Data protection

THE authorities’ preparedness for digital privacy protection is under the scanner once again following reports of a major data breach leading to the leaking of personal information of the recipients of the Covid-19 vaccine. While ordering an inquiry, the Centre has been quick to deny claims that data on vaccination-tracking platform CoWIN had been accessed by a Telegram bot (web robot). The possibility that this could be previously stolen data adds to the mounting concerns. Every citizen providing information to a database would expect regular risk assessment, with a mandated policy to monitor the inbuilt safety provisions. Now’s the time for a relook at the safety regime and allay doubts about the security aspects of e-platforms. The challenge for the nodal cybersecurity agency only gets tougher, but that’s the requirement of the day.

In November last year, the AIIMS cyberattack had prompted a series of remedial measures. A critical input was that organisations should ensure network segmentation, under which a computer network is divided into sub-networks, to improve security and isolate vulnerabilities. Also underlined was the utility of having a security information and event management solution that helps collect data from various sources to provide real-time visibility of security events. Formalising an incident response plan to minimise the damage and compulsory cybersecurity training for staff were stressed. The message for tech teams was to keep devices and systems abreast of the latest security patches and software updates.

Keeping track of cybercrime fora to detect the latest tactics being employed by threat actors becomes imperative to safeguard systems and ensure the confidentiality of sensitive information. The government’s e-dependency outreach demands accompanying systems that protect the digital citizen. The explosion of cybercrime activity, exemplified by the busting of syndicates in Haryana’s Nuh, shows the scale of the threat and the risks involved.