Though the country has not been seriously impacted by WannaCry, there is no guarantee it won’t be attacked in future considering how unprepared it is to tackle these crimes

~By Ramesh Menon in Delhi

The monster cyber attack on millions of computers across Europe and Asia with WannaCry, a ransomware, shows how unprepared India is. Over 2,30,000 computers in 150 countries have been affected and Microsoft has said that it is a wake-up call for all governments around the world. Breaches in the recent past have shown how critical such private data leaks can be for criminals who play havoc with personal data.

Neeraj Aarora, a Delhi High Court cyber lawyer, said: “It is a frightening scenario in India as the authorities have not woken up to the threat of cyber crime and how serious it can be.” That India is yet to have secure systems for data was more than clear recently when millions of people had their personal details leaked along with their Aadhaar numbers by a government website in Jharkhand. The Narendra Modi government is pushing for Aadhaar to be mandatorily linked to PAN cards. Opposition for this has come not because of privacy reasons, but because there is a real fear of personal data being compromised.

Well-known cyber lawyer Pavan Duggal who is chairman, International Commission on Cyber Security Law, told India Legal: “India is thoroughly unprepared to combat cyber crime. It does not have the wherewithal to deal with it. We do not even have a cyber security law in place. We have not even criminalised ransomware as cyber crime. We have not amended the Indian Cyber Law for the last nine years and it is outdated now. India’s National Cyber Security Policy is just a paper tiger as it has not been implemented. India requires fresh approaches to deal with this challenge.”

Last month, over a million Aadhaar numbers were leaked from a Jharkhand government website due to a programming error. Private data became dangerously public. Names, addresses and bank account details of beneficiaries of Jharkhand’s pension scheme were plastered on a government website. Earlier, cyber security experts in the state had warned that the government’s websites were not secure. But, nothing was done. Ironically, the breach came to light when the Supreme Court was questioning the Modi government’s policy to make Aadhaar mandatory so that people get benefits from various government schemes.

A notification of the Unique Identification Authority of India clearly states that the Aadhaar number of an individual will not be published or publicly displayed by any agency. The onus of ensuring security and confidentiality is on the agency that is in possession of the numbers. Any disclosure is punishable by a three-year jail term and fine.

Aadhaar was a wholesome idea as it would have helped the government function more effectively, dispense subsidies to the poor, cut down corruption and ensure that benefits reach the beneficiary without leaks. However, the government did not adequately work on the security of the system. It was not just the Jharkhand government that slipped up. Even the Union Water and Sanitation Ministry did so too by uploading the Aadhaar numbers of beneficiaries of the Swachh Bharat Mission-Gramin on its website. It took down the data when the breach was noticed, but the damage was done.

Cyber experts and activists are rightly worried that the privacy and security of millions of people will be compromised when such details like biometric information, bank account details, identification details of retina scans and other personal details get leaked. If it falls into unscrupulous hands, one can imagine the mayhem that will be unleashed.

Prof Sunil Saxena, Dean, GD Goenka University, Gurgaon, said: “India is heading for a cyber crime deluge. Financial crime is the most worrisome. Even educated people are falling victims to SIM swap, which is literally identity theft. India needs an independent all-India cyber police to tackle such crimes.”

Most Indians do not even understand the digital world. It is little solace that even the police and the judiciary do not know what to do under these circumstances. They carelessly upload a lot of personal information on social media and online platforms. How many bother to read the terms and conditions before signing up for something online? A report by consulting firm E&Y Fraud Investigation and Dispute Services indicates that 90 percent of Indian businesses identified social media as a precarious platform spurring new age cyber threats.

India has reason to be worried. A McAfee study points out that India is estimated to be losing 0.21 of its gross domestic product to cyber crime. The report said that about two-thirds of businesses were unable to detect a cyber incident due to poor understanding of the motive behind the attack.

Fifty-five percent of respondents felt that cyber laws need to be strengthened. Thirty-four percent said that regulations of cyber laws need to be clearer. Seventy-two percent feel that their company’s IT security teams lacked specialists to fight cyber crime.

Duggal said: “We need to inculcate a culture of cyber security among stakeholders and introduce cyber law education as a part of the school curriculum from standard one.”

Chennai-based Vijayshankar Na who runs a cyber law portal, naavi.org, told India Legal: “We need to make intermediaries accept responsibilities for the end user’s losses. We also need to promote cyber insurance so that financial losses can be minimised. Governments need to collaborate better for prevention of international crimes with a coordinated law enforcement action.”

As India goes digital, it has a lot of homework to do. There has to be widespread training to create awareness of cyber crime that is gearing up to spot loopholes in weak firewalls. The police needs to be trained and so does the judiciary. Aarora is flooded with requests from both private and government organisations asking him to train them on how to be digitally secure.

It is a matter of time before cyber criminals target India. The country has no choice but to beef up its security before unimaginable damage is done.