Strategies to Tackle New Age CybercrimeStudy Says India Needs $4 Billion to Combat Cybercrime
India needs at least $4 billion in public-private partnership mode by 2019 to address cybercrime-related challenges at individual and organizational levels, estimates a new study by Associated Chambers of Commerce and Industry of India and Mahindra Special Services Group.
"Deliberate cyberattacks by business rivals, criminals, terrorists and other adversaries are more likely, as it's become easier to use increasing computing power and find a weak point in our networks," says Sunil Kanoria, President, ASSOCHAM. "Defending against cybersecurity requires not just more software on our servers, laptops and mobiles, but also more conscious behavioral changes by all to incorporate online safety in our work."
"While cyberwarfare will gain more relevance and be the next arena for intensive conflict with no physical boundaries, the silent war will continue even during peace posing a major 24X7 threat to organizations and national security," says Dinesh Pillai, CEO-Mahindra Special Services Group. "What is more dangerous is the threat from non-state actors."
It's time to reflect and solve problems on a real-time basis as cyberspace significantly contributes to economic growth and empowerment, Pillai says.
The New Age Cybercrime
Experts argue India faces a huge dearth of cybersecurity professionals. Besides, the lack of a pragmatic approach for securing people, data and processes is a concern.
Bangalore-based Sanjay Sahay, additional director general of Police, Karnataka, says the problem with cyberspace is that its building blocks were not created with security in mind. "There's a huge underground economy - cybercrime enterprises running their businesses in full swing - providing information and services for the right price, which is a big challenge," he says.
The study says it is no longer a local war - it's global. Cyber criminals continue to develop and advance their techniques. Focusing on preventive steps to safeguard against theft of financial information, business espionage and access to government information is of prime importance.
A study conducted by ASSOCHAM/Mahindra SSG late last year indicated that cybercrime in India was likely to cross 300,000 incidents annually by end of 2015 - a compounded annual growth rate (CAGR) of about 107 percent - and likely to increase six-fold. (See: CISOs Warned of Cybercrime Surge)
There's a need to raise funds to combat cybercrime, including cyber sexual harassment, cyber bullying, information theft, defacing websites and inflicting servers with viruses.
Credit and debit card fraud cases top the charts. There are 191 Facebook-related complaints (morphed pictures/cyber-stalking/cyber-bullying). Other complaints are cheating through mobile (61), hacking of e-mail ID (59), and abusive/offensive/obscene calls and SMS (55).
The growing internet penetration and rising popularity of online banking have made India a favorite among cybercriminals, who target online financial transactions using malware. India ranks third after Japan and the U.S. in these incidents.
The study says the smart city technology market will fuel explosive growth and investment, but increased technology means greater vulnerability. A major security concern smart cities face is Advanced Persistent Threat. These are targeted attacks (such as malware) executed by a hacker or group of hackers, motivated not by financial gain, but political gain or "hacktivism."
Dr. Triveni Singh, special taskforce of UP Police, says while the lack of skilled digital forensic professionals is a challenge, the government also lacks a data retention policy and procedures. "It must build the capacity of these professionals, as outsourcing forensic investigations to private parties is not legal in India," Singh says.
Leveraging Public-Private Partnership
The study suggests moving existing resources in the technology space who work for the government to lead cybersecurity projects. "Then, government projects will have some stability," Pillai says.
Similarly, experts say the ministry of home affairs has decided to involve private sector domain experts in tackling cybercrime, especially through proactive monitoring and forward-thinking strategies, witnessing a 70 percent increase in cyberattacks.
The study says there's an urgent need for public-private partnership in cybersecurity for protecting critical online data and creating awareness amongst the public. The internet has many stakeholders - the government makes laws; the private sectors create technologies such hardware and software - so, this can't be seen in isolation.
"Different models of PPP funding are characterized by which partner is responsible for owning and maintaining assets at different stages of the project," says Pillai.
However, experts argue the big challenge is information sharing. It is critical, yet very difficult to implement. The private sector can be reluctant to share information about cyberattacks. (See: The State of Information Sharing).
They say that the government's current proposal to invite private players does not articulate the projected return on investment for the prospective private partners for their efforts to develop a new product or a service, which could be an hindrance to its adoption.
Cybersecurity requires a high and continuous investment. Therefore, for more adoption and faster delivery, the PPP model is a win-win for all. M Y Ganapathy, director at Consulsys, a consultant for government organizations, says the challenge is dismal law enforcement. Also, the government lacks faith in the private sector regarding addressing national cybersecurity.
Smarter Policing of Cybercrime
Funds have never been an issue, says Sahay. The issue is investing in the right resources and empowering the staff with appropriate job descriptions in tackling cybercrime.
The study says the police must use real-time technology and data analysis to pursue smarter policing. It must have the capability to receive crime tips from the public in real time through smart phone apps and create detailed crime and complaint mapping. That data must be used with appropriate tactics and strategies designed to reduce crime and disorder.
Singh agrees and says, "The focus of law enforcement should be on investigation of cybercrime in gathering evidence, supported by laws to punish criminals.
"We have the infrastructure and tools to handle cybercrime; we need specialised courses with exclusive in-house digital forensic professionals at each police station," Singh says.
Increasing cybercrime police stations, making the department more tech-savvy and engaged in strategic data analysis will reduce crime and disorder, he says.