Lessons from the CoWin data breach

This data breach is heightened further by the absence of a finalized National Cyber Security Strategy, which is pending despite a draft being presented for public consultation in December 2019. India also lacks a robust data protection law, and even the proposed Draft Digital Personal Data Protection Bill 2022, deliberated by MeitY, includes provisions that exempt government entities from compliance. This lack of legal accountability has paved the way for recurring data breaches, highlighting the importance of creating regulatory frameworks that operate within the Constitution and can protect the sensitive personal data of individuals.

That is why it is crucial that individuals and organizations take preventive measures and respond swiftly to mitigate the potential impact of data breaches.

As global industrial supply chains become increasingly interconnected, the risk of third-party data breaches rises. To address this, organizations must prioritize data privacy by implementing a strong security roadmap within their digital infrastructure strategies. This includes encrypting sensitive data, conducting regular risk assessments, and promptly updating and patching security systems. These proactive measures help organizations strengthen their defences and minimise the risk of data breaches in the rapidly evolving digital landscape.

In addition, organizations should prioritize performing routine hygiene checks to safeguard their data. These checks involve regular backups of crucial data, verifying access points to sensitive information, and upgrading outdated security systems to enhance threat detection capabilities. Moreover, educating employees on data security best practices is paramount. Companies must conduct frequent training sessions to ensure employees comprehend their roles and responsibilities in upholding data security. This encompasses practising strong password hygiene, recognizing phishing attempts, and avoiding potentially harmful websites or links.

Several companies have already implemented essential security strategies that range from developing internal frameworks to using cutting-edge technologies for data security to mandating cybersecurity training programs for employees on how to prevent and respond to data breaches and incidents.

According to a PwC survey, over 82% of business executives in India foresee an increase in the cybersecurity budget in 2023. Even the government allocated INR 625 crores in this year’s Union Budget, to improve the country’s cybersecurity infrastructure.

The role of the government

It is crucial for the government to establish a secure data ecosystem within the country. This can be achieved by finalizing a comprehensive data governance policy, empowering companies to effectively identify threats and establish standardized data protection systems. Furthermore, the government should allocate resources towards promoting  AI-based cybersecurity systems, enact stringent legislation and promote cross-sector collaboration to counter the constantly evolving landscape of threats effectively.

As technology continues to advance and permeate all aspects of our lives, the need for secure digital environments is paramount. It is crucial for both companies and the government to actively foster a strong cybersecurity ecosystem that addresses the ever-evolving threat landscape and safeguards critical infrastructure, sensitive data, and individual privacy. This collaborative approach will not only bolster India’s cyber defence capabilities but also create an environment conducive to innovation, entrepreneurship and digital transformation.