India Bytes: Cyber ​​Incident Reporting; Ransomware attack; VPN providers

Indian agencies will report cyber incidents within six hours of identification

India’s Nodal Cybersecurity Agency, Computer Emergency Response Team (CERT-In) has compelled all service providers, intermediaries, data centers, body corporates and government agencies to report cyber incidents within six hours of detection. The incident can be reported via email, phone or fax. These guidelines will be effective from 27 July 2022

Service providers are obliged to take action or provide information on any action taken against cyber security incidents within a specified format and within a specified period of time, failing which it will be deemed non-compliance. All service providers, data centers and government agencies have been asked to designate a point of contact (POC) to interface with CERT-In. All communications from CERT-In will then be sent to POC.

Companies are required to activate logs of all their ICT systems and maintain them safely within Indian jurisdiction for a rolling period of 180 days, the statement said. It should then be reported to CERT-In along with any cyber incident reporting or order.

Last year, more than 70% of Indian companies were attacked by ransomware

A recent report by Sophos found that 78% of Indian companies fell victim to ransomware attacks last year, more than the global average of 66%, and more than 37% in 2020. Worldwide, attackers have managed to encrypt data in 65% of attacks In 2021.

The report further states that India paid an average of 19 1,198,475 in ransom. The number of victims and ransom payments continues to rise in 2021.

The average cost of recovering from an incident decreased from US 3. 3.4 million in India in 2020 to US $ 2.8 million, down 17% in 2021. However, the numbers remain significant and call for better security in Indian companies.

VPN providers will store user data for five years

Virtual private network (VPN) companies will now have to collect and store user data for five years, including the user’s home address, IP address and usage type, as instructed by the Ministry of Electronics and Information Technology (MeitY).

Meity has given VPN providers a 60-day window to make the necessary arrangements, ending July 27, 2022. Providers need to save user data even if the user cancels the subscription. Failure to do so may result in imprisonment of up to one year by the concerned authorities. The move was made to coordinate response activities and emergency response to cyber security incidents.

CERT-In requires data centers, virtual private server providers, cloud service providers, and VPN providers to store and maintain specific user data for 5 years or more.

If implemented, VPN providers will have to switch to storage servers, which means higher costs for companies. As a result, VPN services may increase subscription costs to cover storage costs.

5G spectrum auction in June, services rollout in August or September

In a very optimistic statement, Telecom Minister Ashwini Vaishnav said that the 5G Airways auction would be held in June 2022 and added that the commercial rollout is expected to be from August or September.

In the past, network operators have expressed their dissatisfaction with the high price of spectrum and requested TRAI to reduce the price by 90%. However, TRAI reduced the price by only 35% to 40% in its recommendation, after which the Cellular Operators Association of India (COAI) expressed frustration. Vaishnavism says that the demand of the industry for further reduction will be considered logically.

TRAI’s recommendation will be approved by the Digital Communications Commission (DCC), which will soon make a call on it. TRAI will be informed of DCC’s decision. According to Vaishnavism, the ministry has already worked out a draft invitation for 5G tender.

India and Germany will work together in AI research

India and Germany will work together to focus on AI start-ups and research and its application in sustainability and healthcare. The announcement came after Indian Science and Technology and Earth Sciences Minister Jitendra Singh held bilateral talks with German Education and Research Minister Bettina Stark-Wattingen.

Experts from both countries have already met to explore the work done at AI, and an Indo-German call for proposals will soon be raised inviting researchers and industry proposals.

Copyright © 2022 IDG Communications, Inc.

Leave a Reply

Your email address will not be published.