Cos, agencies on hard drive to fight cyber crime menace

Cyber crime is something that cannot be wished away. And so is the fact that organisations are increasingly networked with the world through cloud computing, social media and the like.

Cyber crime is a global phenomenon, and rising rapidly since the financial payoffs are disproportionately high compared with the effort. The US estimates that it lost over

$1 trillion in intellectual property in cyber attacks, while over 350 million records have been compromised in data breaches over the last three years.

But even as organisations ramp up their cyber risk management and governance framework, law enforcement agencies too are gearing up to address incidents of cyber crime effectively.

In a new step, Deloitte has partnered with Nasscom and its technology security arm, Data Security Council of India (DSCI), to provide standard operating procedures for all the investigation officers across all the cyber crime police stations. It has also released the country?s first cyber crime investigation manual. The manual aims to bring a uniform and scientific approach in investigating these crimes and bringing them to court.

?We conducted a detailed gap analysis of the pre-existing standards and systems used to fight cyber crime in India. As a result of the analysis, Deloitte was able to identify and incorporate best practices and technologies from around the world into the development of the manual,? said Avijit Gupta, director, Deloitte Touche Tohmatsu India Private Limited (DTTIPL), who assisted in the development of this manual. It covers a comprehensive list of cyber crime topics including procedures for pre-investigation, evidence collection and handling evidence. It will be a valuable resource in any field investigation because it provides clear guidance to investigating officers on the procedures to be followed at crime scenes where digital media is present.

Sanjoy Sen, senior director, DTTIPL, said, ?Leveraging our indigenous strengths, capabilities and research knowledge to develop a comprehensive document like the cyber crime manual is the key to establish trust… Going forward, there is a need to build an ecosystem that is capable of understanding new-age complexities and a mechanism that offers swift responses.?

According to Kamlesh Bajaj, CEO, DSCI, the country is witnessing a sharp rise in cyber crime. The recently released National Crime Records Bureau data show that in the year 2009, about 420 cyber crimes were registered under the IT Act and 276 under various sections of the IPC.

Handling cyber crime is a whole new ball game. It requires an appropriate legal regime, technical infrastructure to analyse cyber forensic data and a trained police workforce and prosecutors who understand and operate cyber forensics tools with a view to capture evidence from the scene of crime and related network points, which can be anywhere in the country or in different parts of the world. The judiciary also has to be exposed to these concepts so that it can appreciate the cyber forensic evidence to make informed judgments. Capacity building of law enforcement agencies is, therefore, a key element in bringing cyber criminals to justice.

Moreover, in the ever-changing world of technology, new kind of threats can be expected. It is with this in mind that DSCI is promoting its security framework ? DSCI Security Framework (DSF) ? which it says will help secure an organisation through its emphasis on security principles that make security dynamic.

?The growing prevalence and capabilities of the most visible cyber events of 2010, Stuxnet and Hydraq, have turned the focus on protecting businesses and critical infrastructure,? said Shantanu Ghosh, vice-president, India product operations, Symantec Corp. ?As India Inc rapidly takes to mobile computing and social networking, it needs to be watchful about the vulnerabilities and threats these platforms present. India was home to the third highest Stuxnet infections, after Iran and Indonesia.?

Another front is opening in this war. Anand Patil, vice-president, systems engineering, Cisco Systems India Private Limited, said that with the advent of 3G, mobile data traffic is rising, and this will lead to increased threats in the mobile space. Cisco forecasts mobile data traffic to grow 114 times between 2010 and 2015, a compound annual growth rate of 158%. ?The ability to use applications such as Skype, which within a year has been downloaded more than 17 million times, on a mobile network may change all provisioning assumption used in its design. ?Always-on? connections, as made possible by mobile data access networks such as GPRS, CDMA, wireless LAN and 3G, expose subscribers to a growing number of malicious threats such as the upcoming mobile viruses or even traditional broadband viruses and worms, degrading the overall user experience,? said Patil.