India records 39,730 Cyber crimes in first 10 months of 2016; incidents likely to rise in future: Report

New Delhi: Cyber security incidents are seeing a rise in India, with a total of 39,730 incidents reported in the first 10 months of 2016, as against 44,679 and 49,455 observed during the years 2014 and 2015 respectively, a recent the Associated Chamber of Commerce and Industry of India (ASSOCHAM)-PwC joint study said on Wednesday.

The Indian Computer Emergency Response Team (CERT-In) has reported a surge in the number of incidents till October 2016 with close to 39,730 security incidents, noted the study titled ‘Securing the cashless economy,’ conducted by ASSOCHAM jointly with PwC released at the ASSOCHAM Workshop on “Securing the Cashless Economy” on Wednesday.

With more time to detect and time to respond to these attacks, the return on investments for cyberattacks is greater in emerging markets like India as compared to developed markets like the US, noted the study.

Demonetisation has given an impetus to e-wallet services. Mobile wallets have witnessed a massive rise in app downloads. With programmes for financial inclusion, digitisation of the economy and increased use of smartphones, online transactions are already quite popular among the urban Indian population. The result has been that leading mobile wallets have witnessed growth of upwards of 100% in app download numbers and have similarly seen an increase of upwards of 400% increase in wallet recharges, pointed out the joint study.

Addressing ASSOCHAM Masterclass Workshop “Securing the Cashless Economy”, Sanjay Sahay, ADGP, Police Computer Wing, Bangalore, Karnataka said we should have our own standards & protocol and operating system.  The types of cyber security incidents such as phishing, scanning, website intrusions and defacements, virus code and denial of service attacks will continue to grow, highlighted the study.

In the new digital/ cashless economy, mobility-based solutions will continue to gain prominence and, hence, security concerns will no longer be limited to the organisation architecture boundaries. In order to ensure endpoint security containerised apps with built-in advanced persistent threat (APT) capabilities will have to be developed. Controls for in memory data and additional controls like device certification will be considered. To ensure security of data in endpoints, there may be a requirement for guidelines to define the kind of sensitive data that end devices retain. Hence, the next generation financial infrastructure may involve the adoption of advanced end-user device management solutions.

As the ecosystem continues to be interconnected and overlapping, cybercriminals will try to exploit possible lapses and, hence, strategies need to be built to deal with such eventualities. Given this interdependence on the all the players of the financial ecosystem, it becomes crucial to identify any anomaly at a pace which mirrors real time or near real time.

The security boundaries of the various players will be extended to end users, third parties and other ecosystem partners. Security controls will no longer be defined in contracts limited to uptime and resolution of vulnerabilities, but will actually be embedded in the partner ecosystem. The process for monitoring of parameters will also have to be integrated with the company’s incident response framework.

The awareness theme for tomorrow will thus be multichannel, multilingual and multicultural, and hence go beyond the scope of traditional programmes. Regulators may have to start thinking across industries and develop an awareness programme that addresses this need.