Institutions need infra to fight cybercrime
The Telangana State Police have recently unearthed a cybercrime of such magnitude that it could only be termed the country’s biggest ever. Data on 66.9 crore individuals and organisations from 24 states have been compromised. It is as frightening as it is staggering since the accused was in possession of data from edutech companies, streaming services, digital payment applications, e-commerce websites, banks, mutual funds, the energy and power sector, RTOs and army personnel. Prima facie, it is not the handiwork of one person.
The accused, Vinay Bhardwaj, was found selling data to his clients through a website named InspireWebz. It has become common for individuals to fall prey to fraudsters online, but organisations whose data was stolen have a lot of explaining to do. A cursory glance at the relevant stats clearly shows what we are up against. More than 20 lakh cybercrime complaints have been registered on cybercrime.gov.in. One can only imagine how many of them have been cracked. More than 500 online applications have been banned. And India, according to reports, ranks third in the world in cybercrimes. The issue, police officials admit, is that many of the cybercrimes are transnational and significantly, the criminals are taking advantage of ‘institutional inability’ to steal data and commit other frauds. The Centre has the Indian Computer Emergency Response Team and the National Critical Information Infrastructure Protection Centre. Following the ransomware attack on AlIMS last year that paralysed it for six days, the National Counter Ransomware Task Force was set up. However, not many states are equipped enough. Telangana is an exception with its state-of-the-art integrated command control centre, where a new State Cyber Security Bureau is being set up. Besides, it also has a Centre of Excellence dedicated to strengthening cybersecurity. Nonetheless, the state saw over a 100% spike in cybercrimes from 2020 to 2021.
These cases are bound to rise as India is second only to China in internet users. Currently, cybercrimes are covered under the IT Act and the IPC. Perhaps the Centre will finally enact the Personal Data Protection Bill. Laws apart, we must focus on capacity building and creating public awareness on a war footing. Private and public companies or institutions should be mandated to have cybersecurity infrastructure. This is necessary for the law to be effective. If ignored, this will have national security implications impacting our economy.