The All India Institute of Medical Sciences (AIIMS) in Delhi fell victim to a cyber attack for the second time in eight months. This time, however, the attack was unsuccessful thanks to the institution's robust cyber safety system. The incident highlights the growing vulnerability of data in an increasingly digitized world.
The Rising Threat of Data Breaches
According to a recent report by Surfshark, data breaches have become a rampant issue, with 16 accounts being breached every minute in India. In the first quarter of 2023 alone, a staggering 21 lakh accounts were leaked in the country. Globally, a shocking 4.21 crore accounts fell victim to data theft during the same period, equating to an account being compromised every second. India ranks sixth in the world in terms of leaked accounts, with Russia leading the list at 66 lakh accounts, followed by the United States, Taiwan, France, and Spain.
Common Methods of Data Theft
Cybersecurity experts have identified four common methods used by hackers to steal sensitive information:
Stealing Information: Hackers may employ keyloggers, software that records keystrokes, to collect data. Even companies like Apple have fallen victim to this method. In a recent incident, keyloggers were accidentally placed on an employee's desk or sent via email, enabling hackers to access sensitive information, including hardware details and typed content.
Ransomware: This malicious software encrypts files upon entry into a system, effectively locking them until the victim pays a ransom. The AIIMS attack was reportedly a ransomware incident.
Password Theft: Many individuals use easily guessable passwords, such as street names, pet names, or simple number combinations like "1234" or birthdates. Hackers exploit this vulnerability to gain unauthorised access to accounts.
Intermediary Account Breaches: Personal data breaches often occur through intermediaries, such as organizations or platforms that handle user data. These intermediaries can become targets for hackers, leading to the compromise of millions of individuals' information.
Alarming Cybercrime Statistics
The Ministry of Home Affairs presented alarming statistics on cybercrime in the Lok Sabha, indicating a significant increase in cyber incidents in recent years. In 2021 alone, the country witnessed a total of 52,974 cybercrime incidents, with Telangana recording the highest number at 10,303 cases. Uttar Pradesh and Karnataka followed closely behind with 8,829 and 8,136 cases, respectively.
The number of cybercrimes against women also saw an alarming rise, with 10,703 cases reported in 2021 compared to 10,405 in 2020 and 8,415 in 2019. Karnataka reported the highest number of cybercrimes against women, with Maharashtra and Uttar Pradesh ranking second and third, respectively.
Furthermore, there has been a four-fold increase in cybercrimes against children in the past three years, with 1,376 cases registered in 2021 compared to just 306 in 2019.
The Need for Data Protection and Cybersecurity Measures
Instances of personal data theft remain relatively rare, with most breaches occurring through intermediaries. These organizations, such as banks, schools, or companies, collect and store personal data, making them lucrative targets for hackers. Currently, there is no legal accountability or compensation framework in place for these organizations until the Data Protection Bill is implemented.
While there are steps individuals can take, such as regularly updating software, implementing two-step authentication, and monitoring credit and debit card usage, there is no foolproof method to guarantee protection against cyber attacks.
The recent cyber attack on AIIMS serves as a stark reminder of the growing threats posed by hackers and the urgent need for robust cybersecurity measures. As India grapples with the increasing digitization of services and the risks associated with data breaches, it is crucial for individuals, organizations, and the government to collaborate and implement stringent measures to safeguard sensitive information and ensure data security in the digital age.