This article has been written by Sahil Garg pursuing a Diploma in Business English Communication for International Professionals and Remote Workers from Skill Arbitrage.
This article has been edited and published by Shashwat Kaushik.
Table of Contents
What is cybercrime
Cybercrime is a criminal activity that is carried out by the perpetrator not by doing any physical activity but by using computer sources, networks and network devices. Cybercrime is mounting against individuals, corporations and governments. The motive of cyber criminals can be monetary, personal, politically influential and internationally threatening. Cross border cyber attacks are done to scare other countries and show them their power.
A primary case of cybercrime is financial. Different types of profit generating cybercrime activities are done by the criminals, such as ransomware attacks, email, internet and identity fraud, as well as stealing the information of credit cards, bank accounts, debit cards and UPI driven activities.
Cybercriminals also steal individual information and corporate data of individuals for sale to gain profit and they also do stalking as well as bullying because these are easy to carry out due to non availability of physical presence when committing crime.
Cyber criminals use computers in three ways to commit cyber crimes such as a target, where the computing device is targeted by them to gain access to a computer network; as a weapon by launch of denial of service, in which perpetrators make a machine or computer network unavailable to the intended users temporarily or indefinitely disrupting the service of a host connected to the network; and as an accessory, in which computers are used to store illegally obtained data.
What is digital spying
Digital spying, also called cyber espionage, is the act of procuring digital information secretly without providing information to the person whose information is being stolen by the use of the internet, networks, spyware, trojan horses, etc. Cyber espionage is done by one Country on another, which can be an enemy, to steal their secret information to gain the financial, political and safety purpose of their Country.
Cyber espionage started in 1996, when internet connectivity was spread to governments and corporations, Many cases of cyber espionage were seen at that time.
Analysing the cost of cyber crime and digital spying
The top 6 most expensive cyber attacks in the world
ExPetr / NotPetya (2017): $10 Billion
The ransomware was sent as an update by the hackers using the MeDoc (malicious software) update service. Users of infected computers were prevented from accessing any files until they paid a $300 Bitcoin ransom.
Epsilon (2011): $4 Billion
Epsilon helps brands better understand their customers and removes duplicate data. Out of which Best Buy, JPMorgan Chase, and Target were impacted by the theft of thousands of names and email addresses from email marketing, Epsilon. The customer notification, settlement, and compliance costs for each of those customers were close to $5 million. Epsilon is consequently out billions of dollars as it must account for obligations, lost revenue.
Mafiaboy Attack (2000): $1 Billion
A DDoS (distributed denial of service) attack was launched in 2000 against well-known websites like Amazon, CNN, eBay, Yahoo!, and Dell by 15-year-old Michael Calce, alias Mafiaboy. He used a collection of university networks to disturb the bigger websites with information. By doing this, he caused a loss of $1 billion in lost income, cyber security upgrades and investigations.
Veterans Affairs (2006): $500 Million
The VA committed several cyber security errors, including failing to encrypt its data, which allowed 26.5 million veterans, active duty service members, and their families’ patient information to be physically stolen.
Hannaford Bros (2007): $252 Million
About 300 East Coast Hannaford Bros. supermarkets all experienced significant security breaches as a result of malware spreading from their primary servers. The business lost millions of dollars as a result of the cybercriminals gaining access to 4.2 million debit and credit card numbers.
Sony PlayStation (2011): $171 Million
Over 100 million online accounts’ data was compromised when hackers broke into Sony’s digital network, forcing the PlayStation Online service to be briefly suspended. Insurance against identity theft, security upgrades, customer assistance and investigations were all affected by the attack. In addition to this already astounding sum, Sony Corp. lost billions of dollars in revenue and suffered grave damage to its reputation.
The cost of cybercrime in the U.S.
Statistics from the National Institute of Standards and Technology (NIST) suggest that cybercrime costs the United States hundreds of billions, potentially as much as 1-4% of America’s annual GDP.
As per the report of the FBI for the year 2021, out of 8, 47,376 cybercrime cases, the loss was nearly $7 billion. Out of the reported cases, the majority comprise ransomware, business e-mail compromise schemes and cryptocurrency scams.
The global cost of cybercrime
The global cost of cybercrime was estimated to be about $8 trillion in 2022. The figure is expected to go beyond $11 trillion in 2023. It is predicted that the global economy will be hit by a cybercrime cost of $20 trillion by 2026, which is 1.5 times more than the figure for 2022.
The cybercrime industry is growing year over year. In 2021, the cost of cybercrime was $6 trillion. The value is expected to grow by 15% annually. As per the predictions of experts, the cost of cybercrime by 2025 will reach nearly $10.5 trillion.
The cost of ransomware
Cisco’s statistics say that each ransomware victim paid more than $300k on average, an increase of 171% year to year. In 2020, the biggest ransom was paid at $10 million, up by $5 million in 2019.
In 2020, after the ransomware attack, the cost of a forensic investigation was $200,000.
As the statistics show an increase in ransomware attacks or cybercrime, industries or business units, as well as the government, are investing in cyber security to lower the devastating cost of cyber attacks, as the cyber attack costs more than the cyber security cost.
What is the real cost of cybercrime
Sometimes, the cost of a cyber attack is so high that it affects the security of a nation, which cannot be calculated in terms of amount, so the government and corporate industries are investing more in cyber security. Cybercrime or cyberattacks not only affect the organisation financially but also affect its reputation. It takes lots of years to create a reputation but it takes a single minute to lose it.
No organisation is immune to the cost of cybercrime. When any cybercrime occurs, it hits its IT infrastructure, steals confidential data, and does its usual activities. It also threatens to leak its data for any type of terrorist activity or sell the data to the organisation that misuses it. Cybercrimes are the usual activity of an organisation for which the organisation not only loses its day to day work but also its reputation. In the future, nobody wants to share their information with an organisation that does not invest in cyber security.
For this reason, for any digitally enabled organisation, it becomes very necessary for them to protect the data of their clients or customers through the use of cyber security.
Cyber crimes in India
Delhi, Chandigarh, and Haryana reported the highest cybercrime rate in India in 2023. Mewat emerges as a hub for sextortion, a serious online crime. The crime rate per lakh people in 2023 in states such as Delhi is 755, Chandigarh is 432, Haryana is 381 and so on, and the national average is 129. National agencies have blocked 2.9 lakh fake SIMs, 2810 malicious URLs and 595 mobile apps. Out of the said cybercrimes, most of the crimes comprise refund based, KYC expiry, sextortion and customer case related fraud.
The government data shows Rs. 10,390 crore was lost to cybercrimes in the past three years after the launch of the National Cybercrime Reporting Portal in 2019.
The Cyber Crime Helpline 1930 is aiding in the recovery of lost money and in three years, Rs. 1127 crore belonging to 4.3 lakh citizens have been recovered through official systems developed by linkage between the government and 23 banks and e-commerce companies.
The recovery is around 10 percent of the money lost, “Rajesh Kumar, head of the Home Ministry’s India Cyber Crime Coordination Centre, said.
The G20 website saw 16 lakh cyberattacks per minute.
The national agencies successfully thwarted a massive coordinated cyber attack on India’s G20 website at the peak of the global summit hosted by PM Narendra Modi in New Delhi on September 9 and 10, 2023. The official summit website, at the height of the event, saw as many as 16 lakh cyber intrusions a minute by way of Distributed Denial of Service (DDoS) attacks, which have emerged as a primary concern in Internet security worldwide.
The National Cyber Crime Reporting Portal, on average, received 50,000 daily complaints on Toll-free number 1930 in 2023. Of these, 40-50 per cent originated outside India.
Steps taken by the Government of India against cybercrime
The ” Cyber Swachhta Kendra ” (Botnet Cleaning and Malware Analysis Centre) is a part of the Government of India’s Digital India initiative under the Ministry of Electronics and Information Technology (MeitY) to create a secure cyberspace by detecting botnet infections in India and to notify, enable cleaning and secure systems of end users so as to prevent further infections. The ” Cyber Swachhta Kendra ” (Botnet Cleaning and Malware Analysis Centre) is set up in accordance with the objectives of the “National Cyber Security Policy”, which envisages creating a secure cyber ecosystem in the country. This centre operates in close coordination and collaboration with Internet Service Providers and Product/Antivirus companies. This website provides information and tools to users to secure their systems/devices. This centre is being operated by the Indian Computer Emergency Response Team (CERT-In) under provisions of Section 70B of the Information Technology Act, 2000.
Free Security Tools offered by the government of India to control Cyber Crime
eScan Antivirus https://www.escanav.com/en/escanav-cert/escanav-cert-intoolkit.asp
K7 Security https://www.k7computing.com/in/k7-bot-removal-tool
Quick Heal. https://www.quickheal.co.in/bot-removal-tool
Free Bot removal tool for Android
eScan Antivirus
https://play.google.com/store/apps/details?id=com.eScanAV.certin
M- Kavach 2, developed by C-DAC Hyderabad
https://play.google.com/store/apps/details?id=org.cdac.updatemkavach
Laws to prevent cybercrimes in India
In India, there are various laws in place to prevent cybercrimes and safeguard individuals and organisations from online threats. These laws aim to address various forms of cybercrime, including hacking, phishing, online fraud, cyberbullying, and child pornography.
Information Technology Act, 2000 (IT Act)
The Information Technology Act of 2000 (IT Act) is a significant piece of legislation in India that governs various aspects of information technology, including electronic commerce, digital signatures, cybercrimes, and data protection. The Act comprises several important sections, each addressing specific areas of information technology. Here is an elaboration and expansion of the input text:
Section 43A: Compensation for failure to protect data:
- This section imposes a legal obligation on body corporates to protect the personal information of individuals in their possession or control.
- In case of any negligence or failure to take reasonable security measures leading to unauthorised access, use, or disclosure of personal information, the affected individuals can seek compensation from the concerned body corporate.
Section 66A: Punishment for sending offensive messages through communication services:
- This section deals with the offence of sending offensive, menacing, or false messages through electronic communication services.
- It prohibits the transmission of messages that are grossly offensive, sexually explicit, or cause annoyance or inconvenience to the recipient.
Section 66C: Punishment for identity theft:
- This section criminalises identity theft, which involves impersonating another person by using their identity information without their consent.
- It aims to protect individuals from unauthorised access to their personal information and the subsequent misuse of their identity.
Section 66D: Punishment for cheating by personation through communication technology:
- This section addresses the offence of cheating by impersonating another person through electronic communication technology.
- It criminalises the act of fraudulently obtaining money or other valuable things from an individual by pretending to be someone else.
Section 67: Punishment for publishing or transmitting obscene material in electronic form:
- This section prohibits the publication or transmission of obscene material in electronic form.
- Obscene material is defined as content that is lascivious or appeals to the prurient interest of an average person, applying contemporary community standards.
Section 72A: Power to issue directions for blocking public access to information:
- This section empowers the Central Government or its authorised agencies to block public access to certain online content deemed unlawful or harmful.
- It can be invoked in cases of national security, public order, or to prevent incitement of an offence.
Section 79: Intermediary guidelines and digital due diligence:
- This section provides a framework for intermediary liability and imposes due diligence obligations on intermediaries (such as social media platforms and e-commerce websites) to address unlawful content and user safety.
- Intermediaries are required to remove or disable access to unlawful content promptly upon receiving actual knowledge of its existence.
These are a few examples of the important sections of the Information Technology Act, 2000, which collectively aim to regulate the use of information technology in India, protect individuals’ rights, and ensure a safe and secure digital environment.
The Indian Penal Code (IPC)
The Indian Penal Code (IPC) has undergone significant amendments to address the rapidly evolving landscape of cybercrime. These amendments aim to provide a robust legal framework to combat various forms of online threats and protect individuals from cyber-related offences.
Cybercrime provisions
- Section 66C (Identity theft):This section criminalises the fraudulent use of another person’s identity, such as using someone else’s name, address, or other personal information to commit a crime or impersonate someone else.
- Section 66D (Online stalking):This section addresses the issue of cyberstalking, where a person repeatedly uses electronic means to harass, intimidate, or cause alarm to another person. It includes sending unwanted messages, making threatening calls, or posting defamatory content online.
- Section 66E (Child pornography):Child pornography is a serious offence under the IPC. This section prohibits the creation, distribution, or possession of child pornographic material.
- Section 67A (Cyberbullying):Cyberbullying involves the use of electronic devices to harass, bully, or intimidate another person. This section criminalises the act of publishing or transmitting malicious content with the intent to cause annoyance, humiliation, or emotional distress.
2. Penalties and punishment:
- The amendments to the IPC prescribe strict penalties for cybercrimes. Depending on the nature and severity of the offence, individuals convicted of cybercrimes can face imprisonment ranging from a few months to several years.
- Additionally, fines may be imposed to deter offenders from engaging in such activities.
3. Reporting and investigation:
- The amendments emphasise the importance of timely reporting cybercrimes to law enforcement authorities.
- Specialised cybercrime cells and units have been established within the police force to investigate and handle such cases efficiently.
4. Victim protection:
- The amendments include provisions to protect the rights and privacy of victims of cybercrimes.
- Victims are entitled to legal assistance, counselling, and support during the investigation and trial process.
5. Awareness and education:
- The government and law enforcement agencies conduct awareness campaigns to educate the public about cybercrimes and preventive measures.
- Educational institutions also play a crucial role in raising awareness among students and young adults about the potential risks and consequences of cybercrime.
These amendments to the IPC demonstrate the commitment of the Indian government to combat cybercrime and ensure the safety and security of its citizens in the digital age.
Prevention of Electronic Crimes Act, 2018 (POECA)
- POECA was enacted to strengthen the legal framework for combating cybercrimes in India.
- It introduces provisions related to cyberterrorism, online child sexual abuse, and cyberstalking.
- The act also sets up a National Cybercrime Reporting Portal for individuals to report cyber offences.
The National Cyber Security Policy
The National Cyber Security Policy, enacted in 2013, is a comprehensive framework designed to safeguard India’s cyberspace and critical information infrastructure. It recognises the growing significance of cyberspace in various aspects of modern life, including economic development, national security, and individual privacy. The policy aims to achieve the following key objectives:
- Protection of critical information infrastructure (CII): The policy identifies CII as critical to the functioning of the nation and seeks to protect it from cyber threats. CII includes sectors such as energy, transportation, finance, and healthcare.
- Enhancing cyber security awareness: The policy emphasises the importance of raising awareness about cyber security among various stakeholder groups, including individuals, businesses, and government agencies. It encourages educational programmes, public awareness campaigns, and the promotion of best practices in cybersecurity.
- Development of a skilled workforce: Recognising the need for a skilled workforce in cybersecurity, the policy calls for the development and implementation of educational programmes and training initiatives to prepare individuals for careers in the field.
- Fostering international cooperation: The policy acknowledges the global nature of cyberspace and stresses the importance of international cooperation in addressing cybersecurity challenges. It encourages collaboration with other countries, international organisations, and industry partners to share information, best practices, and resources.
- Legal and regulatory framework: The policy highlights the need for a robust legal and regulatory framework to address cyber crimes and promote responsible behaviour in cyberspace. It calls for the review and strengthening of existing laws and regulations, as well as the development of new legal provisions to address emerging cyber security challenges.
- Public-private partnership: The policy recognises the importance of public-private partnerships in enhancing cyber security. It encourages collaboration between government agencies and the private sector to share information, expertise, and resources.
- Continuous monitoring and improvement: The policy emphasises the need for continuous monitoring and improvement of cyber security measures. It calls for the establishment of a robust cyber security monitoring system to identify and respond to cyber threats in a timely manner.
- Emergency response and crisis management: The policy acknowledges the potential for cyber attacks to cause significant disruption and damage. It calls for the development of comprehensive emergency response and crisis management plans to effectively address cyber security incidents.
The National Cyber Security Policy provides a roadmap for India’s efforts to protect its cyberspace and critical information infrastructure. It emphasises the importance of collaboration, awareness, and continuous improvement to effectively address the evolving challenges of cyber security.
Cyber security and e-governance standards
- The Government of India has developed various standards and guidelines for cyber security and e-governance.
- These standards aim to ensure the security of government websites, digital infrastructure, and electronic services.
Cybercrime cells and task forces
- Several law enforcement agencies in India have dedicated cybercrime cells and task forces to investigate and prosecute cybercrimes.
- These units are equipped with specialised personnel and resources to handle complex cyber investigations.
International cooperation
India, in its endeavour to combat cybercrime effectively, actively engages in international cooperation on various levels. The country collaborates with other nations and international organisations through various mechanisms to share information, best practices, and technical assistance.
- Bilateral agreements:
- India has signed bilateral agreements on cyber security and mutual legal assistance with several countries.
- These agreements provide a framework for cooperation in investigations, evidence collection, and extradition of cybercriminals.
- Notable bilateral agreements include those with the United States, United Kingdom, Singapore, and Australia.
- Multilateral agreements:
- India is a party to several multilateral agreements and conventions related to cyber security and cybercrime.
- These agreements include the Budapest Convention on Cybercrime, the Council of Europe Convention on Cybercrime, and the United Nations Convention against Transnational Organised Crime.
- These agreements facilitate international cooperation in combating cybercrime, harmonising national laws, and promoting best practices.
- International organisations:
- India works closely with international organisations such as the United Nations, the International Telecommunication Union (ITU), and the Organisation for Economic Cooperation and Development (OECD).
- Through these organisations, India contributes to the development of global standards, policies, and capacity-building initiatives related to cyber security.
- India also participates in international forums and working groups to discuss emerging cyber threats and develop coordinated responses.
International cooperation is crucial for India in combating cybercrimes, as cybercriminals often operate across borders, and investigations and prosecutions require access to evidence and witnesses located in different countries. By collaborating with other nations and international organisations, India can enhance its capabilities in preventing, detecting, and responding to cybercrimes, ensuring a safer cyberspace for its citizens and businesses.
Cyber security awareness campaigns
- The government and various organisations conduct cyber security awareness campaigns to educate individuals and businesses about online threats and protective measures.
- These campaigns aim to promote responsible online behaviour and encourage the use of strong passwords, two-factor authentication, and security software.
Cyber forensics and incident response in India
India has made significant strides in strengthening its cyber security infrastructure, including the establishment of cyber forensics laboratories and incident response teams. These resources play a vital role in assisting organisations in the investigation and handling of cyber incidents.
Cyberforensics laboratories
Cyberforensics laboratories are specialised facilities equipped with advanced tools and technologies to analyse and investigate digital evidence. In India, these laboratories are typically established by government agencies, law enforcement organizations, and private companies.
Functions of cyberforensics laboratories include:
- Data recovery: Recovering deleted or damaged data from computers, mobile devices, and other electronic devices.
- Evidence analysis: Analysing digital evidence to identify patterns, extract relevant information, and determine the source of an attack.
- Expert testimony: Providing expert testimony in court cases involving cybercrimes.
Incident response teams
Incident response teams (IRTs) are groups of trained professionals who are responsible for managing and responding to cyber incidents. IRTs typically work in close coordination with cyber forensics laboratories to gather and analyse evidence, contain the incident, and restore affected systems.
In addition to the efforts of government agencies and private companies, India has also established a number of initiatives to raise awareness about cyber security and promote best practices. These initiatives include:
- The National Critical Information Infrastructure Protection Centre (NCIIPC): This centre is responsible for coordinating and overseeing the protection of India’s critical information infrastructure.
- The Indian Computer Emergency Response Team (CERT-In): This organisation is responsible for responding to cyber incidents and providing assistance to organisations affected by cyberattacks.
These initiatives have helped to create a more secure cyber environment in India and have made the country more resilient to cyber threats.
In summary, India has a robust legal and regulatory framework to prevent cybercrime and protect cyberspace. The government, law enforcement agencies, and various stakeholders are actively working to combat cyber threats, enhance cyber security, and create a safer online environment for individuals and organisations.
Conclusion
As the use of the internet grows rapidly from organisations to individuals, the cybercrime rate is also increasing in the same proportion. Experts’ predictions and statistics show that the cybercrime rate will increase by 15% annually. As the cybercrime rate increases, the cost of cybercrime will also increase proportionately. Organisations have to spend huge amounts on cyber security to lower the threat of cybercrime because cybercrime not only causes financial loss to the organisations but also harms their reputation, whose cost cannot be estimated. The government is also adopting strong measures to devastate the cybercrime rate for the security of the country, not only for the government organisations and government departments but also for the public of the country on an individual basis by providing free anti viruses for Windows as well as for Android mobiles, which costs too much for the country. As per the statistics, the recovery rate from cybercrime is 10% of the actual loss caused by cybercrime, which is very low, so for the security of the country and its people from cybercrime, investment in cyber security is necessary.
References
- https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
- https://www.linkedin.com/pulse/six-costliest-cyberattacks-history-shieldsupport
- https://www.evolvesecurity.com/blog-posts/actual-cost-of-cybercrime#:~:text=The%20Global%20Cost%20of%20Cybercrime&text=Statistics%20predict%20that%20cybercrime%20will,damages%20that%20costed%20%246%20trillion
- https://www.csk.gov.in/