With the growing adoption of internet and smartphone, India has emerged as one of the most favourite countries among cyber criminals.
India has seen a 350% surge in cybercrime cases from 2011 to 2014, according to a recent study.
The Indian Computer Emergency Response Team (CERT-In) has also reported handling close to 50,000 security incidents in 2014, noted the study, titled "Protecting interconnected systems in the cyber era," conducted by The Associated Chambers of Commerce and Industry of India (ASSOCHAM) jointly with PwC.
The study highlighted that operational systems are increasingly subject to cyber-attacks, as many are built around legacy technologies with weaker protocols that are inherently more vulnerable. The continued and regular sharing of cyber security intelligence and insights is essential to improving the resiliency of these systems and processes from emerging cyber risks.
“Cyber-attacks around the world are occurring at a greater frequency and intensity. Not only individuals but also businesses and governments are being targeted. The profile and motivation of cyber attackers are fast changing,” highlighted the joint study.
The study revealed that in the past attacks have been mostly initiated from the countries such as US, Turkey, China, Brazil, Pakistan, Algeria, Turkey, Europe, and the UAE, and with the growing adoption of internet and smartphone India has emerged as one of the most favourite countries among cyber criminals.
With an increase in the usage of information and operational technology (OT) and consumer technology (CT) in critical infrastructure, overall effectiveness has increased. However, these elements have also become the target of choice for attackers since they recognise the impact of disrupting the routine way of life. Attackers can gain control of vital systems such as nuclear plants, railways, transportation or hospitals that can subsequently lead to dire consequences such as power failures, water pollution or floods, disruption of transportation systems and loss of life, noted the study.
In the U.S. alone, there has been an increase of nearly 50% in reported cyber incidents against its critical infrastructure from 2012 to 2015, added the paper.
The government has already tapped the National Critical Information Infrastructure Protection Centre (NCIIPC) as the nodal agency under the National Technical Research Organisation for the protection of critical information infrastructure. The formal roles and responsibilities of NCIIPC include cooperation strategies, issuing guidelines, advisories and coordination with CERTIn. NCIIPC has defined controls for the critical infrastructure sectors—power and energy, banking, financial services and insurance (BFSI), ICT, transportation, and e-governance and strategic public enterprises.