The COVID-19 crisis has led the world into an unprecedented situation of complete lockdown and the economies of the world are being severely affected. The corporate sector, in particular, has undergone significant changes to adapt to the contemporary mandate. The most significant transition has been the adoption of the ‘Work from Home’ strategy to allow remote execution of work due to the restrictions on movement.
Business giants like Google and Microsoft have successfully ratified a smooth transition, alongside thousands of medium and large-scale corporations. However, in the wake of rising cyber threats all over the world, these businesses have been exposed to unknown cyber threats, and are seemingly not equipped with adequate security programs.
One of the most reported cyber threats in the contemporary phase is Email Phishing. In layman's language, phishing is the spam or excessive delivery of large numbers of junk e-mails that intend to cause trouble and are programmed to affect the smooth functioning of devices. These emails are sent by hackers or fraudsters who break into the servers of various web pages and steal the personal data of the users who visit those web pages. Big companies like Dominos, Facebook, Instagram, Linked In, etc. also faced the same issue. The main intention behind such activity is to blackmail users for extortion, as these fraudsters use these emails to impersonate a legitimate organisation or a company in an attempt to persuade the users or clients to disclose their data and credentials. Frequently, these e-mails offer the user huge amounts of money as “lottery” or falsified policy claims to lure the user, and such data collected by the fraudsters are put on the dark web for sale and thus, used to blackmail the user or steal business secrets.
The organisational setup of network sharing and devices at a business office accommodates specific security modifications to ensure the highest security against data breaches. The use of sophisticated software keeps the data intact and secure, however, the same cannot be expected from a home setup. This is evident from the fact that the network connection and the software that is installed for personal use do not meet the security standards of those at a business office. The software is expensive and seems unrealistic for personal use, thus most household systems do not focus much on such elite protection. As a result, the weak links in accessing the sensitive business data provide no match to tackle such security breaches and are easily intercepted by hackers using a competent setup.
At the same time, the devices used by employees, if not provided by the employer, do not have restrictions regarding business profiles and requirements, and often engage in unencrypted file-sharing or data upload which can be easily decoded or stolen. Businesses today have urged users to engage in link chains to foster commercial ties and promote speedy performance through different networks, but it has led to the dismantling of security patches. Since the digitization of businesses has also affected sharing of data through the internet it also possesses significant threats as most of these public internets or WiFi are insecure and full of malicious users. The servers of the cloud storage can be easily intercepted by hackers who use high-end software.
Most of the employees in an organization are not well informed about technical matters and thus, they require assistance from the IT department. This often creates a delay in performing the due work as well as threatens to risk the security as an inefficiency in the performance of one's task. Consequently, the lack of IT assistance means that even in case of a breach, the user cannot do much to counter the cyber-attack and might eventually lead the hacker to all the information stored.
In an era where India is becoming much more reliant on technology than ever before, there arises a need for formulating policies to deal with rising cybercrimes. India does not particularly have a codified statute, however, has incorporated certain guidelines for IT governance. India drafted the Information and Technology Act in 2000. The Act is per the United Nations Commission on International Trade Law. While interpreting the preamble of the IT Act, it is derived that the act is aimed at providing legal recognition to the transactions that occur digitally over the internet.
However, the existence of the IT Act does not provide sufficient apparatus to tackle cyber crimes. The IT Act has undergone just one amendment in the year 2011 and no further developments have been made. This is the reason that contemporary cybercrime remains out of the reach of protection under the IT Act. In 2003, the Indian Computer Emergency Response Team was authorised which has worked upon listing out certain fatal websites or links that are required to be blocked to prevent the spread of obscene activities over the internet. Over time, the team has made various suggestions to the legislature to initiate the expansion of the scope and protection provided under the IT Act, yet all these suggestions seem to have been thrown away into the trash. The complex nature of cyber threats today proves that India lacks strong control over its digital network and that the people of the country are exposed to innumerable and highly dangerous cyber threats.
The spread of spams is evident in the lack of efficient monitoring over the digital playground and the lack of adequate security programs to tackle such threats. It is widely noted that most of the security-providing services are in the hands of private organisations, thus, cybersecurity is considered as an Add-on service rather than a mandatory setup.
India has been a nation that has always adapted to the needs of society and has actively participated in the welfare of society. Keeping this principle in mind, it must be pushed that a strategic and strong re-evaluation of the IT Act should be the topmost priority of the Government. A central board of IT technicians and experts must be authorised to establish state-wise IT Boards to connect the entire nation into a well-planned and secure network, aiming to consolidate the digital transactions into an umbrella network of cybersecurity. There must be a focus laid on monitoring the network gateways to avoid transmission of fatal programs that have high risks of a cyber break-in, while at the same time developing a hybrid security firewall. The use of Artificial Intelligence must be incorporated within the IT Security forces to ensure a continuous check over the digital players.