Why Is Tracking Cyber Attacks In India So Hard?
Cyber Crimes have drawn much interest lately. As experts try to understand the gravity of the situation, they have come to a realization that out of the numerous cyber crimes reported only a few make it as registered crime. Those investigated are much less.
Government’s lack of active participation is not the only issue here. The issue, something every country seems to be facing right now, is tracking cyber crime. Now that every business is moving online, this has become a major concern, which requires immediate research and development.
Why we can't track cyber attacks down?
Before we figure how to manage more cyber crimes, it’s important that we know what makes cyber attacks so hard to track. We asked the Inspector General of Police (Cyber), Maharashtra and IPS, Brijesh Singh about such issues in India. He says:
“The industry doesn’t come to us because they believe that we don’t have the capabilities to investigate. We are looked as ransom guys. India ranks second in terms of ransomware attacks and many big personalities or organizations have been victims of ransomware attack. But I doubt if there’s a single case registered and investigated fully.
For now what is happening is that all the corporate have their interest about the disclosure, their reputation, the privacy of their customer data and so on. But that’s not helping anybody. In India we don’t have any policy of mandatory disclosure. That’s why these cases are not being reported. Recently, we had a Distributed Denial of Service (DDOS) attack on Internet Service Providers (ISPs) in Mumbai and it was a 200 gigabyte search. The very first conducted on that level. It continued for weeks but then it came to us that we are just mitigating, we also have to investigate. So, now the industry is stepping forward and coming to us.
Law enforcement should try to develop capabilities and confidence in the industry, which would help people to deal with questions such as we faced in the Mumbai case.“
What's the situation like in India?
According to IBM 2016 cost of data breach study, the average consolidated average cost of the breach is $4 million and for each lost and stolen record containing confidential information that is increased from a consolidated average of $1.54 to $1.58. When we see these situations where we talk about reported cases versus conviction, India seems okay for now. Answering this question Alexander Seger of Cybercrime Convention Committee, Council of Europe said:
“It’s very difficult to get data and link it with the case reported, investigate it and the prosecute it. Every country is struggling with this issue. If you look at the statistics, of all the cyber crime cases reported, only 2 per cent lead to convictions in India. Countries like Germany and Austria have 1%. It’s still pretty bad and this data is only from what is recorded. Most of the cyber crimes are never reported. Of all say 10 trillion cyber attacks that come in a month, only few are brought down as criminal offences, which are then turned into convictions.
It’s a big problem everywhere. Most of the times people don’t believe that certain capabilities are needed to actively investigate, and at the same time protect the reputation of victims.
There should be more talks about cyber crime and electronic evidence. We will have to think of the ways to clean up ten thousands of cases and also access other offenses on the electronic device.
We get electronic evidence in about 50% of the cases and if you look at it as an IT security matter, you’re not getting the whole picture. You have to think of it in terms of criminal justice response to electronic evidence issue. Every single police officer comes across a cyber crime and thinks if s/he should pull out the plug or not, or keep moving the cursor to keep the screen alive, or what could be done. Every police officer has to be trained and should know the basics.”
Why a distinction is necessary between IT and cyber crimes?
Singh believes security is a mindset, which people in India don’t have. He shares how IT specialists are expected to work on cyber security which is as ridiculous as farmers growing cannabis.
“Anyone who doesn’t understand malware, how is he going to make a system secure?” he says. “This is a mistake India is committing. Lot of the organizations believes that these attacks are a domain of the IT and IT doesn’t necessarily understand what Cyber security is. Failure of IT security leads to cyber security.
We see an app for everything but we are not aware of where the data is going and what to do in case of a cyber attack. If somebody’s giving you free WiFi and similar services, they are taking away your data. People think they are just giving away insignificant data such as name and birth date, but what else is left to be known? You bank account? This is the state of cyber security that we don’t have a mindset.”