Enterprises around the world are facing threats of sophisticated cyber attacks. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, etc have been targeting many institutions and enterprises that are holding sensitive and crucial information and data.
While it is next to impossible to avoid all cyber attacks yet effective cyber security practices and mechanisms must be used by all enterprises handling sensitive data. Similarly, enterprises are under a legal obligation to share details about cyber security breaches that has taken place. An inappropriate action against a cyber security breach and its non reporting in a timely manner can attract both civil and criminal sanctions against the enterprises.
Take the example of Target Corporation that was attacked by cyber criminals and it failed to act in a timely manner. As a result of that Target Corporation is now facing litigation threats around the world. Similarly, EBay was also attacked recently and it has asked its customers to change their passwords. Now it has been reported that three U.S. States are investigating EBay’s cyber security standards and cyber security breach disclosure practices.
Obviously the costs of litigations and compensations are much higher than managing a robust and effective cyber security infrastructure. However, cyber security is not just hardware and software but strict adherence to cyber security best practices. Increasing the cyber security awareness and insulation of employees against social engineering attacks must be undertaken on a regular basis.
Indian government and various government departments are also required to ensure adequate cyber security. India has been projecting herself as a champion of e-governance. But the truth is that e-governance in India has miserably failed. The legal framework for e-governance in India is not only inadequate but it is also useless. This is so because we have no mandatory e-governance services in India and in the absence of a compulsion government departments are simply ignoring use of e-governance. Even the cyber security of e-governance services in India is missing as per the cyber security trends and developments of India 2013 (PDF).
However, this would also raise many techno legal compliance requirements and cyber law due diligence on the part of government departments and other stakeholders. Cyber security breaches have significantly increased in India and government departments and enterprises would be required to comply with cyber security breach notification requirements as well.