This article has been written by Amalendu Bhusan Roy pursuing Diploma in Technology Law, Fintech Regulations and Technology Contracts and edited by Shashwat Kaushik.
This article has been published by Sneha Mahawar.
Table of Contents
Introduction
Cybersecurity involves protecting data, devices like laptops, computers, smartphones, POS, etc., software systems and networks from any unauthorised third party’s attack, criminal activity or harming the system. Any software consisting of sensitive information like financial, medical, legal, or any other information must be well equipped to prevent any sort of damage, loss or malfunction from cyber-attack. Inappropriate security measures in place could expose the devices, data and software to harmful threats like malicious software. Therefore, cybersecurity measures are very essential and critical to the quality, security and value of a system. If any third party or criminal gains unauthorised access to a system with sensitive data, he can harm us, which leads to an increase in various fraudulent/criminal activities.
Types of cybersecurity
There are different types of cybersecurity, as various types of cyber threats exist. A brief overview of some subcategories is discussed herein under:
Application security
It is a measure for the security of software applications and preventing illegalities/criminalities that could be exploited by any third party attackers. It requires safe coding, regular updating of software and application-level firewalls. It is for preventing cyberattacks by adopting policies that block unauthorised traffic.
- Following the rules and regulations of the Google Play Store, most of the apps are being used by us on our cell phones.
- There are 3.553 million applications in Google Play; Apple App Store has 1.642 million, while Amazon App Store has 483 million available to download by its users. When we have better options/ other choices available, it does not mean that all applications are safe.
- Many apps, although seem to be safe, after taking all the information of the users, pass it on to third parties.
- The app should be installed on a trustworthy/safe platform, not from some 3rd party website in the form of an APK (Android Application Package).
Cloud security
It consists of securing applications, data and infrastructure provided on cloud platforms, which ensures proper access controls, data protection, and compliance. There are many cloud service providers, such as AWS,Azure,Google Cloud, etc., to ensure safety against various threats. Data storage on cloud platforms has become very popular in recent years. It ensures the privacy and safety of data in the cloud and makes it accessible with appropriate authentication from any device. To a certain extent, these platforms are free but if anyone wants to save more data, then he has to pay. For example, Amazon Web Services (AWS) is the most comprehensive and broadly adopted cloud service in the world, offering many fully featured services globally from data centres. Many customers, including startups, large enterprises and government agencies, are using AWS to lower their costs, become more agile and innovate faster.
Critical infrastructure security
Public-sector cybersecurity is a branch of cybersecurity that focuses on protecting the networks, systems, and assets of public-owned infrastructure. This includes infrastructure owned by cities, regions, and countries.
Public-sector cybersecurity is important because it protects critical services that are essential to the public’s safety and well-being. These services include water, power, transportation, and telecommunications. A cyberattack on these services could have a significant impact on the public, causing widespread disruption and damage.
Public-sector cybersecurity is also important because it protects the privacy and security of personal information. Public-sector organisations often collect and store large amounts of personal information, such as social security numbers, credit card numbers, and medical records. A cyberattack on a public-sector organisation could lead to the unauthorised disclosure of this personal information, which could have a devastating impact on individuals.
Information security
It especially deals with the safety of sensitive data and information with confidentiality, integrity and availability, which determine the quality of the system that manages or holds information.
Network security
It defends the reliability and security of a company’s infrastructure and focuses on network integrity by preventing malicious actors from appearing via the internet.
Common cyber threats
Generally, those who attack any information system are evil and motivated for monetary gain. Some miscreants/ criminals are also there to steal or destroy data for political/personal reasons, as an insider threat to the company they work for, to boost the interest of their land, etc.
The most common attacks are:
- Password attack;
- Phishing scam;
- DOS attacks, i.e., denial of service attack;
- man-in-the middle attack; and
- malware.
All you need to know about cybersecurity regulations
Cybersecurity regulations are very essential to protect against breaches of data because theft or corruption of data eventually incurs financial losses and damage to the reputation of an organisation. Being agreed to comply with legal requirements and subsequently non-compliance with regulations and standards can result in significant fines and penalties, as well as action as per the law of the land. Cybercrime law, cybersecurity law or cyber law comprises a number of directives that safeguard information technology (IT) with the aim of forcing organisations to protect their information and systems from cyber-attacks.
The Information Technology Act of 2000 is the main law governing cyber-related activities in India. The Act was enacted in 2000 and has been amended several times since then, most recently in 2008. The Act covers a wide range of topics, including electronic transactions, digital signatures, cybercrimes, and data protection.
The Act defines a cybercrime as any crime that is committed using a computer or other electronic device. Cybercrimes can include a wide range of activities, such as:
- Hacking: Unauthorised access to a computer system.
- Data theft: Stealing or unauthorised use of personal or confidential information.
- Cyberbullying: The use of electronic devices to harass or intimidate someone.
- Phishing: Sending fraudulent emails that appear to be from legitimate companies in order to steal personal information.
- Malware: Software that is designed to damage or disrupt a computer system.
The Act also provides for a number of data protection provisions, including:
- The right to privacy: Individuals have the right to control how their personal information is collected, used, and disclosed.
- The right to access: Individuals have the right to access their personal information that is held by a company or organisation.
- The right to correction: Individuals have the right to correct any inaccuracies in their personal information
- The right to erasure: Individuals have the right to have their personal information erased if it is no longer necessary for the purpose for which it was collected.
The Act is designed to protect individuals from cybercrimes and to ensure that personal information is protected. Internet laws and regulations are collectively referred to as ‘cyber law’. Since there are large risks that entail operational internet work, such operations are required to be protected by comprehensive and extensive rules and regulations. Prevailing cybersecurity regulations cover various aspects of business operations and generally vary by region or country in which a business operates.
Essential for cybersecurity requirements
Essential for cybersecurity requirements are:
- Identify, i.e., make a list of all equipments, software, and data to be used, including laptops, smartphones, tablets, POS devices, etc..;
- To protect against cyberattacks on equipments,software and data to be used in the safest possible way.
- To detect any cyber attack on equipment, software and data, including laptops, smartphones,tablets and other devices.
- To respond quickly against cyberattacks and secure IT infrastructure by engaging experts to investigate and identify the source of the attack and its reasons.
- To recover data after a cyberattack from backups. It requires secure,reliable and regular backup data to locations like cloud storage, external hard drives, etc.
The three states of the data are:
- data in rest;
- data in motion; and
- data in use.
Data can change states quickly and frequently, or it may be retained in a single state for the entire life cycle of a computer. Key focuses for data protection strategies are: (i) data security – protecting data from malicious or accidental damage; (ii) data availability – quickly restoring data from accidental damage or loss; and (iii) access control – ensuring that data is accessible to those who need it and not to anyone else.
Case law
In India, the first case of cybercrime was that of Yahoo! Inc. vs. Akash Arora & Anr. (1999) Delhi HC, which occurred in 1999. Here, the respondent, Akash Arora, was accused of using the company’s logo and name, ‘yahooindia.com’. Accordingly, a decree of permanent injunction was sought by the plaintiff.
Under Section 43 of Chapter IX of the I.T. Act, whoever, without appropriate authority or valid permission from the concerned authority of any computer system, accesses, downloads, induces a computer virus or causes obstruction of access to the systems is liable to pay a fine up to Rs. one crore. On July 26, 2023, the Securities and Exchange Commission (SEC) adopted certain rules requiring the disclosure of facts for cybersecurity incidents and cybersecurity risk management, strategy and governance by public companies, including foreign private users.
Recently, the Government of India announced that there are faults in some versions of ‘Google Chrome’. Using these faults, the fraudsters can attack any laptop, smartphone or computer. So, the Government of India announced alertness for users of Chrome browsers. How to keep the devices safe, G.O.I. announced that in the Windows operating system – at Chrome browser 118.0.5993.70/.71 and in Mac or Linux operating system 118.0.5993.70 – these two versions are at high risk. The latest cybercrime in India is:
- Criminals using Virtual Private Networks (VPN) via China and Dubai made online frauds: Pune cops.
- In e-scams in Pune, two experts in technology lost Rs. 50 lakh.
- A retired Colonel loses a huge amount in Pune’s biggest e-task fraud.
- Kolkata police held the first Facebook live session on e-crime.
- Youth lose Rs. 6 lakh in the name of crypto cash.
In India, cybercrimes are dealt with in the following sections of the IPC:
- Committing forgery in document or in electronic record for cheating under Section 468 of the Indian Penal Code of 1860. (Forgery for purpose of cheating)
- Forgery by making false document or part of it (Section 465 of the IPC).
- Fraudulently or dishonestly presenting a forged document as genuine one (Section 471 of the IPC)
- Committing forgery in a document or electronic record to harm the reputation of any party (Section 469 of the IPC)
Statistical report on cybercrime
- Approx. 1 billion emails faced cyberattacks in a single year, affecting 20% of the users.
- An average of $4.35 million in costs were incurred by businesses in 2022 due to data breaches.
- During 1st. and 2nd quarters of 2022, a number of ransomware attacks occurred worldwide, totaling around 236.1 million.
- 50% of internet users in the USA had their accounts breached in 2021.
- In the United Kingdom, 39% of business establishments faced cyber attacks in 2022.
- Around 10% of US organisations have no insurance coverage against cyberattacks.
- More than 50 million US citizens faced cyberattacks during first six months of 2022.
- Between 2020 and 2022, more than 1.3 million cybercrimes were reported throughout India.
Cybersecurity Tech firms are still prime targets of cybercrime, and for understandable reasons: the wealth of client information managed, along with valuable intellectual property (IP) and other confidential or proprietary data, are appealing to threat actors. Tech firms’ first step towards stronger cybersecurity also starts with knowledge. Building cyber situational awareness (CSA) is critical, including knowledge of firms’ IT systems, threats targeting them, and how to respond to those threats. A robust CSA can help identify immediate risks for tech firms so they can mitigate them and improve their security. Once firms better understand their IT environment’s potential threats, they can identify and address cyber risks before they affect firms’ operations. Using strong passwords, updating software, thinking before clicking on suspicious links and turning on multifactor authentication are the basics of what we call “cyber hygiene” and will drastically improve one’s online safety.
Tips for secure computing
The top 10 secure computing tips are:
- Everybody is a target for hackers. We should not say that it won’t happen to us. We are all at risk, and stakes are high – both for personal and financial well-being and for the organisation’s standing and reputation. Therefore, cybersecurity is everyone’s responsibility.
- To keep software up-to-date.
- Avoid phishing scams – beware of suspicious emails and phone calls.
- To practise good password management.
- To avoid visiting unknown websites or downloading software from untrusted sources.
- The devices should never be left unattended.
- To safeguard protected data.
- To use mobile devices safely.
- Installation of antivirus/anti-malware protection.
- Data should be backed up regularly; i.e., if anyone is a victim of a security incident, the only guaranteed way to repair the computer is to erase and reinstall the system.
Cybercriminals are attacking with more aggression, sophistication, and tenacity than ever before and there are three main reasons why:
- Automation: Attackers do far less manual work these days. They now often turn to automated tools to execute attacks or outsource the task to someone else entirely.
- Scale: Large businesses are not the only entities at risk. Hacking requires far less effort, skill and time than ever before, allowing cybercriminals to launch larger attacks that affect more victims.
- Motive: Cybercrime can be a lucrative business. Hackers can make quick money by selling data or extorting victims for ransom.
Clients rely on the tech firms to keep their confidential data safe. But implementing the proper cybersecurity measures can be challenging, especially if the firms don’t have the right information, Tools or guidance.
Conclusion
We are looking for developments in the field of cybersecurity, like increased cybersecurity compliance, better threat detection models and quick response tools. OT’s, IoT’s, and cloud working firms should consider implementing some good practises to prevent their systems from being attacked.
In the current scenario, humans are increasingly relying on technology, which paves the way for hackers to enter the systems and steal our personal information. Cyberlaws need significant upgrades to keep pace with the increasing number of modern-day attacks. Laws and countermeasure technologies must also be as advanced as the attacks.
References
- https://greycortex.com/blog/implementing-new-technology-6-cybersecurity-tips-you-should-know
- https://www.techtarget.com/searchsecurity/definition/cybersecurity
- https://www.cio.gov/
- https://www.indusface.com/blog/everything-startups-need-know-security/
- https://www.logrhythm.com/research/security
- https://www.14c.mha.gov.in
- https://intellipaat.com/blog/cyber-security-tips-best-practices/
- https://aag-it.com/the-latest-cyber-crime-statistics/#:~:text=In%202022%2C%2039%25%20of%20UK,of%20%C2%A34200%20in%202021.