Why cybercrime is rampant in India!

The dawn of the 21st century brought seismic changes to the way human beings functioned. While technology has been the driving force, the advent of the internet has been at forefront of making our daily lives more convenient. From connecting with friends, ordering food, booking tickets, buying gifts or daily essentials to even finding partners, we can now do it all on the go thanks to mobile devices and gadgets, bolstered by internet connectivity.

While the internet has surely made things easier and more convenient for us, it, sadly, also opened up opportunities for cybercrime. Whether it's our personal or professional life, the internet and its usage remain prevalent on a daily basis which, in turn, serves as a breeding ground for cybercriminals to target people across the globe. And, India is no different.

There was a dearth of understanding regarding the crimes committed over the internet a few years ago, but today, India is not far behind when compared to other countries in terms of the rate of occurrence of cybercrime which continues to grow by the year.

India remains the second largest online market in the world, only ranked behind China, with around 600 million internet users. And, the industry experts estimate that figure to surpass the 650-million mark by 2023. With the rise in internet users, there has also been a significant rise in cybercrimes in India.?

According to the data released by CERT-In (Indian Computer Emergency Response Team), the first two months of 2022 reported more cybercrimes when compared to cases recorded for the entire of 2018. A total of 2,08,456 incidents were recorded in 2018 and since then, India has registered 3,94,499 incidents in 2019; 11,58,208 cases in 2020; 14,02,809 cases in 2021; and 2,12,485 incidents in the first two months of 2022. There is a staggering seven-fold increase in cyber crimes in three years between 2018 and 2021, and more sharply during the pandemic.?

There are numerous reasons that have served as a catalyst for the growth of cybercrimes in India. For one, as the internet continues to uplift people living in Tier 2, Tier 3 and even more remote or rural areas, the lack of awareness about cybercrimes has added to the problem. Also, the majority of the Indian population still don't know where to go and whom to report to after suffering at the hands of cybercriminals. More importantly, the Indian laws, despite being more streamlined and structured in recent times, still struggle to negate the challenges of the growing cybercrimes in the country.

The implications of cybercrimes may differ for an individual when compared with a business entity. At the individual level, consumers can be duped of money and breached of their privacy by cybercriminals. At the enterprise level, businesses can be exploited competitively and held on ransom for their data by cybercriminals. Thus, it is important to understand distinctive ways to tackle the menace of cybercrime at both the individual and enterprise levels.

At an individual level, there is a need to create massive awareness and educate consumers about precautions they must take while going digital. India's OTP-based transaction systems and UPI are robust and secure. The advent of the Personal Data Protection Law will hold custodians of individuals; private data accountable and make them more responsible. This development will enhance the protection of an individual against potential cybercrime.?

At the enterprise and MSME levels, things are more serious. While every firm strives to ensure proper utilization of resources and capital, only a few are able to actually achieve the elusive dream. That's probably why many organizations are seen using sub-standard tech tools and applications which are not only sub-standard but also provide an opportunity for cybercriminals to target the firm.

While facilitating the work-from-home culture for employees, companies should refrain from using free tools and invest in low-cost VPN routers to enable remote access. This will not only make work easier for employees but can also keep cybercriminals at bay. Similarly, the sub-standard email systems, used by companies to save money, should be replaced with standard email systems like G-Suite, O365, or similar since they are less vulnerable to identity theft and backdoor ransomware-infected attachments. And, the need for licensed antivirus for added protection can't be stressed more.

Enterprises, specifically MSMEs, are more vulnerable to insider threats than external ones. Thus, there is a greater need for a firm to undertake strong employment agreements with employees who can, thereon, be bound legally against intentional deletion of data and upholding the confidentiality agreement. Employees should also be educated on identity theft, phishing websites, employment agreement terms, piracy, and the consequences of the data breach.

Investment in central storage devices can bolster a firm in not only recovering data after accidental or intentional deletion by employees but also identifying the perpetrators. Since data leakage by an insider can hold a company liable for breaching the confidentiality with customers, firms must deploy endpoint controls to prevent leakage over USB ports, emails or the internet. Another key measure to negate cybercrime and its aftermath is the facilitation of an off-premise backup on the cloud which safeguards a company's interest against data loss due to ransomware, deletion, infection, and disaster.

It is reasonable to expect that cybersecurity awareness levels of consumers, businesses and policymakers will improve in the future. While culture is considered to be a slow-moving institution, even some aspects of culture that are linked to cybersecurity (like the perennial urge to share passwords) are likely to change over time. In order to further strengthen Internet users’ cybersecurity orientation, content related to cybersecurity need to be appropriately integrated into the high school and university curriculum.

While we can follow the best practices and use the guidelines of professionals and authentic watchdogs, the onus to stay aware and vigilant to identify a cybercrime and take subsequent action remains on us.

(The author Mr Vishal Shah is the Co-Founder and CEO of Synersoft Technologies Pvt. Ltd.) The article published on The Pioneer, India