Cybersecurity Coordinator Offers Data Protection Bill UpdateRajesh Pant Calls Security 'An International Team Sport'
In the continuing effort to counter rising cyberthreats, India will roll out the latest draft version of its proposed Data Protection Bill by early 2021, says Lt. Gen. (Ret.) Rajesh Pant, the national cybersecurity coordinator at the Prime Minister's Office.
See Also: Top 50 Security Threats
Pant, who spoke at Information Security Media Group’s Virtual Cybersecurity Summit: India & SAARC this week, said the long-delayed bill would require Indian companies across all industries to report data breaches to the data protection authority.
He also called for collaboration on cybersecurity between government agencies and the private sector, but also among nations.
"Cybersecurity … is a team sport. In fact, it is an international team sport, where unless you collaborate, unless the threat intelligence is shared, the solutions will not come out," Pant said.
Other speakers at the event included Randy Trzeciak, director of the CERT Insider Threat Center at Carnegie Mellon University; Justice B.N. Srikrishna, a former judge at the Supreme Court of India and chairman of the country's Data Protection Committee; and Sujit Christy, group CISO at John Keells Holdings.
The recent surge in ransomware attacks across India can be attributed to the switch to remote operations by many organizations throughout in response to the COVID-19 pandemic, Pant told summit attendees.
More hack-for-hire gangs and others are seeking to capitalize on security loopholes created by the switch to remote operations, he added (see: Hacking-for-Hire Group Expands Cyber Espionage Campaign).
"Because of what has happened with the pandemic globally, the use of online services increased in the first nine months of this year. This, in turn, has resulted in global losses to cybercrime of $2 trillion," Pant said. "The threat actors that are involved in these cybersecurity threats include individuals, such as script kiddies or seasoned hackers. Then there are cyber mercenaries, people you can hire and who are available on the dark web."
Attacks in India
Since the start of the pandemic in early January, several large Indian organizations have been hit by ransomware attacks.
In October, for example, Dr. Reddy's Laboratories, a multinational pharmaceutical company based in India that's working on testing a COVID-19 vaccine, sustained a ransomware attack. The incident forced the firm to shut down plants in India, Brazil, Russia and the U.K. to prevent further spread (see: Indian Pharmaceutical Company Investigates Security Incident)
In the same month, Haldiram, a snacks manufacturer, suffered a ransomware attack in which attackers encrypted files and demanded a ransom, according to the Times of India.