NEW DELHI: Efforts by the government to strengthen the digital and cybersecurity system has failed to stop cyber attacks. Despite regular security audits by government agencies, 22,207 Indian websites—including 114 government ones—were hacked during April 2017 to January 2018. Apart from this, 493 websites were used for malware propagation.
Officials of the Ministry of Electronics and Information Technology and IT officials said organisations use servers to host websites and applications for dissemination of information and providing services to users. “Servers not configured properly and are prone to hacking and could be misused by cyber criminals. Continuous efforts are required to be made by owners to protect servers by hardening and deploying security controls,” said a senior official.
Officials said that the Indian Computer Emergency Response Team (CERT-In) has empanelled 67 security auditing organisations to support and audit implementation of Information Security Best Practices. CERT-In regularly tracks hacking of websites and alerts their owners. It also issues alerts and advisories regarding latest cyber threats and countermeasures.
A total of 301 security alerts regarding potential vulnerabilities and threats to multiple systems and applications were issued by CERT-In during April 2017 to January 2018.
IT expert Pawan Duggal believes that the government needs to do more. “Hacking has increased because cyber criminals have quickly realised that India is not focusing on cyber security. They hack websites for professional reasons, to get access to information so that it can be sold. India needs to focus far more on cyber security,” he said.
Lack of deterrence is another reason. “Hacking is a bailable offence,” Duggal added.
A government official said cyber security mock drills are conducted regularly to enable assessment of cyber security posture and preparedness of organisations in government and critical sectors. Fifteen drills have been conducted by CERT-In, in which where 148 organisations from sectors such as finance, defence, power, telecom, transport, energy, space, IT/ITeS, etc, participated. Three drills were conducted in coordination with the Reserve Bank of India and the Institute for Development and Research in Banking Technology.
CERT-In also conducts regular training programmes for network and system administrators, and chief information security officers of government and critical sector organisations. Twenty-two such programmes with 610 participants were conducted during 2017.