Citizen-centric cybersecurity is need of the hour

As civil society is encouraged to embrace digital technologies, they are at greater risk of being disrupted by various cybersecurity incidents

As civil society is encouraged to embrace digital technologies, they are at greater risk of being disrupted by various cybersecurity incidents

“Your network has been breached and all data has been encrypted.” The message on the NIMHANS desktop screens included a link to connect to the ransomware’s sales department and mentioned that the user must purchase their decryption software, alluding to blackmail.

NIMHANS faced cybersecurity threats after a ransomware attack in March 2022. While there are concerns about patient data being compromised and the functioning of the causality department, the director claimed only a few computers were infected.

In a new digital crime avatar, several consumers have received flimsy notices from Bescom that the power connections to their respective homes will be severed due to late payment of utility bills. The bank accounts of those who responded to this communiqué were compromised.

As civil society is encouraged to embrace digital technologies, they are at greater risk of being disrupted by various cybersecurity incidents. The marginalization of civil society in broader political discourse and in cybersecurity ecosystems at global and national levels makes it vulnerable to policy and practice.

While governments around the world spend billions of dollars protecting government critical infrastructure (CI) and private companies have generous cybersecurity budgets, civil society participation in cybersecurity rarely goes beyond tokenism.

For one thing, civil society rarely poses a significant commercial threat that deserves the kind of spending that commercial CI justifies. Because civil society is often outside the scope of CI, it is not subject to the statutory provisions of cybersecurity laws. Additionally, tech companies don’t find it financially stimulating to invest in technology to secure smartphones sold off the shelf for mass consumption.

A bouquet of threats

A study published in February found that India alone has over 750 million smartphone users, expected to grow to over 1 billion by 2026, fueled by sales in its vast rural hinterland. Very few of these users understand the threats that online hackers pose.

Despite Google’s claims, experts have continued to detect malware in the so-called cleaned Google Play app. Aside from apps with overtly malicious intent, there are rogue apps on Google Play that pose as legitimate services such as welfare applications, but hijack the user’s data or even freeze the device for a fee.

Even more fatal are banking Trojans that allow hackers to access the current session and user’s personal mobile banking account without knowing the login password. Another app can take screenshots of the user’s screen, thus recording important data related to banking transactions. After all, spyware like the infamous Pegasus could easily hack into almost any smartphone.

The current cybercrime scenario is worrying as criminals send umpteen messages to consumers to play on ignorance and even more on their greed. With the latest technology, criminals can modify existing videos and photos to create fake content; with artificial intelligence (AI), “deepfakes”; can be fabricated that can hardly be distinguished from real ones. This technology has great potential for digital manipulation and fraud.

Whenever an email is sent, an online search is conducted, or a photo is shared on social media, we certainly leave behind a trail of personal data that constitutes our ‘digital footprint’. These digital footprints are permanent and extremely difficult to erase. The data includes the activities we do in apps and online and consists of the geographical coordinates – since we take our devices almost everywhere.

The way ahead

A “national security-centric” narrative is currently triumphing over cybersecurity policies and practices. Based on a realistic theory of geopolitics in which nation states compete, the main cybersecurity threats are characterized as those causing damage to critical infrastructures within their territorial jurisdictions.

The preferred alternative would be a “citizen-centric” approach to digital security that strives for indivisible network security, assured privacy, and the widest possible range of homocentric experience. It would seek to ensure that such essentials are closely monitored and guarded by multiple levels of independent oversight and verification.

(Tobby Simon is Founder and President of the Synergia Foundation and Commissioner of the Global Commission on Internet Governance)

Source link

READ:  Semiconductor alliances between U.S. and Asia could hold back China