Controlling Fear, Greed, Show-Off Instinct Is Key To Staying Cyber-Safe

Cyber crime is evolving faster than its countermeasures, warns Cdr KK Chaudhary (Retd), cyber expert and author of Why Cyber Criminals Succeed and Be Cyber Safe. In an exclusive conversation with Bizz Buzz, he says, “Cyber criminals are now part of an organised global network exploiting gaps in the international justice system.” With digitisation outpacing digital literacy, India’s cyber vulnerabilities have widened, he notes, highlighting AI-driven attacks, deepfakes, and state-backed intrusions as key threats. “Awareness efforts are reactive and disengaging,” he says, urging the creation of cyber-aware children as “agents of change” in every household. From calling for enforceable cyber laws to advocating ethical hacking and cyber insurance, Chaudhary stresses a 360-degree response to counter the growing menace

How do you see the cybersecurity in today’s perspective?

In one side we have rapid digitization of almost all aspects of life- starting with primary education, communication, social interactions, banking transactions to the critical infrastructure of the nation. On the other side we have ignorant end-users, untrusted and untested digital platforms, cyber security is the most critical issue all across the world. The cyber criminals are ahead of cyber defenders in using innovative methods and tools and are now part of an organised crime spreading beyond national boundaries exploiting the weakness of international criminal justice system. With these in the background, the threat landscape have increased significantly. Few important once for example could be:

AI-based identification of the vulnerable end-users of high digital wealth – be it bank balance or the keeper of critical data owner; AI-Based sophisticated attacks by cyber criminals such as deepfakes, ransomware-as-a-service, automated phishing attacks; State-blessed attacks increase targeting the national critical infrastructure when geopolitical tensions increase; Corporate-assisted attacks for corporate espionage or winning bids.

There are so many awareness campaigns being run by the government and corporates on cybersecurity. How far are they effective in the real sense?

The fact that cyber frauds are increasing day-by-day is itself a measure of the ineffectiveness of the cyber-awareness campaign. In my view following could be few of the reasons of its effectiveness. Messages are prepared/delivered only after a large number of victimization citizens. Its reactive approach rather than pro-active approach.

Generic messages are not personalised and end-users don’t get connected to the message. Would you like to hear an automated message when you want to make an urgent call? Instead of using interesting cartoons, games and apps governments deliver boring posters, lengthy texts or untimely voice messages.

Everyday we hear news relating to cyber fraud. What needs to be done to curb the menace?

A 360-degree approach is required to curb this fraud. End-user awareness (by interesting and innovative engagements, involvement of students right from primary schools etc), fixation of accountability (of asset holders such as bankers, security system owners, digital platform providers etc.), earning of user trust (quick response and follow up from law enforcement agencies for victims in helping them in fast recovery of loss, incentives for reporting fraud or participation in awareness programs etc), most practical and enforceable regulations (not the ones that are difficult to understand or implement), proper training of law enforcement agencies and judicial system for strict adherence to regulatory requirements and last but not the least, subsidies and incentives for success in finding vulnerabilities in security infrastructure, are few of the actions required to curb the menace.

What is your view on things like digital arrest?

Digital arrest is a typical example of how the human weaknesses of fear of losing social dignity can be exploited. In most of the cases, very highly educated and positioned people have been successfully targeted as for them losing social status is disgraceful. The only way to overcome this fear is to look inwards at the time of getting pulled into digital arrest – Have I done something wrong as claimed by the caller? If the answer is no, why fear?

How cyber crimes in the country are different from such crimes happening in abroad?

Though many cyber crime types overlap across the world, the major difference between India and other countries are extent of technology penetration and maturity, digital literacy, regulations and law enforcement capabilities of the countries.

While majority of cyber crimes committed in India are targeted to individuals as the digitization has outpaced the digital literacy in all sections of society (most common being, banking transaction fraud, job and loan scams, extortion and sextortion, social engineering attack such as digital arrests of high net worth individuals), those committed in developed nations are of complex and targeted at high level entities (most common being attack on critical infrastructure, corporate espionage, ransomware, crypto currency attack, cyber terrorism and identity theft)

What should be done to make people aware of cyber crimes so that they could fight against it?

Our approach is reactive whereas cybercriminals are innovative and use new methodologies for their targets. Moreover, the awareness programs are non-engaging, repetitive and boring. Cyber awareness practice must be continuous, evolving and must involve large section of society. We need to create effective agents of change – I call it cyber warriors – in every house. This is possible when we involve school students and make them cyber warriors. Let me explain my point – In our society, we have four sections of people. First, there are students who are inquisitive, innovative and tech-savvy. Secondly, there are Work Force (Govt/Private/self-employed) whose priorities are ‘earning the bread for family’. Have no inclination to know about cyber world till they themselves are the target.

Thirdly, there are Senior Citizens with Digital generation gap and who are ‘forced visitor of Cyber World’. Fourthly, there are Home Makers who are enthusiastic, trying to catch up with the rest with fear of missing out (FOMO).

I am fully convinced that only Children have direct and effective communication in all the three communities consisting of friends and family. Hence a cyber-aware child as Agent of Change, can save all three communities from cyber crime as they are directly in touch with these section of people in their house and neighbourhood. Further, cyber-aware Children, being future workforce for the Nation, will make Nation safe from cyber crime.

Hence the government should encourage and incentivise schools and NGOs to involve students in sharing their thoughts on cyber crimes brought to their notice, in the form of Cartoons, Plays, Paintings, Essays, Articles etc. When they talk about it in their family or neighbourhood or their thought are posted on social media with due appreciation, the awareness will automatically spread across all sections of the society.

Cyber insurance is also making buzz these days. Do you think there are enough products available in the country to provide cover?

Cyber insurance is still in the early stage of adoption in India as compared to developed nations. Though there are many products available in the country, their adoption is very slow due to high premium, difficult coverage of terms and conditions, challenges in claim settlement and lack of regulatory support (acceptable digital evidence in judiciary). Mostly big corporates have gone for cyber insurance with limited scope.

Which kind of new threats do you see relating to cyber related crimes?

AI-generated cyber threats involving attack such as phishing and deepfakes are becoming common and expanding in speed, complexity and reach.

IoT (Internet of Things) is making a great cyber threat landscape. It will have terrible impact on human life as IoT-based sensors are being deployed in many critical areas such as healthcare, mobility and even human bodies. It will not be surprising to experience faults in IoT based appliances immediately after their warranty is over, forcing people to buy new one or spend on repair. IoT threat land-scape is too big to cover here. Apart from the above, quantum computing’s ability to break encryption and threats to supply chains in digital market can be some other emerging threats.

Is there need for enactment of new laws to fight against the menace?

Yes, but they must be practically enforceable, law-enforcement agencies and judicial system must be digitally very highly literate and accountability must be fixed in a very small time-frame on the asset-owners who provided platforms to the cyber criminals. Then only it will be effective.

What is the role of ethical cyber hackers to help people find remedy of cyber attacks?

Hiring ethical hackers by government and corporate agencies is a good step to detect vulnerability in the IT system. Many government and corporate entities run Bug-Bounty programs for ethical hackers and Red Vs Blue Team exercises in supervision of cyber experts. But regular communication of their findings and fixing of found vulnerabilities in specified time period is essential for its effectiveness.

What kind of simple tips you would like to give to an individual to avoid being victim of cyber attacks?

As far as individuals are concerned, they just need to control their fear, greed and sense of showing off. Basic thing that they need to understand is why should they fear if they haven’t done wrong? If someone is targeted for digital arrest, why shouldn’t he simply assess whether he committed such crime or not, before bowing down? If someone is tricked to update private data on an app in fear of losing out any service, why shouldn’t he walk down to the bank or service provider’s office to substantiate the claim of the cybercriminal? Sky is not going to fall if such service gets disrupted as claimed by the scamster.

In greed of getting some free gifts, cashback or lottery, it is common for people to supply private data. It is a common scene at Malls wherein people happily receive free gift vouchers in exchange of name, address and mobile numbers without understanding that the data makes him vulnerable to digital crime.

Many ignorant users upload important information about them and their family including photographs, hobbies, travel details etc, on social media without understanding that cyber predators may have eyes on them to exploit.