Cyberattacks in India jumped by almost 194% in 2020 to reach more than 1.15 million, a Home Ministry official said on Tuesday.
In a written statement, G Kishan Reddy, the minister of state for home affairs, told parliament that India had seen 394,499 cybersecurity incidents in 2019.
The Home Ministry cited data provided by India’s Computer Emergency Response Team, a national agency for responding to cybersecurity incidents.
“CERT-In [Computer Emergency Response Team-India] receives inputs from its situational awareness systems and threat intelligence sources about malware infections in networks of entities across sectors,” the state minister said.
The government also said that they have taken measures to enhance the cybersecurity posture and prevent cyberattacks, which also includes issuing alerts and advisories regarding the latest cyber threats.
Cyber experts in India say the rise in cybersecurity incidents throughout 2020 has been a global trend in the backdrop of the COVID-19 pandemic.
“The ensuing lockdown has made remote work the new normal, but leaves government as well as corporations more vulnerable to cyber intrusions by non-state as well as state actors in cyberspace looking to take advantage of the vulnerabilities inherent in this new model of economic organization,” Gunjan Chawla, a technology and national security program manager at National Law University in New Delhi, told Anadolu Agency.
Chawla said research at her institute has also revealed an upward trend “in malicious cyber activity that has been an ongoing phenomenon for several years now.”
Udbhav Tiwari, a public policy advisor at Mozilla Corporation, believes the proliferation of technology and the accompanying rapid digitization of society has not “necessarily kept pace with a corresponding increase in digital literacy and awareness.”
“The knowledge of how to safely and securely utilize technology is an intrinsic part of digital literacy and the current gap on this front is likely one of the reasons why the cybersecurity incidents have increased,” he said.
Tiwari added that a strong and independent data protection law is needed to improve the situation.
“Such a law will help create the right incentives (and deterrence) for companies or any other organization, including governments, to protect user data from privacy and security risks. Improving the resources available to agencies like CERT-In will also help in combating the issue holistically,” he said.
Chawla, for her part, said: “The first thing that the government needs to do is to stop dragging its feet in the release of the National Cyber Security Strategy. It was slated for release in 2020, but is nowhere in sight, reportedly awaiting clearance ‘at the highest levels’.”