Iran
Russian hacking group Sandworm planted various malwares targeting Ukraine’s critical infrastructure during the war.