In the past few years there have been tremendous advancements in the field of information and communications technology and the society has emerged as never before in the human history. In the era, wherein almost everything has been digitalized, unfortunately it has given birth to a type of crime where personal, confidential and sensitive information of individuals, as well as, that of corporates can be accessed and manipulated far too easily for the law enforcement mechanisms to monitor and keep in-check.
The Council of Europe Convention on Cyber Crime defines cyber crime as a wide range of malicious activities including the illegal interception of data, system interferences that compromise network integrity and availability and copyright infringements. Other forms of cybercrime includes illegal gambling, the sale of illegal items like weapons, drugs or counterfeit goods, as well as the solicitation, production, possession or distribution of child pornography.
Cyber crimes committed against corporate entities have increased manifolds and following can be few of the motivations/reasons behind committing such an offence against such entities:
• Intrusion for monetary or other benefit(s)
• Manipulation of information or networks
• Data destruction
• Misuse of processing power
• Counterfeiting of items
• Evasion of tools and techniques
With the advancement in technology, one thing is certain that no organization is immune from cyber crimes and none of the corporate entities can afford to ignore the losses that such entities may incur due to cyber crimes, directly or indirectly. In the nutshell, every corporate entity needs to build up a shield called Cyber Security for its protection. Cyber Security is basically the torso of technologies, processes and practices designed to protect networks, computers, programs and data from getting damaged, attacked or accessed without authorization.
There are various challenges a corporate entity has to face while immuning itself from various cyber crimes:
1) Cyber Security, no more a limited activity: Since, cyber crimes have become complex in the last few years, cyber security can no more be a simple and limited activity. There are various dimensions in which a company needs to work. It needs to coordinate between itself, government agencies and advanced academics with cutting edge insights into the future of technology. A proper network has to be created to survive. While building the security the company can also look forward to various sections of IPC, 1860 and IT Act, 2000. Adding to this, people from outside India can be punished under section 4 of IPC, 1860 and section 75 of IT Act, 2000 for the offence.
2) Transfer of Money: The organizations need to keep a consistent eye on the transfers of the money. Money is one of the most important factors for which cyber crimes are committed. It is usually reported that millions of dollars are transferred by cyber thieves by the company’s own network, which makes the transfer seem legitimate on the face of it.
3) Spear Phishing: This is the most important and common threat with success rate of more than 70 percent. Spear phishing are carefully drafted messages that on the face of it appears to be coming from trusted individuals, such as a known executive in your company or a senior employee and makes use of detailed knowledge about the company and other functions. To prevent this kind of fraud, end to end (e2e) thinking is required.
4) Intellectual Property Violations: There is a high risk that a company can face the intellectual property violations, which includes theft of trade secrets, digital piracy and trafficking counterfeit goods. These result in losses of huge amount annually. These threats also pose significant risk to reputation of the company, via counterfeited pharmaceuticals, electrical components, aircraft parts and automobile parts.
India was ranked third worldwide, next to US and China, as a source of malicious activity in 2015, according to the 2016 report by Symantec Corp, a software security firm. Undeniably, it has become pivotal for corporates to bring up a very secure cyber security system in order to protect computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation.
[This is an authored article by Advocate Kanishk Agarwal, Founder of CriTaxCorp. All views, opinions and expressions are personal and limited to the author.]