Data Breach: Activists may drag Cybersecurity regulators to court!
-|CYBERSECURITY||DARK WEB||ETHICAL HACKING|
~GOMATHI KEERTHANA R S😊
Their grouse is that the Indian Computer Emergency Response Team (CERT-In) has not taken any action despite the country witnessing a number of data breaches from big corporates such as Air India, BigBasket, and Domino’s over the last few months.
cybersecurity activists may drag the country’s cybersecurity watchdog to court for not taking any action against companies that have seen data breaches and not providing clarity on steps being taken to protect customers amid a surge in cases of personal information leaks.
Their grouse is that the Indian Computer Emergency Response Team(CERT-IN) has not taken any action despite the country witnessing a number of data breaches from big corporates such as Air India, Big Basket, and Domino’s over the last few months.
“Cybersecurity activists are exploring all possible options, including legal, to demand better accountability and transparency when it comes to data breaches,” said Suman Kar, CEO of Banbreach, a cybersecurity company specializing in network security, data breach management, and forensics.
“Efforts to reach out to CERT-In both at individual and organizational levels have met with limited success,” he said.
At least one petition is likely to be filed in the Delhi High Court in a few days, people familiar with the development said.
Activists are mulling whether to collectively file one petition or move different high courts on an individual basis. The electronics and IT ministry (MeitY) may also be made a party to the petition, they said.
“Since making the IT Act in 2000, there has not been a single penalization of any company which has faced a data breach,” said Srinivas Kodali, a researcher at Free Software Movement of India (FSMI) who has been tracking data breaches.
“We want to ask what measures are taken by CERT-In. We are not seeking compensation but want to know why the government bodies have not reacted so far,” he said.
The development comes on the back of increased data breaches and cyber hacks, especially since the start of the Covid-19 pandemic last year.
Recently, data of 4.5 million passengers of Air India was breached and another attack exposed the order details of 180 million customers of Domino’s Pizza. In March, independent cybersecurity researchers warned that personal details of more than 100 million customers of fintech startup MobiKwik were available on the dark web. The company though had denied the leak.
Cybersecurity attacks impacted 52% of organizations in India over the last 12 months, according to a report by cybersecurity solutions provider Sophos and IT analyst, research, and consulting firm Tech Research Asia (TRA). As many as 71% of these firms termed it a “serious or very serious attack” and 65% said it took more than a week to fix, the report said.
As per CERT Rules, 2013, the government body is supposed to provide services including response to cybersecurity incidents and analysis and forensics of cybersecurity incidents, digital rights think tank Software Freedom Law Centre (SFLC.in) said.
“CERT-In has the function of collection, analysis, and dissemination of information on cyber incidents as per Section 70-B of the IT Act,” said Prasanth Sugathan, technology lawyer and legal director at SFLC.in. “However, there has not been any response to various requests sent to CERT-In. Aggrieved persons could approach courts for relief against the inaction on the part of CERT-In,” he said.
Kar of Banbreach said the activists want “to start a conversation around what steps are being taken to protect customers and any new checks and balances that may be required”.
The cybersecurity watchdog had recently asked users of Facebook to secure their profile information on the social networking site after it was flagged that personal data of 533 million users globally, including details of 6.1 million users from India, had been allegedly leaked online and posted for free on hacking forums.
CYBERSECURITY
Learn about cybersecurity, why it’s important, and how to get started building a cybersecurity program in this installment of our Data Protection 101 series.
A DEFINITION OF CYBERSECURITY 🔐🤔
Cybersecurity refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cybersecurity may also be referred to as information technology security.
THE IMPORTANCE OF CYBERSECURITY💻
Cybersecurity is important because the government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing business, and cybersecurity describes the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies and organizations, especially those that are tasked with safeguarding information relating to national security, health, or financial records, need to take steps to protect their sensitive business and personnel information. As early as March 2013, the nation’s top intelligence officials cautioned that cyber-attacks and digital spying are the top threat to national security, eclipsing even terrorism.
CHALLENGES OF CYBERSECURITY✌✌✌
For effective cybersecurity, an organization needs to coordinate its efforts throughout its entire information system. Element of cyber encompasses all of the following:
- Network security
- Application security
- Endpoint security
- Data security
- Identity management
- Database and infrastructure security
- Cloud security
- Mobile security
- Disaster recovery/business continuity planning
DARK WEB
What Is the Dark Web?🙄🤔
The dark web refers to encrypted online content that is not indexed by conventional search engines. Sometimes, the dark web is also called the darknet. The dark web is a part of the deep web, which just refers to websites that do not appear on search engines. Most deep web content consists of private files hosted on Dropbox and its competitors or subscriber-only databases rather than anything illegal.
Specific browsers, such as Tor Browser, are required to reach the dark web.1 Using the dark web often provides considerably more privacy than just using Tor to access the web. Many dark web sites simply provide standard web services with more secrecy, which benefits political dissidents and people trying to keep medical conditions private. Unfortunately, online marketplaces for drugs, exchanges for stolen data, and other illegal activities get most of the attention.
Advantages of the Dark Web👍
The dark web helps people to maintain privacy and freely express their views. Privacy is essential for many innocent people terrorized by stalkers and other criminals. The increasing tendency of potential employers to track posts on social media can also make it difficult to engage in honest discussions publicly. Finally, the popularity of the dark web with criminals makes it a perfect way for undercover police officers to communicate.
Disadvantages of the Dark Web👎
The dark web empowers ordinary people, but some people will inevitably abuse that power. The dark web can make it easier to commit some of the worst crimes. For example, the combination of the dark web and cryptocurrencies theoretically makes it much easier to hire someone to commit a murder. While the dark web promises privacy to its users, it can also be used to violate the privacy of others. Private photos, medical records, and financial information have all been stolen and shared on the dark web.
ETHICAL HACKING😟
What is ethical hacking?
Ethical hacking, also known as penetration testing or pen testing, is legally breaking into computers and devices to test an organization’s defenses. It’s among the most exciting IT jobs any person can be involved in. You are literally getting paid to keep up with the latest technology and get to break into computers without the threat of being arrested.
Companies engage ethical hackers to identify vulnerabilities in their systems. From the penetration tester’s point of view, there is no downside: If you hack past the current defenses, you’ve given the client a chance to close the hole before an attacker discovers it. If you don’t find anything, your client is even happier because they now get to declare their systems “secure enough that even paid hackers couldn’t break into it.” Win-win!
To know more information regarding Cyber Security, Hacking, and Dark Web, get help from “guvi:”