According to data by CERT-In (Indian Computer Emergency Response Team), a nodal agency to deal with cyber security threats and operates under the Information Technology ministry, the first two months of 2022 reported more cybercrime than the entire 2018. As per Global cybersecurity services provider NortonLifeLock , it has prevented more than 18 million cyber attacks in Q1 2022 in India.
Some more shocking statistics shared by cybersecurity company Trellix, there was 70 % increase in ransomware activity in India, in the fourth quarter (Q4) of 2021. Most of the reported cases were from China or Russia. One of the Russian attacks was targeted on India’s (OIL) system in Assam and the hacker demanded $75,00,000. In 2021, Telangana and AP Power Utilities were hacked. Another attack was on the state-owned telecom operator BSNL where a major malware attack, impacting approx.2000 broadband modems and 60,000 modems, became dysfunctional after the malware attack.
With increasing cyber threats and vulnerabilities, the question becomes more prominent as to how much are we equipped to deal with such threats? This is a very alarming state. India certainly needs a very strong regulatory and compliance system to prevent cyber threats.
Under the new directions, VPN providers will need to store validated customer names, their physical addresses, email ids, phone numbers for five years. Cert-In is also asking VPN providers to keep a record of the IP and email addresses that the customer uses to register the service, along with the timestamp of registration.
What is Virtual Private Network (VPN)
A virtual private network, better known as a VPN, gives you online privacy and anonymity by creating a private network from a public internet connection. VPNs mask your internet protocol (IP) address so your online actions are virtually untraceable.
VPN and Cyber threats
A survey revealed that Today, 93% of organisations use a VPN service, even though 94% are aware it’s a target for cybercriminals. When a business uses VPNs to provide third-party vendors access to their network, those vendors either have full access to your network (for example, at the start of a job) or they don’t (when you revoke access after the job ends) – unless companies implement strict network segmentation with firewalls and switches, which adds additional complexity. The more servers, applications, and network equipment your vendors can access, the more you have at risk. A bad VPN can be a very big security risk.
New VPN Directives in India
Under the new directions, VPN providers will need to store validated customer names, their physical addresses, email ids, phone numbers for five years. Cert-In is also asking VPN providers to keep a record of the IP and email addresses that the customer uses to register the service, along with the timestamp of registration. This certainly may pose a new threat to the privacy of user’s data. This directive may push few users to use dark web as they fear that enforcement agencies and governments can easily misuse such a rule. In order to overcome this issue, governments need to have strong regulations in place so that user’s personal data is not compromised.
The success of these guidelines will be lying in two factors
1. Government needs to provide enough confidence as to how the user data can be protected from potential misuse.
2. Government needs to be somewhat flexible with the existing policy and it should only collect the data on the basis of the genuine need and in my opinion the 5 year clause should be removed.
With increasing digitisation of data and services, security is a major issue: India ranked third among countries with the most data breaches last year, according to estimates here by Surfshark VPN, with nearly 87 million users affected.
While there is a clear need for enhanced cyber security, VPN use can be a potential threat to it. However, the government should also consider the privacy threat which the new directive may come up with. It’s a tough road to cross and right balance is required to cross this road.
Written by Kanwaljeet Kaur
(Author-Kanwaljeet Kaur is a qualified chartered accountant, certified international investigator, CFE and a recognized fraud investigator with 20 years of experience in fraud detection and she supports banks, law enforcement and MNC’s worldwide in fraud prevention.)
The opinions expressed in this article are those of the author. They do not purport to reflect the opinions or views of News18.com