COMPLIANCE IN THE ERA OF “ONLINE”
CHALLENGES AND OPPORTUNITIES FACED BY INDUSTRY
Coronavirus is an unprecedented event in the history of humanity in 21st Century. A grave public health emergency which spread from Wuhan has now engulfed 213 countries, areas and territories. National Lockdowns have given us a completely new meaning of how corporate operations have to work across. While all this is happening and we are beginning to work from home, cyber-criminals are laughing their way to the banks. Coronavirus has brought us into a state of a wake-up call. There are so many cyber security breaches which are increasingly targeting big market players. The attack of ransomware on a company called Cognizant was a wake-up alarm in India. Even the US Department of Health and Human Services has been impacted by a massive distributed denial-of-service attack. The message is coming loud and clear that cyber criminals are going to be reaching the cybersecurity of computer systems and computer networks at a global level.
We have started working from home at a time when the entire world was still thinking that work from home will take decades to be mainstreamCyber criminals are targeting the breaching of cybersecurity that are being used by people while they are working from home and therefore there are various new manifestations that one needs to be careful of. Cyber Law is going to be one of the key catalysts in the future growth and it is now significantly coming to the mainstream. Today every activity that any person is doing is done using computers, computer systems, computer networks, computer resources or communication devices. Due to COVID-19 pandemic, countries have now started coming up with new legislative mechanisms. In addition, the National Cyber Security laws in different countries are also coming in handy so as to regulate the increasing cyber security breaches.
CRITICAL INFORMATION INFRASTRUCTURE AND ITS SUSCEPTIBILITY TO CYBER ATTACKS
As defined under section 70 of the Information Technology Act 2008, critical information infrastructure (hereinafter referred to as “CII”) means any computer resource the incapacitation or destruction of which will have a debilitating impact on our national security, economy, public health or safety. In simple words, CII is the backbone infrastructure of a nation which is important for the smooth functioning of the nation as well as its economic growth.
CII is susceptible to cyber-attacks because attackers want to disrupt an economy or the national security through economic turbulence or by threatening national security. In 2013, certain Iranian hackers got control of the floodgates of a dam in the US. If one has the control over the floodgates and a dam, then one can not only cause economic haywire but also threaten the lives of the people around the dam. [WU1] Therefore, cyber-attacks on CII is a very serious concern which needs to be addressed.
There is a general presumption that CII only pertains to the government. However, the government, under section 70A of Information Technology Act 2008, has established a body called the National Critical Information Infrastructure Protection Centre (hereinafter referred to as “NCI IPC”) which protects the CII or systems in India. NCI IPC has identified certain critical sectors which are transport, power and energy, telecom, banking, finance, insurance and public enterprises. The rules relating to NCI IPC mandates that the responsibility for protection of these CII shall lie within the agency which is running the CII system. Hence, even private entities have the responsibility to protect CII systems. The NCI IPC has come out with the guidelines that help in protecting the CII. As we all know that even if we implement all the cyber security measures, a cyber-attack is still impending. Therefore, NCI IPS has come out with a proper procedure to report such cyber incidents on a CII. The first step is that the victim organisation should immediately report the same to NCI IPC via email or the hotline number, both of which are given in their website. There is also an incident response form that is available in the website which is to be sent via email stating the details of the incidents to the official who will then be able to help them with the technical details of the incident. In case of private industry, it is recommended to have a chief information security officer because he will have the requisite skills to deal with such issues. Apart from this, an organisation should also give logs which are pertaining to the cyber incident and these logs should be password protected. So once this procedure is followed, the incident response team of NCI IPC will help mitigate the incident and also collect evidence for root cause analysis.
In this information age, not only does the government have the responsibility of protecting the national security and economy but also individuals and the industry has to protect the CII which is required for the smooth functioning of our society and our economic growth.
WORK FROM HOME- A BOON TO GIG ECONOMY
Work from Home culture today is the drive for Gig economy. Gig economy is a kind of economy where people don’t get employed anywhere until they are freelancers who work for multiple organisations. People will be working simultaneously with multiple companies which means that there will be multiple contracts running with multiple companies at the same time. In such a scenario it becomes important to secure the data of each company they are going to work for. However, the current Information Technology Act is insufficient to address this problem which puts the reputation of an individual and company, data critical to the employer and client, company’s knowledge assets and critical business information at stake. Therefore, following are some of the recommended practices that an individual should follow:
a) Personal Security- Individuals must invest in personal security such as home firewall, good internet security/anti-virus to ensure the client data or the employer’s data or even his/her own data is safe and secure.
b) Monitoring and Understanding Risks- Individuals will also need to invest in some monitoring mechanisms to understand where their weakness is such as monitoring logs from firewall to know if there was a breach or even a try to compromise your home network.
c) Building Knowledge- Individuals also need to build knowledge to understand and analyse situations where they always are ready and skilled to mitigate what is coming their way. This will help them protect not only their safety but also their families.
Cyber law is going to be an integral part of our day-to-day lives even more in today’s context. Cyber-crime will keep on increasing but if we can continue to do our compliances by showing that we are on the right side of the law then we cannot be exposed to potential legal liability both for civil or criminal nature. At the end of the day, it’s not just compliance but a new mindset of adopting cyber security as a way of life.
Work from Home is going to become the new normal and therefore there is an immense need of formulating strategies which are required to provide secure access to work from home users. Along with providing safe access, the users need to be educated on cyber security and the liability that may arise from it due to lack of knowledge. However, ransomware attacks can come even by doing everything possible and by taking all necessary safety measures and the only solution for such attacks is a backup which can come in the form of insurance coverage specifically protecting the organisations and individuals against damages.
There is nothing known as absolute security. What is more crucial is how we adopt our cybersecurity methodologies in our day to day approaches. In the end, its more capacity-building, more awareness and more education that will help us sail through the day. There are far more positives on the internet in cyberspace than all the negatives put together. One need to be cautious, due diligent and adopt cybersecurity as a way of life. There are a large number of new opportunities and new innovative approaches that are waiting for us in this new cyber space once the fight against coronavirus comes to an end.
 https://www.bloomberg.com/news/articles/2020-03-16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response Submitted by,
Christ (Deemed to be University).