A total of 132 ransomware incidents were recorded by Indian Computer Emergency Response Team (CERT-In) in 2021, as per a response filed by the Ministry of Electronics and Information Technology (MeitY) in the Parliament on March 30. The number of cases has more than doubled from 2020 which saw 54 cases, the response revealed. The response was submitted by Rajeev Chandrasekhar, the Minister of State for Electronics and Information Technology in reply to a question by All India Trinamool Congress MP Kalyan Banerjee.
What is ransomware? Ransomware is malware that resorts to encryption to hold a victim’s information at ransom. An individual or organisation’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to restore access.
MeitY also stated that the number of cases has steadily increased in the last three years as CERT-In reported 56, 30, and 43 ransomware incidents in 2017, 2018, and 2019 respectively.
The data furnished by the government underscores the importance of cybersecurity in today’s world. CERT-In’s figures are a good indicator of the overall cybersecurity situation in the country, and demonstrate a need for the country to invest in improving its cybersecurity apparatus and enact its revised cybersecurity policy.
What are the other types of cyber threats faced by India?
The Union government said that it is “fully aware” of the increasing number of cybersecurity threats; it added that the trend is being witnessed around the world. CERT-In recorded a total number of 552, 454, 472, 280, and 523 phishing incidents in 2017, 2018, 2019, 2020, and 2021 respectively.
What is CERT-In? The group is responsible for tracking and monitoring cybersecurity incidents in India. CERT-In also issues advisories regarding the latest cyber threats and countermeasures regularly; it has issued 68 advisories for data security and mitigating fraudulent activities so far, as per MeitY.
Phishing is one of the most common cyber threats in which the perpetrator sends fraudulent communications, often through email, that appear to come from a reputable source to steal sensitive data or install malware.
The National Crime Records Bureau (NCRB) data revealed that a total of 21,796, 27,248, 44,735, 50,035 cybercrime cases were registered in 2017, 2018, 2019, and 2020 respectively. The data on 2021 is not available yet.
Here is the breakdown shared by MeitY:
2021 on track to have the highest number of cybersecurity incidents
It is likely that the number is going to swell in 2021 given that a total of 12,13,784 cybersecurity incidents were reported to CERT-In up till October last year, as per a MeitY response in the winter session of the Parliament last year.
The data on cybersecurity incidents for 2021 without the last two months of the year was still higher than the total number of cases—11,58,208—in 2020. The Ministry of Electronics and Information Technology (MeitY) did not reveal whether critical infrastructure was a target in these incidents.
In one of the responses earlier, the ministry also clarified that there was no proposal to draft new legislation to address the increasing number of cyber incidents in the country. It means that the government will be relying upon the cybersecurity policy to tackle challenges emanating from the changing cyber threat landscape
India’s pending cybersecurity policy
The Ministry of Defence had informed the lower house of the Parliament in August that the government was in the final stages of approving the National Cybersecurity Strategy that has been in the pipeline since 2019.
The new policy will cover several aspects of cyberspace including:
- Governance and data as a national resource
- Building indigenous capabilities
- Cyber audit
- Drones
- Decentralisation of cybersecurity responsibilities
- Cyber insurance
- Internet of Things
- Ransomware
The government is in the final stages to clear the strategy, according to Lt. Gen. (retd) Rajesh Pant, the National Cyber Security Coordinator. Pant told a wire agency that the policy is with the cabinet for the final stamp.
Currently, India adheres to the National Cyber Security Policy 2013 but the policy is considered to be outdated given the pace of change that has taken place in cyberspace over the last eight years.
Also Read:
- 2021 is going to be the year of ransomware: National Cybersecurity Coordinator Lt Gen (Dr) Rajesh Pant – #NAMA
- Rajeev Chandrasekhar hints at strict laws for companies to disclose security breaches: Report
- 76% of Indian companies were impacted by ransomware attacks last year, survey reveals
- A closer look at Biden’s cybersecurity policies since becoming US President in 2021
Have something to add? Post your comment and gift someone a MediaNama subscription.
I cover several beats such as Crypto, Telecom, and OTT at MediaNama. I can be found loitering at my local theatre when I am off work consuming movies by the dozen.
