Over the past few days, digital payments app MobiKwick and stockbroker app Upstox have come under increased scrutiny in India, after hackers breached their systems and exposed user data on the dark web.
The back-to-back incidents of cyber attacks sparked panic among Indians, who began checking websites such as “HaveIBeenPawned.com” to find out how many data breaches affected their mail IDs and phone numbers.
Talking to Sputnik, senior tech expert Kunal Kislay has alerted the otherwise tech-savvy government under Prime Minister Narendra Modi to invest money in teaching Indians of the seriousness of cyber attacks and the repercussions they could cause.
Kislay, who is chief executive and co-founder of of Indian cyber research firm Integration Wizards Solutions, highlighted that cyber awareness among Indians is as important as designing attack-prevention roadmaps.
“As we move aggressively towards digitisation, the most important need now is to lay more emphasis on cyber security. Apart from monitoring company practices, regulation of these online fraudulent services is a must,” Kislay said.
“India, with its 1.3 billion people, should invest in spreading awareness about how grave cyber attacks and the roadmap to prevention are,” Kislay added.
What Can Happen If Your Personal Data is Breached in a Cyber Attack?
Theft of personal data such as your name, email ID, phone number, bank account details and locations is usually the distressing result of a cyber attack that could expose people to the risks of phishing, fraud and scam attempts.
A delay in tackling the issue can lead to loss of control of personal data, loss of confidentiality, identity theft, limitation of rights, defamation and vandalism, among other socio-economic risks.
“As a response, change your passwords immediately, contact your bank services to notify them, block your credit and debit cards and sign out of all locations. Avoid any reckless action and seek support from trusted sources,” Kislay noted.
What can people do to safeguard themselves against cyber attacks before they happen?
Although India's government is in the process of drafting a personal data protection bill to safeguard the data of Indian app users, Kislay emphasised that people need to keep an eye out for suspicious emails and attachments and avoid opening them.
All electronic devices must be protected with anti-virus software firewalls and remote locking and wiping functions.
Downloading apps, “can prevent attempts of spamming, phishing, fraud while minimising exposure to malware, ransomware and subsequent data theft,” Kislay added.
Millions of internet users in India are dependent on apps for almost every task – entertainment, connectivity, payments and bookings among other daily activities.
Most apps ask users to share their personal information, most of which is stored in servers located abroad. That is why the Indian government is working on the Personal Data Protection Bill briskly that will ask foreign companies to store the data of Indian users within the country’s premises.
Shefali Mehta, an Indian cyber security researcher, pointed out how much India’s existing Cyber Security Policy, 2013 needed an update. The policy aims to create a secure cyber ecosystem and to strengthen the regulatory framework for ensuring a secure cyber ecosystem and developing mechanisms for monitoring and resolving cyber security threats.
“Though comprehensive at the time it was enacted, the policy falls short based on progress. It needs to consider present needs related to national security, critical infrastructure and even business,” said Mehta, who is also the research coordinator at Indian tech policy think tank The Dialogue.
The tech expert has further emphasised that people should not blindly trust government-made apps, as they are also subject to cyber risks.
“Several government servers have also shown vulnerabilities in the recent past. For example, last year, vulnerabilities were found in the digital payments BHIM app which is operated through the e-Governance Services India Limited, a government entity,” Mehta said. "It led to a lot of personal data being compromised and left millions of Indians susceptible to identity theft, fraud and other cyber attacks."
A survey report by Singapore-based research firm Acronis recently highlighted that, despite Indian firms hoarding multiple cyber security solutions, 57 percent of them suffered down time because of data loss in 2020.
The report also highlighted that nearly 10 percent of Indian IT workers are unaware of available cyber security capabilities.
The Indian tech experts have emphasised that the government - as well as people - of India need to understand that a spate of data breaches which significantly compromised the personal data of millions of citizens, has brought to light the growing need for the country to modernise its cyber security standards, which should not be delayed any longer.