Cyber security breaches have become a norm these days. Whether it is an e-commerce website or a law firm, cyber attacks have put them under grave risk. Any organisation having online presence is vulnerable to cyber attacks and data theft. It is not possible to completely safeguard the data and information stored in an online environment. Sophisticated malware like Stuxnet, Duqu, Flame, Uroburos/Snake, etc cannot be tackled with cyber security products.
At times the cyber attacks are so covert that they remain in operation for years. It is in the larger interest of cyberspace community that information about them is share as early as possible. This is the reason that many jurisdictions have prescribed cyber security breach notification requirements. Similarly, remedial actions must be also be taken against such cyber attacks as soon as possible so that further damage can be prevented.
The recent spate of cyber crimes and cyber attacks that happened in India or having Indian connection is alarming to say the least. The Karnataka CID is already investigating the possible involvement of Enstage Software’s staff in international ATM heist case. Similarly, the search exercise by the enforcement directorate (ED) of India upon Bitcoin exchanges is also well known. Target Corporation’s data breach is also being investigated world over and legal proceeding against it is pending in numerous jurisdictions, including India.
These are some of the examples that have reported and many more such incidences have still not surfaced. This is so because individuals and companies are not at all disclosing cyber breaches to Indian authorities and agencies. India has still not enforced strong and robust cyber security breach disclosure norms.
While western countries and European Union are working in the direction of protecting consumer interests and cyber security yet India has neglected this crucial field, informs Asia’s leading techno legal law firm Perry4Law. Indian government has neglected and failed to formulate a dedicated cyber security law in India and this is creating a host of problems for India, opined Perry4Law. As a result various cyber security breaches in India are either ignored or they are not properly prosecuted by Indian authorities. The position would change very soon as these cyber breaches would raise complicated cyber law and cyber security issues in the near future in India and they cannot be ignored any more by Indian government, informs Perry4Law.
The real problem seems to be lax attitude of Indian government and law enforcement agencies to seek proper and timely cyber security breach information. These cyber security breaches need a mandatory reporting system that can be analysed and evaluated from time to time ,opines Praveen Dalal, managing partner of Perry4Law and leading techno legal expert of Asia.
There is no doubt that foreign companies and websites would witness increased cyber litigation against them in India. They are required to comply with cyber law due diligence (PDF) and cyber security due diligence that they are presently not following. Even e-discovery and cyber forensics best practices are required to be adopted by various national and international companies operating in India. It is a matter of time only that these companies and websites would be prosecuted in India for flouting Indian laws and rules.