Cybersecurity incidents reported to the Indian Computer Emergency Response Team (CERT-In) have surged dramatically over the past four years, with reports quadrupling from 2019 to 2023. In a statement presented by Jitin Prasad, India’s Minister of State for Electronics and Information Technology, in the Rajya Sabha, it was highlighted that the increase in incidents involving government organizations was particularly notable, more than doubling during this timeframe.
In 2019, CERT-In tracked 394,499 cybersecurity incidents—a figure that escalated to 1,592,917 by 2023. Notably, 2020 experienced the most significant rise, with incidents nearly tripling compared to the previous year, leading to 1,158,208 reported cases. The subsequent years maintained a high level of reports, with 1,402,809 incidents in 2021 and a slight decline in 2022 to 1,391,457 incidents.
Prasad’s response further revealed that incidents specifically linked to government entities also saw a marked increase. Starting with 85,797 incidents in 2019, the numbers fluctuated, culminating in 204,844 reported incidents by 2023. The data indicates a significant escalation in both the frequency and complexity of cybersecurity threats faced by governmental infrastructure.
In April 2022, CERT-In mandated the reporting of 20 different types of cybersecurity incidents, including data breaches, identity thefts, and attacks on digital payment systems. This regulatory framework aims to enhance the incident reporting processes and improve situational awareness among organizations.
Importantly, Prasad addressed concerns regarding the security of Aadhaar data held by the Unique Identification Authority of India (UIDAI). He confirmed that there have been no breaches identified in the Central Identities Data Repository (CIDR) associated with Aadhaar. However, the government provided no clarification on whether Aadhaar data could have been compromised from other departments or shared databases.
The issue of potential data leaks came to the forefront with inquiries about reports suggesting the exposure of sensitive information, such as Aadhaar and passport details, from the Indian Council of Medical Research (ICMR) database. While Prasad did not offer a concrete response regarding these allegations, he refrained from confirming or denying the breach of passport details.
This surge in reported cybersecurity incidents poses serious implications for businesses and governmental bodies alike. The increase underscores a growing risk landscape, where adversaries may leverage tactics and techniques outlined in the MITRE ATT&CK framework. Potential initial access methods could include phishing attacks, exploiting vulnerabilities in public systems, or leveraging unpatched software to gain entry. Once inside, attackers may attempt persistence through methods such as implanting malware or creating rogue user accounts.
As organizations navigate this evolving threat environment, they are reminded of the importance of robust cybersecurity protocols, incident response planning, and regular training to mitigate risks associated with these emerging threats. The dramatic increase in incidents emphasizes the urgent need for vigilance and proactive measures to safeguard critical data and infrastructure against future cyber threats.
