ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 10th August. Click Here for more information.
Contents
Source: The post is based on the article “Defending against cyber threats” published in the Business Standard on 21st November 2022.
Syllabus: GS 3 – Basics of cyber security.
Relevance: About India’s cyber threats.
News: The recent cyberattack at the All India Institute of Medical Sciences is a stark reminder that no entity is safe from cyber threats.
About India’s cyber threats
-Based on the data from the Indian Computer Emergency Response Team (CERT-In), 1.2 million cybersecurity incidents were reported in 2020, 1.4 million in 2021, and 0.67 million up to June in 2022.
-Google in contrast stated that India witnessed 18 million cyberattacks and 200,000 threats a day in the first quarter of 2022 alone.
-The World Economic Forum, in its 2022 Global Risk Report, identified cyber threats as among the top five global risks.
How EU is tackling cyber threats?
EU’s General Data Protection Regulations(GDPR): The EU expects companies to maintain the integrity of critical infrastructure, systems, and services, and is steadily upping the requirements through its Network and Information Security directives. Further, the EU has put in place guidelines regarding the reporting of data breaches.
| Read more: Are ransomware attacks increasing in India? |
What are the various recommendations to tackle India’s cyber threats?
Securities and Exchange Commission (SEC): a) It proposed amendments to its Cybersecurity Rules and put out two papers for discussion, b) Highlighting Cybersecurity Governance, the SEC expects companies to disclose the extent of the board’s oversight of cybersecurity risks, and the management’s role in assessing and managing cybersecurity-related risks, and in implementing the company’s cybersecurity policies, procedures, and strategies.
The Kotak committee: The committee put the onus of dealing with cybersecurity on the risk management committee of the board.
| Must read: Held To Ransom – Healthcare sector is a sitting duck to cybercriminals. AIIMS & other hospitals must shore up security systems |
What needs to be done to reduce India’s cyber threats?
Follow proper cyber risk management: This includes not only preventing breaches but also placing guidelines regarding the process to be followed once there is a cyberattack. This will help minimise financially and mitigate reputational damage when a breach occurs.
There should be clarity regarding reporting data breaches: The board members must have financial acumen, familiarity, and skills to understand cyber reporting and the ability to interact with third parties and internal resources to effectively oversee the organisation’s cybersecurity architecture.
