Indian Banks Vulnerable To Cyber Attacks: Study
Demonetization and the subsequent push for digitization has escalated risks relating to cyber crime and India needs to urgently upgrade its defences by setting up a cyber security commission on the lines of the Atomic Energy and Space Commissions, according to an IIT Kanpur study shared with Parliament's committee on finance.
Noting that the government has initiated a number of programs to include citizens in the fully digitalized economy, the study said cyber security centers set up by the Reserve Bank of India would be insufficient. "While RBI centers often come to IITs such as IIT-K for expert opinion, IITs do not engage in relevant research on cyber security," the study said.
Incidents of cyber crime in India are rising sharply, recording an increase of over 100% in 2015 from 2014. The number grew from 71,780 in 2013 to 1.49 lakh in 2014 to 3 lakh in 2015.
The study said attacks from the 'Equation group' — which WikiLeaks reports said was a clandestine CIA and NSA programme — infected India's telecom and military sectors and research institutes.
The committee was briefed by Profs Manindra Agrawal and Sandeep Shukla from IIT Kanpur.
The study pointed out that since the government was pushing Aadhaar-based financial transactions, securing the Aadhaar database against unauthorised usage must be looked at carefully.
Some banks were found making hundreds of transactions on the Aadhaar numbers of unsuspecting citizens.
Cyber attacks affected over 3 million ATM, debit cards in 2016.
Recent revelations about leakage of Aadhaar data and corresponding transaction data are serious concerns as the government is integrating Aadhaar number to various services, the study said.
Post-demonetization, digital wallets such as PayTM and BHIM gained prominence.
However, with increase in online transactions, last year also saw cyber attacks that compromised more than 3 million ATM and debit cards through Hitachi-engineered ATM machine hacking.
The report said a wider net needed to be cast by the Indian banking system and the government to engage cyber security experts from top institutes as an advanced layer of protection was missing in most financial institutions.
IIT-K experts said India may need $4 billion investment in the private-public model.
In their recommendations, experts said companies must have a chief cyber security officer and data systems should function on a need-to-know basis.
The experts felt that existing cyber security frameworks like CERT-IN was inadequate as there were insufficient inter-disciplinary connections and the government-private sector partnership was neither deep enough nor did it provide the required expertise.