Last month India’s national airline, Air India, announced a cyber-attack on its data processor’s data servers. It has affected about 4.5 million customers around the world. The breach involved personal data registered between August 2011 and February 2021. Details including name, date of birth, contact information, passport, ticket information and credit card data were all compromised.
In a statement, Air India said: “The protection of our customer’s personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate the continued support and trust of our passengers.”
Home working, digital transformation and a lack of action create the perfect storm
India is no different from other countries when it comes to cyber breaches. Cybercriminals are discovering new ways to obtain sensitive personal and business data. The pandemic has also accelerated digital transformation initiatives and catapulted the ecosystem forward five years in a few months. All of this has compounded the issue.
In recent years, India has experienced its fair share of incidents. Four of the biggest include:
- The well-publicised international Facebook hack, whereby more than 500 million Facebook users were found available on a website for hackers. It included those of Indian consumers
- A massive database breach that occurred in MobiKwik servers led to Indian cardholder data being leaked. Hundreds of thousands of its users’ details surfaced on the dark web.
- Tata Communications suffered a data breach, and the cybercriminals claimed they had sold access to Tata’s servers to hackers.
- BigBasket, the popular Indian online grocery vendor, faced a data breach that affected the data of over 20 million customers.
Cyber breaches on the rise
According to India publication, THE WEEK, India saw a 37% increase in cyber-attacks in the first quarter of 2020 compared to 2019. India now features as one of the top countries that have fallen prey to data breaches over the years. With more employees now working from home, many without adequate protection, these companies are an easy target for cybercriminals.
Serious data breaches and incidents of cyber intrusion have a powerful effect on driving regulatory change. Companies in India are already adhering to regulations such as GDPR and CCPA when servicing overseas customers. However, they have only recently started to look seriously at privacy and data protection frameworks and ensuring that such frameworks are enforced.
This is not just because it enables the nation to trade with overseas customers but also because it is good business practice to protect data and have the customers’ best interests.
A lack of dedicated cybersecurity laws
Today India doesn’t have any dedicated laws on cybersecurity. The only provision is the Indian Cyber Law in the Information Technology Act, 2000. However, many say that this merely pays lip service to legal cybersecurity frameworks. Therefore, it is timely that the India Personal Data Protection Bill (PDP) is being introduced. It will supersede the Information Technology Act. Right now, the new law is in front of parliament. It aims to bring about a comprehensive overhaul of India’s current data protection regime.
Regardless of when this law gets ratified, Indian organisations should implement the appropriate measures to prevent unauthorised access to sensitive and confidential information. They will also prevent malicious cyber-attacks, accidental loss, or the deletion of any confidential data.
A robust data security strategy is required
It involves putting in place a robust data security strategy centred on people, process and technology. Organisations need to ensure that employees are trained and understand the importance of securing sensitive and confidential information. Security should become embedded into the culture of the business and processes put in place to support this.
It also involves implementing the right technology to guard against both the malicious and accidental loss of data. Here data security is only as robust as the various elements that support it. Therefore, layering proven solutions to ensure your sensitive and confidential data remains secure from start to finish is imperative.
This is where HelpSystems data security platform helps. Our suite of products is designed to bring an organisation’s data security policy into this modern hybrid reality with multiple ways of working with organisations. We have data security solutions that help ensure intellectual property and sensitive data is kept safe and secure.
Our products run right across the various data protection requirements. This includes classifying data inside the organisation at the outset, through to detecting and preventing leaks of sensitive information outside the organisation.
Viewing compliance as a positive competitive differentiator
Going forward, the Indian PDP Bill and numerous other regulatory regimes will continue to be developed. Compliance with data protection regulations is non-negotiable, and the penalties for failure are severe. It is, therefore, a mistake to see compliance solely as an inevitable burden.
With a comprehensive and proactive approach that involves a combination of people, process and technology, organisations can pivot from viewing compliance as an expense. They can turn it into a positive competitive differentiator and one that, over the long term, will prove to deliver business benefits.
Ultimately, in today’s highly regulated data environment, organisations in India need to embrace and build an effective compliance strategy. Those that do will experience positive business benefits and undoubtedly reap the rewards. Conversely, those with low levels of data privacy protection and data governance software adoption need to change – and change quickly.
By taking a layered approach to data security and adopting a people, process and technology-centric approach, organisations in India can confidently embrace the new PDP Bill. Once compliant, they should view this as a competitive advantage. If you are interested in reading more about the PDP Bill, why not download our guide here.
HelpSystems is a software company focused on helping exceptional organisations Build a Better IT™. Our cybersecurity and automation software simplifies critical IT processes to give our customers peace of mind. We know IT transformation is a journey, not a destination. Let’s move forward. Learn more at www.helpsystems.com.