Context:
Digital wearables, smartwatches and fitness trackers pose unique threats to the security and privacy of customer data, warned the Institute of Electrical and Electronics Engineers (IEEE), a global outfit for technical professionals.
Relevance:
GS II- Science and Technology
Dimensions of the Article:
- Key Points
- What is Cyber Attack and Cyber Security?
- Types of Cyber attacks
- Challenges of Cyber Security in India
Key Points:
- By connecting a wearable to an extended ecosystem, one is exposing a larger attack surface.
- Cybersecurity experts look at this as a supply chain that includes a data generator, an analytics engine and a service provider. Each link in the chain, including the connecting networks, presents a potential risk.
- Most criminal intrusions of computer networks have a financial motive.
- Often people conclude that wearables have a low cybersecurity risk.
- But, wearables data, especially in healthcare settings, is often tied to financial information.
- Stolen health data can be extremely valuable because it often includes so much personally identifiable information – including birthdays, email addresses and other login information, that can be used for identity theft purposes.
- This can be a cause of concern as India has been witnessing a massive adoption of wearable technology in the recent years.
- The wearables market in India had clocked a record breaking, double digit growth in the first quarter of 2022, with shipments surpassing 13.9 million devices.
What is Cyber Attack and Cyber Security?
- Cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A Cyber Attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a Cyber Attack, including malware, phishing, ransomware, denial of service, among other methods.
- Cybersecurity means securing the cyberspace from attack, damage, misuse and economic espionage. Cyberspace is a global domain within the information environment consisting of interdependent IT infrastructure such as Internet, Telecom networks, computer systems.
Types of Cyber attacks:
- A zero-day is a computer-software vulnerability unknown to those who should be interested in its mitigation. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network.
- Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.
- Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers or to deploy malicious software on the victim’s infrastructure like ransomware. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
- Spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
Challenges of Cyber Security in India
- Data colonization: India is net exporter of information however data servers of majority of digital service providers are located outside India. Also, data is being misused for influencing electoral outcomes, spread of radicalism etc.
- Digital Illiteracy: Widespread Digital illiteracy makes Indian citizens highly susceptible to cyber fraud, cyber theft, etc.
- Substandard devices: In India, majority of devices used to access internet have inadequate security infrastructure making them susceptible to malwares such as recently detected ‘Saposhi’. Also, rampant use of unlicensed software and underpaid licenses make them vulnerable as well.
- Lack of adoption of new technology: For example – The Banking infrastructure is not robust to cop-up with rising digital crime as 75% of total Credit and Debit card are based on magnetic strip which are easy to be cloned.
- Lack of uniform standards: There are variety of devices used with non-uniform standards which makes it difficult to provide for a uniform security protocol.
- Import dependence: Import dependence for majority of electronic devices from cell phones to equipment’s used in power sector, defence, banking, communication and other critical infrastructure put India into a vulnerable situation.
- Lack of adequate infrastructure and trained staff: There are currently around 30,000 cyber security vacancies in India but demand far outstrips supply of people with required skills.
- Under-reporting: majority of cases of cybercrime remains unreported because of lack of awareness.
- Unsynchronised Agencies: Lack of coordination among various agencies working for cyber security. Private sector, despite being a major stakeholder in the cyberspace, has not been involved proactively for the security of the same.
- Anonymity: Even advanced precision threats carried out by hackers is difficult to attribute to specific actors, state or nonstate.
-Source: The Hindu