• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

D. Murali

Expert feels that only a tiny proportion of cyber crime incidents are actually reported world over. Individual users are more exposed to computer crime than ever, due to the growth in identity theft.

Mr Sivarama Krishnan, Executive Director, PwC, Mumbai

A key finding of the Economic Crime Survey 2006 of PricewaterhouseCoopers (PwC) was that a typical perpetrator of economic crime in India was male (almost 100 per cent), a graduate or undergraduate and 31-50 years of age. Further, over one-third of the frauds in the country were perpetrated by insiders and over 37 per cent of them were in senior managerial positions. "When it comes to cyber crime, this profile holds good for India," says Sivarama Krishnan, Executive Director, PwC, Mumbai. With over 15 years of experience, he leads the Technology and Security Practice in the firm and his work experience spans India, Kuwait, Bahrain, UAE, Oman, Sri Lanka, Bangladesh, the Netherlands, Singapore, the UK and the US. Leading a team of over 75 IT professionals, Siva is a subject matter expert for PwC in areas including IT security, e-governance and telecommunication. Here's his take on a few questions from Business Line on cyber crime.

What is cyber crime? Who are the victims? And who are the perpetrators?

Cyber crime is a term used to broadly describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity and include everything from electronic cracking to denial of service attacks. It is also used to include traditional crimes in which computers or networks are used to enable the illicit activity.

Cyber-attacks can be malicious or accidental; can involve attacks by other nations, organised groups, or individuals; and can be motivated by monetary gain, ill-will, political interests, or curiosity. Victims and perpetrators can be anyone and everyone. Perpetrators can be anyone, such as disgruntled employees, teenagers, hackers and business rivals. And victims can include companies, employees, students, etc.

How widespread is the crime — in India and the world over? Any numbers on the possible loss suffered as a result?

Expert feels that only a tiny proportion of cyber crime incidents are actually reported world over. However, as per estimates losses due to cyber crime can be as high as $40 billion. Individual users are more exposed to computer crime than ever, due to the growth in identity theft.

In India, cyber crime cases registered are less compared to the the US, Europe, etc. The Internet Crime Complaint Centre (IC3) 2006 ranks the US (60.9 per cent) as first amongst the nations in hosting perpetrators followed by the UK (15.9 per cent). As per the IC3 results, Internet auction fraud is the most frequently reported online crime, accounting for 44.9 per cent of the total complaints. Seventy-five per cent of US IT executives surveyed said some of the threat to their corporate security came from inside their own organisations, while 84 per cent believed that criminal hacker groups were increasingly replacing isolated hackers as the perpetrators of cyber crime.

Do we have the mechanisms in place for detecting cyber crime? Where are the shortcomings?

A recommended first step must be to begin the process of fully understanding the organisation's exposure to the threat of data/information. For example, are you satisfied that your organisation has robust recruitment processes with adequate background checks and controls at the point of recruitment and beyond?

Does your organisation restrict employees' access to data based on their role and, if so, do you know if this policy is actually complied with at an operation level?

Does your organisation create adequate awareness amongst employees on security and cyber-related incidents?

Does the organisation have tried and tested incidence response policy mechanisms that help minimise the impact of an attack?

These and many other aspects need to be factored into the equation if the organisation is to fully understand where exposure to this multi-faceted threat is greatest. Only when it is understood exactly where the weaknesses lie can the organisation prioritise resources in an effective manner and begin mitigating these very real risks.

Many countries, including India, have established Computer Emergency Response Teams (CERTs) with an objective to coordinate and respond during major security incidents/events. These organisations identify and address existing and potential threats and vulnerabilities in the system and coordinate with stakeholders to address these threats. This can be made more efficient by bringing user awareness.

Are there best practices that India can adopt from elsewhere?

Many countries train law enforcement officials on a broad range of issues relating to cyber crime, forensic work, online sharing procedures and communication protocols. Such training needs to be conducted more frequently for the law enforcement officials so that enforcement units are capable of investigating cyber crime.

Other best practices such as Data Protection Act (DPA), HIPPA, etc., can also be made mandatory for Indian companies. Process needs to be put in place to share information and cooperate with other countries as cyber crimes are not confined to geographic borders.

What skills do you consider necessary for a cyber crime management professional?

Some of the basic skills required for cyber crime management professional are:

Common forensic computing techniques; automation of digital evidence analysis; procedures for data recovery and analysis; legal considerations; principles of forensic computing; disk and file system forensics;

operating systems forensics; and Internet and organisational networks.

How can companies ensure that they are not vulnerable to cyber crime?

Key actions points to be followed by companies to risk arising from cyber crime are:

Register with CERT to stay updated with latest vulnerability and treats

Conduct user awareness programs regularly.

Update security polices and procedures regularly.

Perform security audit and implement recommendations.

Follow global best practices.

On the law to combat cyber crime.

Issues of jurisdiction have quickly come to the fore in the era of the digital world and the Internet. A single Internet transaction may involve the laws of at least three countries: i) laws of the user country, ii) country where the server is hosted; and iii) merchant/business country with whom the transaction takes place.

So it is vital for international law enforcement agencies to cooperate to implement measures to investigate, capture and prosecute cyber criminals.

Parliament passed the IT Bill in May 2000, notified it as the IT Act 2000 in order to bring e-commerce within the purview of the law and accord stringent punishments to cyber criminals.

Does cyber crime deter people from online transactions? What's its impact on e-commerce?

At present, cyber crimes do have a huge impact on online transactions. But with user awareness and companies adopting global security practices, more and more people will prefer online transactions.

Is the existing criminal justice system geared for cyber crime?

Mumbai police has set up a cyber crime cell with the help to Nasscom to deal with the investigation of Web site hacking, cyber stalking, cyber pornography, e-mail, credit card crime, software piracy, online fraud and Internet crime. Mumbai Cyber Lab is a unique initiative of police-public collaboration for training police officers in investigation of cyber crime. Similar initiates have also been taken by other States.

More Stories on : Interview | Economic Offences

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Rupee appreciation and AS-11

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line