CERT-In Says Organisations Must Report Cybersecurity Breaches Within 6 Hours

CERT-In has asked all government and private agencies, including Internet service providers, social media platforms and data centres, to mandatorily report cyber security breach incidents to it within six hours of noticing them.

CERT-In Says Organisations Must Report Cybersecurity Breaches Within 6 Hours

There have been several incidents of data breach in Indian entities that led to leak of personal data

Highlights
  • The log should be provided to CERT-In
  • The move will help in fighting cybercrime more effectively
  • Some companies continued to ignore alerts

CERT-In has asked all government and private agencies, including Internet service providers, social media platforms, and data centres, to mandatorily report cybersecurity breach incidents to it within six hours of noticing them.

The new circular, issued by the Indian Computer Emergency Response Team (CERT-In), mandates all service providers, intermediaries, data centres, corporates, and government organisations to mandatorily enable logs of all their ICT (Information and Communication Technology) systems and maintain them securely for a rolling period of 180 days, and the same shall be maintained within the Indian jurisdiction.

The log should be provided to CERT-In along with reporting of any incident or when directed by the computer emergency response team.

The move will help in fighting cybercrime more effectively, minister of state for electronics and IT Rajeev Chandrasekhar said in a tweet, asking all companies and enterprises "must mandatorily report cyber incidents to IndianCERT".

CERT-In is empowered under section 70B of the Information Technology Act to collect, analyse, and disseminate information on cybersecurity incidents.

CERT-In said that during the course of handling cyber incidents and interactions with the constituency, it has identified certain gaps causing hindrance in the analysis of breach incidents.

"To address the identified gaps and issues so as to facilitate incident response measures, CERT-In has issued directions relating to information security practices, procedure, prevention, response, and reporting of cyber incidents under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000. These directions will become effective after 60 days," Cert-In said.

According to the latest order, data centres, virtual private server (VPS) providers, cloud service providers, and virtual private network service (VPN Service) providers need to register the accurate information related to subscriber names, customer hiring the services, ownership pattern of the subscribers etc, and maintain them for five years or longer duration as mandated by the law.

"Many times during LEA (Law Enforcement Agency) requests and investigations, we have seen cases of non-storage or availability of data and proper records with intermediaries and service providers. These guidelines will streamline the date records to be maintained and proper reporting of security incidents to CERT-In," said Jiten Jain, Voyager Infosec director of digital lab.

There have been several incidents of data breach in Indian entities that have led to leak of personal data of crores of individuals.

Some companies continued to ignore alerts by cybersecurity researchers and acted only after the data was made public.

"End-user has the right to know if their data is loaded so that an individual can protect himself from fraud transactions, fake loans, ID misuse etc. Government should also force companies to inform their users within 24 hours of the incident. Neither CERT-In nor companies inform users. We saw a lot of data breaches last year. None of them informed their users. As a result, cybercrime, financial frauds and ID misuse have spiked," cybersecurity researcher Rajshekhar Rajaharia said.

He said that users are still unaware if their KYC (Know Your Customer) and financial data is safe or not.


Are affordable smartwatches worth it? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: CERT In, Cybersecurity
Realme Narzo 50 5G India Launch in May; Colour, Memory, Storage Options Tipped: Report
Samsung Led 5G Android Smartphone Market With 24 Percent of Global Sales in February: Counterpoint
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2022. All rights reserved.