What’s Your New Year's Resolution?

Anandita Mishra
Anandita Mishra
Senior Consultant CyberPeace
PUBLISHED ON
Dec 30, 2024
10

2025 is knocking firmly at our door and we have promises to make and resolutions to keep. Time you make your list for the New Year and check it twice.

  • Lifestyle targets 🡪 Check
  • Family targets 🡪 Check
  • Social targets 🡪 Check

Umm, so far so good, but what about your cybersecurity targets for the year? Hey, you look confused and concerned. Wait a minute, you do not have one, do you?

I get it. Though the digital world still puzzles, and sometimes outright scares us, we still are not in the ‘Take-Charge-Of-Your-Digital-Safety Mode. We prefer to depend on whatever software security we are using and keep our fingers crossed that the bad guys (read threat actors) do not find us.

Let me illustrate why cybersecurity should be one of your top priorities. You know that stress is a major threat to our continued good health, right? However, if your devices, social media accounts, office e-mail or network, or God forbid, bank accounts become compromised, would that not cause stress? Think about it and the probable repercussions and you will comprehend why I am harping on prioritising security.

Fret not. We will keep it brief as we well know you have 101 things to do in the next few days leading up to 01/01/2025. Just add cyber health to the list and put in motion the following:

  • Install and activate comprehensive security software on ALL internet-enabled devices you have at home. Yes, including your smartphones.
  • Set yourself a date to change and create separate unique passwords for all accounts. Or use the password manager that comes with all reputed security software to make life simpler.
  • Keep home Wi-Fi turned off at night
  • Do not set social media accounts to auto-download photos/documents
  • Activate parental controls on all the devices used by your children to monitor and mentor them. But keep them apprised.
  • Do not blindly trust anyone or anything online – this includes videos, speeches, emails, voice calls, and video calls. Be aware of fakes.
  • Be aware of the latest threats and talk about unsafe cyber practices and behaviour often at home.

Short and sweet, as promised.

We will be back, with more tips, and answers to your queries. Drop us a line anytime, and we will be happy to resolve your doubts.

Ciao!

PUBLISHED ON
Dec 30, 2024
Category
TAGS
No items found.

Related Blogs

Revamping CyberSecurity Framework: Govt Pushes Indigenous Cyber Solutions
Revamping CyberSecurity Framework: Govt Pushes Indigenous Cyber Solutions
10
February 4, 2024

Introduction

The Indian government has developed the National Cybersecurity Reference Framework (NCRF) to provide an implementable measure for cybersecurity, based on existing legislations, policies, and guidelines. The National Critical Information Infrastructure Protection Centre is responsible for the framework. The government is expected to recommend enterprises, particularly those in critical sectors like banking, telecom, and energy, to use only security products and services developed in India. The NCRF aims to ensure that cybersecurity is protected and that the use of made-in-India products is encouraged to safeguard cyber infrastructure. The Centre is expected to emphasise the significant progress in developing indigenous cybersecurity products and solutions.

National Cybersecurity Reference Framework (NCRF)

The Indian government has developed the National Cybersecurity Reference Framework (NCRF), a guideline that sets the standard for cybersecurity in India. The framework focuses on critical sectors and provides guidelines to help organisations develop strong cybersecurity systems. It can serve as a template for critical sector entities to develop their own governance and management systems. The government has identified telecom, power, transportation, finance, strategic entities, government entities, and health as critical sectors.

The NCRF is non-binding in nature, meaning its recommendations will not be binding. It recommends enterprises allocate at least 10% of their total IT budget towards cybersecurity, with monitoring by top-level management or the board of directors. The framework may suggest that national nodal agencies evolve platforms and processes for machine-processing data from different sources to ensure proper audits and rate auditors based on performance.

Regulators overseeing critical sectors may have greater powers to set rules for information security and define information security requirements to ensure proper audits. They also need an effective Information Security Management System (ISMS) instance to access sensitive data and deficiencies related to operations in the critical sector. The policy is based on a Common but Differentiated Responsibility (CBDR) approach, recognising that different organisations have varying levels of cybersecurity needs and responsibilities.

India faces a barrage of cybersecurity-related incidents, such as the high-profile attack on AIIMS Delhi in 2022. Many ministries feel hamstrung by the lack of an overarching framework on cybersecurity when formulating sector-specific legislation. In recent years, threat actors backed by nation-states and organised cyber-criminal groups have attempted to target the critical information infrastructure (CII) of the government and enterprises. The current guiding framework on cybersecurity for critical infrastructure in India comes from the National Cybersecurity Policy of 2013. From 2013 to 2023, the world has evolved significantly due to the emergence of new threats necessitating the development of new strategies.

Significance in the realm of Critical Infrastructure  

India faces numerous cybersecurity incidents due to a lack of a comprehensive framework.  Critical Information Infrastructure like banking, energy, healthcare, telecommunications, transportation, strategic enterprises, and government enterprises are most targeted by threat actors, including nation-states and cybercriminals. These critical information sectors especially by their vary nature as they hold sensitive data make them prime targets for cyber threats and attacks. Cyber-attacks can compromise patient privacy, disrupt services, compromise control systems, pose safety risks, and disrupt critical services. Hence it is of paramount importance to come up with NCRF which can potentially address the emerging issues by providing sector-specific guidelines.

The Indian government is considering promoting the use of made-in-India products to enhance Cyber Infrastructure

India is preparing to recommend the use of domestically developed cybersecurity products and services, particularly for critical sectors like banking, telecom, and energy, to enhance national security in the face of escalating cybersecurity threats. The initiative aims to enhance national security in response to increasing cybersecurity threats.

Conclusion

Promoting locally made cybersecurity products and services in important industries shows India's commitment to strengthening national security. A step of coming up with the National Cybersecurity Reference Framework (NCRF) which outlines duties, responsibilities, and recommendations for organisations and regulators shows the critical step towards a comprehensive cybersecurity policy framework which is a need of the hour. The government underscoring made-in-India solutions and allocating cybersecurity resources underlines its determination to protect the country's cyber infrastructure in light of increasing cyber threats & attacks.  The NCRF is expected to help draft sector-specific guidelines on cyber security.

References

Jan Vishwas Bill, 2022
Jan Vishwas “Ease of Business” Bill
10
December 29, 2022

Introduction

Since February 2020 the government has been taking keen steps to safeguard the Indian markets and the consumer, this could be seen in the forms of policies and exemptions for the market players and the consumers, however, due to the COVID-19 pandemic, the markets places became vulnerable to loss and various forms of new crimes and frauds. The Government recently tabled the Jan Vishwas bill which is an aftermath of the Vivad se Vishwas Bill, 2020 which was tabled in February 2020 for creating a safe and dynamic market, this bill is a clear example of how AtmaNirbhar Bharat plays a crucial role in nations development.

What is Jan Vishwas Bill, 2022

The Jan Vishwas (Amendment of Provisions) Bill, 2022 is a 108-page bill introduced in the Lok Sabha by the Union Minister of Commerce and Industry, Piyush Goyal. The statement of objects and reasons of the Bill states, “To amend certain enactments for decriminalizing and rationalizing minor offenses to further enhance trust-based governance for ease of living and doing business.” The bill aims to promote ease of doing business in India by decriminalizing minor offences and amending 183 provisions in 42 Acts administered by 19 ministries. The bill proposes to replace minor offences with monetary penalties and rationalize existing monetary penalties based on the gravity of the offences. The Acts to be amended by the bill include-

  • Drugs and Cosmetics Act, 1940
  • Public Debt Act, 1944
  • Pharmacy Act, 1948
  • Cinematograph Act, 1952
  • Copyright Act, 1957
  • Patents Act, 1970
  • Environment (Protection) Act, 1986
  • Motor Vehicles Act, 1988
  • Trade Marks Act, 1999l Railways Act, 1989
  • Information Technology Act, 2000
  • Prevention of Money-laundering Act, 2002
  • Food Safety and Standards Act, 2006
  • Legal Metrology Act, 2009
  • Factoring Regulation Act, 2011

The bill aims to decriminalize a large number of minor offences and replace them with monetary penalties. This step by the government is a clear indication of how important the market regulations are, in recent times Google was imposed with a penalty of 1300 crores and 900 crores for violating competitive market practices, these penalties, and criminalised actions will ensure proper compliance to laws of the land thus creating a blanket of safeguards for the Indian consumer and netizen.

What will the Ease of Business be?

The Government has been critical in pinpointing various parameters and factors to improve the ease of business in the country, this bill comes at the right time when we can see numerous start-ups and entrepreneurs emerging in our country. The parameters are as follows-

  • Starting a Business of all
  • Dealing with Construction Permits
  • Getting Electricity
  • Registering Property
  • Getting Credit
  • Protecting
  • Minority Investors
  • Paying Taxes
  • Trading across Borders
  • Enforcing Contracts and Resolving Insolvency

These parameters have been created with a sight on the future of the markets and how external factors like the Russia-Ukraine war can influence the markets. According to Minister Piyush Goyal, the fear of imprisonment for minor offences is a major factor hindering the growth of the business ecosystem and individual confidence in India. The Jan Vishwas Bill, 2022 aims to address this issue by replacing minor offences with monetary penalties. The bill also proposes an increase of 10% in the minimum amount of fine and penalty levied after every three years, once the bill becomes a law.

Conclusion

The bill will create a level playing field for the market players and the consumers with the backing of strong legislation and precedents thus maintaining transparency and accountability in the system. The amended provisions will allow various already existing legislation to come in tune with the current times and emerging technologies. The nation is at a critical juncture to fabricate policies and laws to address the issues and threats of the future and hence such a bill will be the strengthening pillar of the Indian markets and cyber-ecosystem. The Jan Vishwas Bill, 2022 has been referred to a 31-member joint parliamentary committee for scrutiny. The committee includes members from the Lok Sabha and the Rajya Sabha and will submit its report to parliament by the second part of the Budget session in 2023, The members from the Lok Sabha include PP Chaudhary, Sanjay Jaiswal, Queen Ojha, Rajendra Agrawal, Gaurav Gogoi, A Raja, Rajendra Agarwal, Poonam Pramod Mahajan, and Sougata Ray.

UN Convention against Cybercrime
UN Convention against Cybercrime
10
December 27, 2024

The United Nations in December 2019 passed a resolution that established an open-ended ad hoc committee. This committee was tasked to develop a ‘comprehensive international convention on countering the use of ICTs for criminal purposes’. The UN Convention on Cybercrime is an initiative of the UN member states to foster the principles of international cooperation and establish legal frameworks to provide mechanisms for combating cybercrime. The negotiations for the convention had started in early 2022. It became the first binding international criminal justice treaty to have been negotiated in over 20 years upon its adoption by the UN General Assembly.  

This convention addresses the limitations of the Budapest Convention on Cybercrime by encircling a broader range of issues and perspectives from the member states. The UN Convention against Cybercrime will open for signature at a formal ceremony hosted in Hanoi, Viet Nam, in 2025. The convention will finally enter into force 90 days after being ratified by the 40th signatory.

Objectives and Features of the Convention

  • The UN Convention against Cybercrime addresses various aspects of cybercrime. These include prevention, investigation, prosecution and international cooperation. 
  • The convention aims to establish common standards for criminalising cyber offences. These include offences like hacking, identity theft, online fraud, distribution of illegal content, etc. It outlines procedural and technical measures for law enforcement agencies for effective investigation and prosecution while ensuring due process and privacy protection. 
  • Emphasising the importance of cross-border collaboration among member states, the convention provides mechanisms for mutual legal assistance, extradition and sharing of information and expertise. The convention aims to enhance the capacity of developing countries to combat cybercrime through technical assistance, training, and resources. 
  • It seeks to balance security measures with the protection of fundamental rights. The convention highlights the importance of safeguarding human rights and privacy in cybercrime investigations and enforcement.
  • The Convention emphasises the importance of prevention through awareness campaigns, education, and the promotion of a culture of cybersecurity. It encourages collaborations through public-private partnerships to enhance cybersecurity measures and raise awareness, such as protecting vulnerable groups like children, from cyber threats and exploitation.

Key Provisions of the UN Cybercrime Convention

Some key provisions of the Convention are as follows:

  • The convention differentiates cyber-dependent crimes like hacking from cyber-enabled crimes like online fraud. It defines digital evidence and establishes standards for its collection, preservation, and admissibility in legal proceedings.
  • It defines offences against confidentiality, integrity, and availability of computer data and includes unauthorised access, interference with data, and system sabotage. Further, content-related offences include provisions against distributing illegal content, such as CSAM and hate speech. It criminalises offences like identity theft, online fraud and intellectual property violations.
  • LEAs are provided with tools for electronic surveillance, data interception, and access to stored data, subject to judicial oversight. It outlines the mechanisms for cross-border investigations, extradition, and mutual legal assistance.
  • The establishment of a central body to coordinate international efforts, share intelligence, and provide technical assistance includes the involvement of experts from various fields to advise on emerging threats, legal developments, and best practices.

Comparisons with the Budapest Convention

The Budapest Convention was adopted by the Committee of Ministers of the Council of Europe at the 109th Session on 8 November 2001. This Convention was the first international treaty that addressed internet and computer crimes. A comparison between the two Conventions is as follows:

  • The global participation in the UNCC is inclusive of all UN member states whereas the latter had primarily European with some non-European signatories. 
  • The scope of the UNCC is broader and covers a wide range of cyber threats and cybercrimes, whereas the Budapest convention is focused on specific offences like hacking and fraud. 
  • UNCC strongly focuses on privacy and human rights protections and the Budapest Convention had limited focus on human rights.
  • UNCC has extensive provisions for assistance to developing countries and this is in contrast to the Budapest Convention which did not focus much on capacity building.

Future Outlook

The development of the UNCC was a complex process. The diverse views on key issues have been noted and balancing different legal systems, cultural perspectives and policy priorities has been a challenge. The rapid technology evolution that is taking place requires the Convention to be adaptable to effectively address emerging cyber threats. Striking a balance remains a critical concern. The Convention aims to provide a blended approach to tackling cybercrime by addressing the needs of countries, both developed and developing.

Conclusion

The resolution containing the UN Convention against Cybercrime is a step in global cooperation to combat cybercrime. It was adopted without a vote by the 193-member General Assembly and is expected to enter into force 90 days after ratification by the 40th signatory. The negotiations and consultations are finalised for the Convention and it is open for adoption and ratification by member states. It seeks to provide a comprehensive legal framework that addresses the challenges posed by cyber threats while respecting human rights and promoting international collaboration. 

References

Become a part of our vision to make the digital world safe for all!

Numerous avenues exist for individuals to unite with us and our collaborators in fostering  global cyber security

Awareness

Stay Informed: Elevate Your Awareness with Our Latest Events and News Articles Promoting Cyber Peace and Security.

CyberPeace Corps Induction Workshop
The Missing Link Trust to combat online child trafficking
Cyber Safety Carnival
Safer Internet Day 2023
1.6 Crore Customer Records of HDFC Life being sold on Dark Web: CyberPeace
India Post scam exposed! Experts share cyber protection tips
The Territorial Army launches Terrier Cyber Quest 2024
Impact of Cybersecurity in Circular Economy

Engagement

Your institution or organization can partner with us in any one of our initiatives or policy research activities and complement the region-specific resources and talent we need.

Discover ways to collaborate
Request for Proposals

Play your part for CyberPeace

Donate to us directly to help us build more pioneering initiatives.

Donate Now