Cybercrime more sophisticated, need to develop capacity: EY-FICCI report

India stands third in terms of the number of cybercrime incidents, after United States and China, even as it becomes increasingly vulnerable to attacks itself, a new study has found.

A whitepaper titled “Confronting the new-age cybercriminal — Disrupting the web of crime” launched by EY in association with  Federation of Indian Chambers of Commerce and Industry (FICCI) highlights that as per industry estimates, 32 percent threats originate from Eastern Europe and Russia and social engineering is the preferred mode of launch for most perpetrators.

Social engineering essentially means deceiving people to manipulate them into divulging confidential or personal information that may be used for fraud.

One of the key factors why cybercrimes are becoming more sophisticated, better orchestrated and increasingly ambitious is because many of the perpetrators operate outside the jurisdiction of the victim’s country, the whitepaper found.

"One of the things that stands out in the study is that with the dark web coming in, cybercrime is an organised service-oriented marketplace," said Rahul Rishi, partner, EY.

The dark web is an anonymous network, similar to the Internet, that can be accessed only with special software. Increasingly, the dark web exists as a marketplace for everything from drugs to stolen identities, weaponry and cybercriminals promising to attack your adversaries for a fee.

To get over this, there is a serious need for law enforcement agencies to build capacity and train people.

This can be done by providing "focused training in areas like dark web monitoring, network security, cryptography, image processing, ethical hacking, digital forensics, etc. Experts for each domain need to be identified and mapped against sub-units of the cyber wing. The skill upgrade should be carried out in smaller cycles to keep in pace with technological progress," the whitepaper said.

One of the ways to combat cybercrime is credible threat intelligence which can be developed through inputs from multiple nations working in a collaborative manner.

Law enforcement agencies should engage in multilateral law enforcement and information sharing with international agencies like Interpol and
Europol, the report suggests.

Agreements can be signed with agencies like the FBI, Australian Criminal Intelligence Commission (ACIC), National Crime Authority-UK, Europol, etc. Further, to strengthen the institutional framework, the CERT-In along with conceptualized sectoral CERTs should collaborate with CERT US, FIRST, APCERT and other computer emergency response teams across the globe, it added.

“In today’s times, traditional methods of cybersecurity are inadequate to combat cyber crime. Hence, there is a requirement to devise mechanisms which are proactive in nature and help in identifying and preventing cybercrimes,” said Dilip Chenoy, Secretary General, FICCI.