India sees a massive rise in cybercrime; efforts needed to enhance cyber security: ASSOCHAM-PwC study

By: |
New Delhi | Published: January 18, 2017 3:21:06 PM

Cyber security incidents are seeing a rise in India, with a total of 39,730 incidents reported in the first 10 months of 2016, as against 44,679 and 49,455 observed during the years 2014 and 2015, respectively, an ASSOCHAM-PwC joint study said today.

 

cyber security, digitisation, digital money, demonetisation, GartnerThe Indian Computer Emergency Response Team (CERT-In) has reported a surge in the number of incidents till October 2016 with close to 39,730 security incidents, noted the study titled ‘Securing the cashless economy.’ (Source: IE)

Cyber security incidents are seeing a rise in India, with a total of 39,730 incidents reported in the first 10 months of 2016, as against 44,679 and 49,455 observed during the years 2014 and 2015, respectively, an ASSOCHAM-PwC joint study said today.

 

The Indian Computer Emergency Response Team (CERT-In) has reported a surge in the number of incidents till October 2016 with close to 39,730 security incidents, noted the study titled ‘Securing the cashless economy.’

With more time to detect and respond to these attacks, the return on investments for cyber attacks is greater in emerging markets like India as compared to developed markets like the US, noted the study.

Demonetisation has given an impetus to e-wallet services. Mobile wallets have witnessed a massive rise in app downloads. With programmes for financial inclusion, digitisation of the economy and increased use of smartphones, online transactions are already quite popular among the urban Indian population. The result has been that leading mobile wallets have witnessed growth of upwards of 100% in app download numbers and have similarly seen an increase of upwards of 400% increase in wallet recharges, pointed out the study.

Also Watch:

This smartphone revolution has led to the emergence of e-commerce, m-commerce and other services, including app-based cab aggregators, who encourage digital payments for use of various services. The value added services such as cash back, bill payment facilities, loyalty points, rewards and ease of use have promoted increased usage of such digital platforms.

As the country is experiencing a digital revolution, the impact of this transformation makes it imperative for financial service players to revisit their cyber security resilience. The number of incidents occurring in banking systems has increased in the last five years. In the month of October 2016, an ATM card hack hit Indian banks, affecting around 3.2 million debit cards. Hence, efforts are needed to enhance cyber security as businesses and citizens embrace this new digital wave, noted the study.

More intelligent transaction monitoring will have to be carried out as part of continuous surveillance. Crisis response and recovery strategies will have to step up along with the increased digital footprint. Security awareness of all the stakeholders will be a vital pillar of a secure cashless society.

Security assessment and testing will need to be embedded into the agile development life cycle. Agile security testing methods based on automation will have to be adopted. In many ways, a paradigm shift is needed in the way security testing is undertaken today.

The new era will call for hyper-interoperability across different value chain players. In order to enable this, each ecosystem player will need to create multiple application programing interfaces (APIs). While this will deliver a seamless experience to customer, there is also a risk of malware injection through such APIs. With faster proliferation of interfaces, protecting APIs will become critical to ensure malware and persistent threats do not propagate through such untrusted/ untested APIs.

In the new cashless world, frauds will be driven mainly by impersonation and become a daily affair. Accordingly, the need for stronger authentication of transactions will gain significance. The current techniques of authentication based on location and timing will no longer be adequate. Adaptive authentication will need to be embedded into the heart of transaction processing.

Protecting context-rich personally dentifiable information (PII); both regulators and organisations will be obligated to invest in strong processes and technology to prevent the misuse of context-driven rich PII. While traditional controls such as data masking and encryption will need to be enhanced, capabilities to hunt down any misuse of PII will have to be built by organisations.

In the new digital/ cashless economy, mobility-based solutions will continue to gain prominence and, hence, security concerns will no longer be limited to the organisation architecture boundaries. In order to ensure endpoint security containerised apps with built-in advanced persistent threat (APT) capabilities will have to be developed. Controls for in memory data and additional controls like device certification will be considered. To ensure security of data in endpoints, there may be a requirement for guidelines to define the kind of sensitive data that end devices retain. Hence, the next generation financial infrastructure may involve the adoption of advanced end-user device management solutions.

As the ecosystem continues to be interconnected and overlapping, cybercriminals will try to exploit possible lapses and, hence, strategies need to be built to deal with such eventualities. Given this interdependence on the all the players of the financial ecosystem, it becomes crucial to identify any anomaly at a pace which mirrors real time or near real time, said the study.

Follow financialexpress.com for all news and analysis on the Lok Sabha Elections 2019. Check Lok Sabha election 2019 schedule, Lok Sabha Constituency Details and updates on campaigning by Narendra Modi and Rahul Gandhi. Like us on Facebook, follow us on Twitter.

Switch to Hindi Edition
FinancialExpress_1x1_Imp_Desktop