April 27, 2017
A very recent turn of events related to privacy and confidentiality sent jitters across the country, more so in the Indian political hemisphere. The government has constantly been pushing for adoption of Aadhaar Card, the unique identification card – that even registers fingerprints and retinal information – in an attempt to bring more transparency in the nation’s financial ecosystem. But the government had to face a high degree of embarrassment recently due to a compliance failure on 28th of March, 2017. The private details of Mahendra Singh Dhoni, the ace Indian cricketer, had surfaced on a social networking website. Though, this was merely an act of excessive enthusiasm by a designated official and not a security breach, the controversy has certainly brought to fore the ‘digital peril’ considering disclosure of sensitive information in case of data theft.
The influence of technology is ever-increasing and can be seen across all walks of life. It was not long ago when early-generation mobile phones were considered impossible to equip everyone with. Today, even grocery purchases and popular street delicacies are being enjoyed with smartphone-based transactions… and the adoption of digital technology is only picking up. The tally of mobile internet users is believed to have already crossed the 500-million mark – something which is a massive accomplishment for the nation. But this is also pushing a large section of the population, especially the first-time time users, in the snare of threats posed by the internet with regards to their privacy.
What is the root of the problem?
Digital technology, especially the internet, has been a boon to mankind. But the lesser known fact about the internet is that it is far from being secure due to its inherent construction. The present-day, all-pervasive nature of the internet is a result of a half a century worth of continuous developments. But the foundation of this technology was laid to move away from circuit-switching for military establishments, and not mainstream commercial use. Even later, multiple network protocols, which are vulnerable and comprise a part of the modern digital infrastructure, were not comprehensively tested with regards to security. The up-and-coming technologies make it even more complex, and hence exceedingly difficult to cover all the loopholes. This is the reason why we see escalating cybersecurity spend every successive year.
Emerging technologies, as mentioned, give the internet its characteristically dynamic nature with constantly changing topology. This reason can also be attributed to the fact that the annual digital celebration is called ‘Safer Internet Day’ and not ‘Safe Internet Day’, as the internet can never be safe enough due to its inherent nature. An installed establishment can never be put in place that can entirely eliminate present and future threats posed by the internet as well as digital technologies. This presses upon the need for a more enhanced and rapidly emerging cybersecurity landscape.
Why is technology a privacy hazard?
The internet has been infamous with regards to privacy since it gained popularity. An internet users’ privacy can get exploited right from the moment he/she becomes a user. It is a well-known fact that Internet Service Providers sell data to third-party platforms. On the other hand, newly introduced users are prone to social engineering gimmicks. They can be made to divulge their personal information through deceptive tactics on the internet. Also, they are also most likely to fall victim to some of the most basic digital threats, including mail phishing and malware-based attacks. Misuse of their personal and private information can even lead to harassment and even cause personal jeopardy of the user... and this is only the tip of the iceberg.
The increasing digitisation at multiple levels is extending essential services to Indian citizens at the touch of a button. Big corporations and commercial banks are also known to offer ‘Anytime, Anywhere’ services to their customers. This is because they can access customer information through a centralised customer database. But a sophisticated breach to the mainframe system, server, or individual node can have consequences more far-reaching than marring the repute of a business corporation or a government body. A system breach that gave access to more than 32 lakh debit cards in the country is one of the most recent examples. A fresh report also reveals that 36.6 million data records were breached in India during the year 2016. This includes leaked data of 34 million citizens that revealed sensitive information such as personal and income-related details.
Technologies are rapidly evolving, and so are cybercriminals. The attackers are doing away with traditional approaches and are making use of exploits that have been unforeseen. The conventional attacks, which can be easily detected and mitigated, are now being replaced by meticulous and continuous low-profile attacks such as APT (Advanced Persistent Threat). This is where the legacy cybersecurity systems largely become redundant. Also, sophisticated malwares are now concealing their identity by wiping off their digital trails. This makes it impossible to detect a network breach and fix vulnerability if the malware is inactive. Such advanced data breach requires real-time detection of an ongoing exploit to protect the user data.
As we now gradually advance towards IoT systems, analysing threat information in real time or near-real time becomes even more critical. The interconnected nature of such systems gives rise to a whole new set of security concerns, as a single vulnerable network node can compromise the security of the entire network. The rapidly changing technology ecosystem and limited security that legacy systems offer has escalated privacy concerns. Considering this, businesses and individual government agencies must adopt cutting-edge cybersecurity solutions to make the fast-moving ‘Digital India’ also a more ‘Digitally Secure India’.
Stories by Sunil Gupta