Everyday people come to me and share stories how they became victim of cyber fraud and how they lost their money to someone, they look at me and ask me how they can get back their money and all, they also ask me what govt is doing to stop such incidents. There questions always left me blank and speechless.
Yesterday I faced a cyber incident so I decided to write this blog and share that incident with all of you. I will share two stories with you people, one which happened with my father and second which I faced.
So here beings the first story: Couple of months ago my father received a phone call, the person from the other side of the phone said he is calling from XYZ Bank and they are trying to deposit the salary of my father into his bank account but unable to do so as the ATM card which is linked with the bank account has been blocked by the bank and to unblock the card they require the ATM card number and CVE/CVV number printed on the back side of the card. My father is pretty much aware about such cyber frauds so he immediately disconnected the call and informed me about the incident.
Another incident happened with me. Yesterday I received an (Phishing) email by the name of Indian Income Tax Département (it was a phishing email; the email address was masked with the official domain name of the income tax department) the email says that the Income Tax department have deducted the TDS from my account and I can download the receipt of the TDS by clicking the link blow. It was a malicious link which was masked behind the official domain name of the Indian Income tax department. As it was the official domain name (gov.in) it was looking so genuine.
I being a cyber security professional identified that it’s a phishing email, so I investigated a little and find out that it came from some random public domain email which is masked with the official domain name of govt of india (gov.in). Then I decided to click on the link, it took me to a download page and asked me to download the TDS receipt. I downloaded it and find out that it’s a ransomware.
Anyone who is not aware about the cyber frauds and ransomware must have end up installing the ransomware and end up encrypting all the important data stored into the computer. After that the hackers will ask them to pay some ransom(money) to get their data back.
Now let’s go back to the title of this blog “Why Indian Govt everyday coming up with new cyber security circulars and laws”
The simple answer is organizations of all sizes collects, stores, process and profile data related to their customers. This data consists Name, email address, contact information, home address, sometimes credit/debit cards, communication details and what not.
This data is gold for hackers, if they manage to hack into your systems and steal the data that you have about your customers, then they can start sending emails or calling your customers by the name of your company and as your customer trusts your brand, they will not hesitate to share any confidential information such as the credit card number, CVV/CVE number or even the OTP.
But what happen if your customers lose their money or any confidential information with someone who told them that they belong to your company?
Of course, it will negatively impact your companies brand value. You will lose trust among your customers, you may even invite some negative media publicity.
Cybercrime is growing rapidly across the planet, a recent internet security research report by Norton says that the annual global financial loss due to cybercrime is around $600 Billion and it is expected to reach $2.2 trillion by the year 2022.
Govts across the globe are aware about this issue and that’s why they are coming up with the Data Protection Laws like GDPR in European Union, Personal Data Protection Law in Bahrain, USA have industry specific security laws such as GLB Act for Finance Industry, HIPPA for healthcare etc.
Indian govt also understand the issue and they have also stepped forward to protect the data of Indian citizens and businesses with The Personal Data Protection Bill.
In the end Data Protection Laws will help the organizations manage, govern and protect their data and most importantly the brand value and the turst that they have built among your customers after several years of hardwork. For a business brand velue and trust are most important things and Data Protection Law is there to protect your trust and brand value among your customers.