By Shivanand Pandit

Cybercrimes are increasing across the world. In particular, India has witnessed a tremendous jump in the number of cybercrimes. According to information provided by the Ministry of Electronics and Information Technology (Meity) to a parliamentary panel, between 2018 and 2021, there was a five-fold increase in cybercrimes and cyber fraud incidents recorded by the government. On the other hand, amidst an increase in cyberattacks, the central government is yet to execute the National Cyber Security Strategy, which has been happening ever since 2020. The ministry told the panel that India has experienced a noteworthy surge in cases of cyber fraud and cyber-linked occurrences in the previous three years. An increase in phishing attacks, financial frauds, mail-spams and ransomware attacks were reported during the Covid-19 lockdown, when people largely worked from home, as attackers impersonated brands and deceived employees and customers.

According to facts available with the Indian Computer Emergency Response Team (CERT-In), the government agency for computer security, the number of cybercrimes increased from 2,08,456 in 2018 to 14,02,809 in 2021. That is approximately a 572% surge in three years! Also, 2,12,485 such incidents have been recorded in the first two months of 2022 itself! Indian organizations have seen a 218% surge in ransomware attacks in 2021, making India the 10th most targeted nation, worldwide, and second after Australia in the Asia-Pacific region. India was graded amongst the leading 10 countries out of 193 in cyber security posture for 2020. India climbed from the 47th position in 2018 to the 10th position in 2020. According to the American cyber security organization Palo Alto Networks’ 2021 report, Maharashtra was the most targeted state in India—facing 42% of all the ransomware attacks.

India is among the more reasonably lucrative countries for hacker groups and these hackers ask Indian firms to pay a ransom or money, usually using crypto-currencies, in order to regain access to their data. A worrying 25% of Indian organizations suffered a ransomware attack in 2021. This is higher than the international average of 21%. Software and services (26%), capital goods (14%), and the public sector (9%) were among the most targeted zones. Also, according to the study done by CyberPeace Foundation, Autobot Infosec Private Limited, along with CyberPeace Centre of Excellence, cyberattacks on the Indian petroleum refinery network have been on the rise with massive attacks recorded between October 2021 and April 2022.

Also Read: Rajasthan High Court disposes PIL on discriminatory practice by Jodhpur Vidhyut Vitran Nigam Limited

The country’s cyber security strategy recommends a distinct jurisdictive outline for cyberspace and the formation of an apex body to tackle threats, responses and grievances. However, this has been pending with the central government for over two years. The strategy, conceptualized by the National Security Council Secretariat of India, led by Lt General Rajesh Pant, has been in the works since 2020. Named the National Cyber Security Strategy, 2021, the policy emphasizes the need for a judicial framework to address the evolving challenges in the technology zone.

In the recent budget session of Parliament, many MPs grilled Meity on when the centre intends to announce the policy. In response, the centre explained that it has prepared a draft National Cyber Security Strategy, 2021, which holistically looks at addressing issues related to security of national cyberspace. Without mentioning a deadline for its execution, the centre added that it had no plans, as of now, to coordinate with other countries to develop a global legal framework on cyber terrorism.

The Data Security Council of India (DSCI) has prepared a 22-page report focusing on 21 areas to ensure safe and vibrant cyberspace for India. Some of the focus areas are large-scale digitalization of public services, state-level cyber security, etc. The report recommends a national framework that should be set in collaboration with institutions like the National Skill Development Corporation and Information Security Education and Awareness to provide global professional certifications in security. The DSCI further recommended a creation of “cyber security services” with a cadre chosen from the Indian Engineering Services. However, all these suggestions are only on paper, as of now.

Also Read: Allahabad High Court refuses to interfere with order of accused joining police force

The Ukraine-Russia war has confirmed that a cyberwar is in progress. Power and telephone networks are disturbed. Australia’s policy, introduced in 2020, has expanded the sectors covered under the policy from the earlier 4 to 11. Likewise, the UK has designated 13 sectors as critical infrastructure. Although numerous industry specialists narrated the need for cyber security policy in India, the government is still not considering the issue on a priority basis.

The current legal and regulatory frameworks do not address the evolving threat scenarios or methods to fight the same. Currently, there is no dedicated association to take care of cyber security. The response to cyber security threat can be taken under the Information Technology Act and the IPC. CERT-In and the National Critical Information Infrastructure Protection Centre handle incident responses.

The rise in cyberattacks and threats in India has brought to light the urgent need for strengthening the country’s cyber security. India should execute a strategy immediately and it needs its unique cyber security law and devoted authority to be at par with global standards. Cyber security needs to be extended to safeguard many verticals of critical infrastructure. There should be consolidation, integration, reorientation, and realignment of the present mechanism to create the apex establishment.

Also Read: Supreme Court upholds Kendriya Vidyalaya Class 1 age criterion for admissions

The strategy should target methods to configure a comprehensive system, with both state-owned and private companies having to obey cyber security yard­sticks. It should stipulate a strict recurring cyber audit and suggest annual appraisals by the apex body yet to be established. The framework of the policy should aim to label cyber security as a strategic sector. There should be an obligation upon all players to ensure cyber safety. However, this can only be done if Parliament passes a bill quickly.

The pandemic demonstrated severe warning for India’s cyber security. Several Covid-19 test results were leaked and a cyber attack took place on systems of an airline service provider, resulting in the leakage of personal data of 4.5 million passengers. As per the investigation by US cybertech firm CrowdStrike, on an average, companies across the world take seven days to respond to cyber security violations. In contrast, Indian companies take around nine days. India now has more than 1.15 billion phones and over 700 million internet users which makes it a sitting duck for cyber attacks. The pandemic has only worsened this problem as it resulted in an even heavier dependence on digital technologies. From payments to e-shopping to working from home, the pandemic led to the greater adoption of interconnected devices and hybrid work networks. Consequently, this vast and rapid expansion of digital assets has only increased the ambit for cyberattacks.

The abovementioned facts and figures push India at the bottom of the list when it comes to dealing with cyber security threats and attacks. Undoubtedly, India is one of the fastest-developing markets for digital technologies. Therefore, the government needs to introduce and implement a robust cyber security strategy immediately.

—The writer is a financial and tax  specialist, author and public speaker based in Margao, Goa

The Allahabad High Court has summoned the SP Cyber Crime Lucknow, the then Bai Ka Bagh branch manager and the complainant, posted in the regional office of State Bank of India, Lucknow, to appear before it on March 15.

A Single-Judge Bench of Justice Shekhar Kumar Yadav passed this order, while hearing a Criminal Miscellaneous Bail Application filed by Chandrabhan Singh Yadav.

As per the FIR, the incident took place on October 15-16, 2020, in which Rs 17 lakh were withdrawn by a Cyber thug from the account of victim Ghanshyam.

The FIR of the alleged incident was lodged on October 19, 2020.

The Additional Government Advocate filed a counter affidavit without annexing any documents in respect of the progress report, which was not satisfactory.

The Counsel for the victim submitted that on part of negligence of Branch Manager, a huge amount has been withdrawn by the applicants, but the then Branch Manager Avneesh Shukla has been exonerated by the investigating officer.

Also Read: Supreme Court refuses to quash bail of rape accused, observes it as consensual relationship

“The SP Cyber Crime, Lucknow is directed to appear in person before the Court, along with progress reports, in the matter”

-the Court ordered, while also summoning the then Branch manager and the victim on the next date of hearing, which is March 15.

The Allahabad High Court on Tuesday  observed  that cyber thugs are hollowing out the entire country like termites. The economic condition of the country is deteriorating. Accountability should be fixed so that the money looted by cyber thugs is not lost.

The High Court has sought a response by issuing notices to the Central and State Governments and the Reserve Bank of India in this matter, regarding how the hard earned money of honest poor citizens should be protected from cyber fraud. The court said that the responsibility of the bank and the police should be fixed.

Justice Shekhar Kumar Yadav has given this order while hearing the application of Neeraj Mandal alias Rakesh.

By order of the High  court dated 15-7-2021, it was summoned to S.P.Crime  Allahabad and Cyber Police Inspector to inquire about cyber fraud of more than one lakh in the state and Prayagraj.  And how many cases of cyber fraud are registered below one lakh and what is its progress report.

The court observed  that the affidavits of the officers are not satisfactory. It seems that both the bank and the police are not serious. Proper efforts were not made to prevent fraud. The life capital of the people was looted. They are told that the fraud took place from a remote area. Even the police are afraid to go to the Naxal area. Refunds like this are difficult. People sit blaming fate. Cyber criminals take advantage of the slowness of banks and police.

The High Court said that when even the judge is not safe, then what should be said about the common man. The state government should stop cheating and fix the accountability of the bank and the police.

The Court was hearing a case  related to cyber fraud in which cyber thugs withdrew lakhs of rupees through phone from the bank account of a retired High Court judge.  During the investigation, the accused was arrested and it was told by him that he has a gang of cyber thugs , through which he talks to people with fake mobile sims, knowing their bank details and withdraws the entire money from the bank customer’s account.  Such work is being done through cyber fraud all over the country. 

Considering the gravity of the matter, the court felt that the citizen of the country by keeping his money in the bank for the security of his hard earned money was sure that his money would be safe in the bank and if required whether it be for child’s education, wife’s treatment.  Or if the daughter gets married, if need be, he will fulfill his requirement by withdrawing the money deposited in the bank, but when he comes to know that his hard earned money has been robbed by cyber fraud, then his land slips and his whole aspirations get watered again. 

During the hearing of the case the High Court said that it becomes a situation of life and death, it is only a matter of the poor who deposit money in the bank.  It is also the resolve of the Prime Minister of the country that everyone should have a bank account in which the middlemen cannot get the money of the poor given by the government.  The court does not talk about those rich and white collar who do not keep their black money in the bank and weaken the economic condition of the country by keeping it with themselves.  The court is talking only about those honest citizens who keep their money in the bank and strengthen the economic condition of the government and the country and take them on the path of development. 

Read Also: Allahabad High Court denies bail to policeman booked for causing custodial death

The Court went on to state that  the irony is that the money of the poor is not safe even in the bank and there thieves throw money from their account, then what should the poor do, it is a matter of thinking that the money deposited in the bank of the poor will have to be guaranteed and  Responsibility has to be fixed.  In such a situation, the court is interested to know how it can be decided that the money withdrawn through cyber fraud should be returned and if it is not returned then on whom should the responsibility of paying it be fixed on the  concerned bank or on the concerned police officer conducting the investigation. 

“Somewhere it has to be decided because this disease is making the whole look hollow and is getting poorer and poorer.  It will not help to say that this is a case of cyber fraud.  Criminals do not get caught and the customers themselves should be smart.  The vast majority of the country’s population is less educated and less intelligent, while cyber fraudsters are educated and very clever, in whose guise, well-educated innocent citizens are trapped”, the order reads.

The next hearing of the Petition will take place on September 14.