Ransomware attacks on startups, MSMEs on the rise in India: CyberPeace Foundation

In recent years, India has made significant strides in the field of technology, but cybersecurity remains a major challenge. Cyberattacks on industry startups, micro, small, and medium-sized enterprises (MSMEs) are on the rise, and ransomware is a particular threat. Vineet Kumar, Founder and Executive Director of the CyberPeace Foundation, in an exclusive interview with Bizz Buzz, he discusses the key trends and challenges in India's cybersecurity industry, the government's initiatives in this area, and the CyberPeace Foundation's work to combat cyber warfare, cyber weapons, cybercrime, and cyber terrorism on a global scale

What are the key trends and challenges in India's cybersecurity industry, and how has it evolved in recent years to address emerging threats?

The prominent trends identified at the CyberPeace and within the research community revolve around the increasing prevalence of technology-based threats. Notably, these threats encompass issues such as cyberstalking, child exploitation through online means, and the use of technology platforms for cyber-enabled trafficking, targeting vulnerable populations.

Moreover, the proliferation of artificial intelligence-generated content is a matter of concern, as it is often misused for disseminating misinformation, engaging in online harassment, and targeting individuals, especially celebrities and those in vulnerable situations.

In the broader societal context, the incidence of cyberattacks on industry startups and micro, small, and medium-sized enterprises (MSMEs) is on the rise. These attacks primarily manifest as ransomware incidents. It's worth noting that ransomware has expanded its scope beyond traditional IT networks and computers to encompass personal devices and the Internet of Things. This expansion has resulted in ransomware attacks compromising networks and demanding ransom from affected individuals.

What initiatives and regulations has the Indian government implemented to enhance cybersecurity resilience in the country, and what impact have they had on combating cyber threats?

The Indian government has recently implemented significant measures aimed at bolstering data protection and privacy. Notably, in August, the Digital Personal Data Protection Act was unveiled, marking a pivotal moment for both citizens and enterprises that had previously expressed concerns regarding data security and privacy. The Digital Personal Data Protection Act, or DPDP Act, serves as a foundational milestone in this ongoing effort. However, it represents just the initial stride in a broader journey. Numerous subsequent steps are planned, including the introduction of additional regulations.

Furthermore, the recently amended IT Rules of 2021, substantially enhance protection against tech-related abuses and hold intermediaries more accountable. The IT Act of 2000, amended in 2008, also plays a role in this evolving landscape.

In the near future, we anticipate the implementation of the Digital India Act, a comprehensive and potent piece of legislation. This act will be accompanied by an array of accompanying rules and guidelines. These initiatives collectively signify the Government of India's commitment to advancing data security and privacy. They involve collaborative efforts with agencies such as NCIIPC, NCPR, and NCW, along with industry stakeholders, academic institutions, civil society, and the public. They underscore the concept of cybersecurity as a shared responsibility, emphasising that government action alone cannot address all challenges. It is imperative that all stakeholders come together to create a safer and more harmonious digital environment for everyone.

How prevalent is cyberbullying in India, and what measures are being taken at the societal and governmental levels to address this issue and protect individuals from online harassment and abuse?

Cyberbullying is a significant societal concern that has garnered considerable attention. There has been a noticeable increase in instances of bullying, particularly in cases involving vulnerable populations, celebrities, and public figures, where artificial intelligence (AI) generated tools have played a pivotal role.

Presently, there are emerging challenges pertaining to addressing these issues and effectively countering bullying behaviours. Our organisation has been collaborating closely with government agencies, industry partners, academic institutions, and civil society organisations to combat this problem. The government has also empowered various agencies to address this matter, with the Ministry of Electronics and IT spearheading several initiatives.

The National Commission for Protection of Child Rights (NCPCR) has been actively involved in addressing cyberbullying and has been working in collaboration with online platforms to resolve related issues. Frequent meetings and consultations involving diverse stakeholders have been held to facilitate this collective effort. As previously stated, addressing cyberbullying is a shared responsibility, and it is imperative that all stakeholders work together to create a safer online environment.

Can you elaborate on the specific initiatives and projects that the CyberPeace Foundation (CPF) has undertaken to combat cyber warfare, cyber weapons, cybercrime, and cyber terrorism on a global scale?

CyberPeace is actively engaged in a multifaceted approach to address technological abuse, various forms of cyberattacks, cyber threats, cybercrimes, and cyber warfare. Our initiatives encompass cyber policy and diplomacy, where we collaborate with organisations deeply involved in Internet governance, particularly entities like ICANN, 1 SoC, and others, to contribute significantly to policy-related activities.

We regularly produce and disseminate white papers, raising awareness among policymakers and parliamentarians regarding pertinent ground-level issues and strategies to counter them through effective policy and diplomacy. Furthermore, we extend our efforts in cooperation with UN entities and multilateral organisations.

Research is a core component of our work, exemplified by our extensive research reports. Our Centers of Excellence, which have expanded to include locations in Africa and the United States in addition to India, foster collaboration and the production of in-depth reports.

CyberPeace conducts cyber exercises designed to enhance countries' cyber capabilities, enabling them to confront and deter cyberattacks on their networks and infrastructure. Our primary objective is to build resilience within the community, recognizing that it is impossible to prevent all cyberattacks. Through our initiatives, including cyber exercises, hackathons, certification programs, capacity building, and the Center for Excellence, we strive to make communities better prepared to defend against and respond to cyberattacks, cybercrimes, and digital harms.

Our outreach programs encompass partnerships with various platforms, government agencies, industry stakeholders, civil society organisations, and academia to collectively combat these challenges.

In addition, we operate a survivor assistance helpline, where our dedicated team of experts provides crucial support to individuals affected by tech-based harms or other related issues. We aim to expedite their recovery and ensure they receive necessary assistance, including support and prompt responses from relevant law enforcement agencies.

Given the evolving landscape of cyber threats, how does CPF stay up-to-date with emerging cyber threats and technologies to effectively contribute to global cyber peace?

CyberPeace has also established the largest network of cyber volunteers globally. Our introduction of the cyber volunteer concept has gained traction, with many countries now embracing the CyberPeace Corps model. These volunteers play a crucial role in assisting victims, raising awareness, and promoting proactive measures. Our efforts have garnered widespread recognition, with Cambridge University's Fact quoting our work extensively. Notably, numerous international and national media outlets have extensively covered CyberPeace and its initiatives.

This year, we are focusing on a comprehensive initiative to recruit more cyber volunteers from Commonwealth countries, including India. Our aim is to establish an inclusive ecosystem that safeguards individuals and communities from the escalating array of technology-driven crimes and cyberattacks prevalent in today's society.

We have initiated CyberPeace TV, dedicated to producing and disseminating a substantial volume of content across various mediums including television, our YouTube channel, and several social media platforms. By subscribing, you can stay informed about prevalent fraudulent activities and learn how to protect yourself.

Additionally, we are preparing to launch the CyberPeace Journal. This journal will feature contributions, case studies, and stories from diverse countries, aimed at addressing pertinent cybersecurity issues. It will also include a set of recommendations and suggestions. Collaborating with various governments, we are striving to integrate cybersecurity education into educational curricula. The ultimate goal is to enhance overall resilience, ensuring that individuals possess the necessary knowledge to report issues, seek help, and effectively mitigate cyber threats.

Could you share some examples of successful policy advocacy or research efforts conducted by CPF that have had a tangible impact on improving cybersecurity and privacy issues both in India and internationally?

Track 2 of the Global CyberPeace Challenge organised by CyberPeace focuses on hosting a cyber capture-the-flag event for both IT and OT networks, where top hackers and cybersecurity experts are invited to identify and address various bugs and vulnerabilities in critical infrastructure and IT systems. Participants earn points based on the severity of the issues they uncover and the speed of their reporting.

In contrast, Track 3 is a traditional hackathon in which we tackle significant problem statements. Past themes have included combating child sexual abuse (CSAM), addressing cyber trafficking, and countering DNS abuse. The competition features diverse problem statements, with IoT security being a prominent focus. We encourage individuals and companies to collaborate and propose innovative solutions and tools to mitigate attacks and abuses targeting IoT networks and related devices.

CPF collaborates with various stakeholders, including government organizations and academic institutions. Can you discuss some of the key partnerships and collaborations that have been instrumental in achieving CPF's mission of global cyber peace and the outcomes of these collaborations?

CyberPeace actively engages in partnerships with various stakeholders, including UN agencies, the Commonwealth Secretariat, international organisations, academia, civil society, governments, and the general public. This collaboration aims to establish a peaceful and resilient cyber ecosystem accessible to all. Notably, CyberPeace has formed strategic alliances with prestigious institutions like Indiana University, New York University, and several Indian universities. This academic collaboration serves as a vital pillar in conducting joint research activities and nurturing a cadre of cyber peace first responders.

The global impact of CyberPeace is evident through initiatives such as the Global Cyber Peace Summit, organised in collaboration with the G20 and other international and national bodies. This platform gathers participants from around the world, representing every continent, to discuss and address cyber threats and challenges, resulting in concrete action plans. The Global Cyber Peace Challenge, inaugurated by Prime Ministers Narendra Modi and the former Prime Minister of Sri Lanka, has witnessed growing participation from 40 to 113 countries, functioning as a cyber Olympics. CyberPeace also offers specialised tracks, such as the Cyber Policy and Strategy and Capture the Flag (CTF) challenges, which appeal to policymakers, tech professionals, and enthusiasts, fostering cyber preparedness and global cooperation.