India Risk Review 2018

Security needs collaboration at individual, organizational, industrial, national and global levels. Networking and knowledge sharing are the key drivers for mitigating challenges in today’s complex security environment.

India dealt with the economic implications of big-ticket items like demonetization and GST. Even as violence level of Maoist and Northeast insurgencies showed a downward trend, Jammu & Kashmir remained on the boil. Along with the unrest in the border states of the country, civil disturbances in the Indian heartland have continued to occur with various special interest groups agitating to get their demands met – prominent among them being the farmers and identity-based groups. Meanwhile, cyber security continued to be an area of concern during 2017 as in the previous years, with cyber-attacks like ‘WannaCry’ occurring frequently.

The year gone by was tumultuous, and a defining one for India from the economic and security perspective. The twin macroeconomic initiatives, in the form of remonetisation and introduction of GST brought about a major upheaval in the cash dependant Indian economy, whose overall impact would be felt in the ensuing years. GST, despite some infirmities, gave a boost to the federal structure and would be a unifying factor by acting as a catalyst for seamless interstate trade. The GST council will become a powerful forum for economic equity. The Indian economy buoyed by reforms and upgradation of the ease of doing business index would grow significantly in the next few years.

The Political The political scenario continued to get increasingly polarised with caste and communal politics making a comeback. Slow job growth in the hinterland continues to pose risks of social unrest; fanned by political rhetorics, and would need careful monitoring. The internal security scenario showed improvement and this trend would continue. The Rohingya refugee crisis has been handled satisfactorily by the government, else it would have posed some long-term security risks. Overall, 2018 would usher in improved economic dynamics and a reasonably stable security scenario.

– Lt. Gen. Sudhir Sharma (Retd.)
PVSM, AVSM, YSM, VSM Chairman, MitKat

As we move into 2018, security professionals world-wide will face dynamic and more evolving security threats. With other traditional security threats, terrorism and geopolitical stress will remain areas of concern, along with non-traditional threats in both the physical and cyber realms. Civil unrest, agitations and protests by parties and groups will continue to disrupt business activities, especially in the major cities. Natural hazards such as floods, cyclones and other extreme weather events will pose an increasing threat to the security and business continuity. Keeping in view the ever-changing dynamic security environment in India, it is important to constantly monitor the external threats.

Overall business climate in India in 2018

India has adopted a variety of economic reform measures during 2017; most notably the implementation of the Goods and Services Tax (GST) and the demonetization drive that have impacted Indian businesses across the economic spectrum.

In October 2017 the International Monetary Fund (IMF) slashed India’s growth forecast by 0.5 percentage points to 6.7 percent in 2017. It has also lowered the growth projection for 2018 to 7.4 per cent from its earlier estimate in April and June of 7.7 per cent. The IMF forecast is in line with a number of recent projections that have scaled down India’s growth prospects for the fiscal due to disruptions from demonetization and GST, despite the government’s strong defense of the moves. GDP growth hit a three-year low of 5.7 per cent in the first quarter of the fiscal. However, the IMF is more optimistic about medium- term growth prospects for India through gains from
the new indirect tax levy.

India jumped 30 spots in the rankings to 100th place out of 190 countries in the recent World Bank Doing Business report. The Central Government also plans to release a state wise ease of doing business ranking by February 2018 in order to encourage competition and increase transparency. Another vote of confidence in the Indian economy has been the upgrading of India’s sovereign rating by Moody’s
to Baa2 (Investment Grade – Stable Outlook), the first such upgrade after 13 years. The rationale behind this upgrade is a strong acknowledgment and endorsement of structural-reforms in the past three years, which are slowly but surely fructifying.

The deep rooted and far sighted reforms like financial inclusion (getting the poorest access to the formal banking system), and direct benefit transfer of subsidies (and thereby minimizing pilferage), have significantly led to strengthening of economy. PSU bank recapitalization, aimed at reducing the problem of NPAs in the banking system, is another positive step. Bold foreign direct investment reforms have taken place in 21 sectors along with significant reforms in defence, railways, construction, insurance, pension, civil
aviation and pharmaceuticals sectors.

Top Business Risks in 2018

Public protests/ strikes

Public protests have resulted in serious disruptions during 2017 as most of the protests were spearheaded by farmer unions, labour unions, textile workers and bank employees. The textile industry has suffered a loss of an estimated INR 40,000 crore due to the protest against GST since July 1. The protest by bank employees all over India also led to losses of billions of rupees and this was also reflected in the stock markets over the next few days.

Protests against infrastructure projects and land acquisition have also had a significant impact and will continue to do so in 2018 owing to the larger time frame of these projects. The blockade and protests against the Vizhinjam transshipment port led by local fishermen resulted in large losses and delays.

Natural disasters

Major metropolitan cities continue to remain underprepared to handle severe flooding resulting from the annual monsoons, which usually run from June to September. Many parts of Mumbai, Delhi and Gurgaon, Bengaluru, Hyderabad, and Kolkata are submerged due to waterlogging, resulting in severe disruption to businesses. Extreme flooding brought Mumbai to a standstill in July 2017.

India on average suffers an economic loss of US$7 billion each year because of floods, according to the United Nations. In Assam over 5,300 hectares of agricultural land was damaged due to the widespread flooding in the state. Infrastructure in these regions is still not able to cope with such natural disasters and hence it becomes imperative for businesses to develop resilient business continuity plans across all functions to counter this recurring threat.

Cyber attacks

India is the second largest user of Internet services in the world and there have been significant gains in the field of e-commerce, mobile payments, and digitalization of government as well as utility services. This has exponentially increased the risk of cyber-attacks across organizations.

The interdependency of service providers and software support providers has increased the vulnerability matrix due to a larger number of links in the service chain. This manifested in June 2017 after a malware attack on Maersk line (a service provider of one of the terminals at JNPT port) resulted in disruption of container operations. India was also the third worst affected country by the WannaCry
ransomware attacks – major urban centers targeted were Bengaluru, Chennai, Hyderabad and Mumbai. ATMs in India are particularly vulnerable to cyber-attacks as they often rely on older versions of Microsoft Windows, which are easy for hackers to infiltrate. According to the Indian
Computer Emergency Response Team (CERT-In), almost 11,000 networks in India were victims of probe-scanning in 2017. Probing and scanning are usually the initial steps used by a hacker to monitor a system before the malware or ransomware is installed on the network. On June 28, 2017, the Petya global cyber-attack disrupted cyber services in Russia, Ukraine, India and Australia. India’s largest port,
Jawaharlal Nehru Port Trust (JNPT) near Mumbai had to be temporarily shut down as a result of the attack; the virus affected computers running Microsoft software for the second time after the WannaCry attack.

According to Symantec, 1 in 131 e-mails contained a malicious link or attachment, the highest in five years. Business email compromise (BEC) scams, which rely on little more than carefully composed spear-phishing e-mails scammed more than $3 billion from businesses over the last three years, targeting more than 400 business every day.

Cyber-attack cases in India are usually under-reported because people tend to rely on software to protect them from a breach rather than comprehensive cyber security solutions. Moreover, India has no legal requirement to report the incident, nor is there a legal obligation to let victims know that their data has been compromised.

Ransomware & malware attacks

A botnet malware named Mirai took over the Internet targeting home router users and other IoT based devices. The malware affected 2.5 million IoT devices; with a large proportion of systems affected in India. Besides, Ransomware Wanna Cry, India was also on the top 10 lists of countries to be hit by Petya ransomware attacks, with the country faring worst among other Asia Pacific (APAC) countries Globally, India took the 7th spot with less than 20 organizations being affected.

Threat to privacy

Digital privacy has become a contested legal issue in India. A recent Supreme Court ruling favoured the right to privacy to be superimposed in the digital context as well. Currently, firms such as Facebook and Google and other ecommerce applications harvest data and take it to servers outside the country, without checks on who gets access to the data. Interestingly, the lack of data protection and privacy laws has been a reason why companies could exploit user data for commercial purposes

Cloud security

India has made several progressive steps in implementing cloud based solutions across various organizations. The cloud strategy requires a radical reassessment and revamping of existing security provisions, because a move to the cloud changes the technology landscape quite drastically. The new paradigm must incorporate the spirit of the legacy security provisions, but requires much more sophistication to secure a hybrid cloud setup.

Lack of cyber legislation

Data protection law in India is currently facing challenges due to the absence of proper legislative framework.  India being the largest host of out-sourced data processing in the world, could become the epicenter of cyber-crimes due to the absence of appropriate legislation. Although the Personal Data Protection Bill was introduced in Parliament in 2006, it is yet to see the light of the day. It follows a comprehensive model with the bill aiming to govern the collection, processing and distribution of personal data.

The Information Technology Act, 2000 has recently been amended to meet challenges in cyber-crime. While the amended Act is yet to come into force, it has introduced two important provisions that have a strong bearing on the legal regime for data protection. Under Section 43A, there are provisions to allow a sector to form a consortium that agrees to set security standards.

The specific aspects, which are still excluded from Indian Cyber Legislations, are data breach disclosures, privacy protection, personal data protection, dedicated law on digital payments, procedures to track and prosecute international cyber criminals.

IoT and Artificial Intelligence

The IoT device market in India is still at its nascent stage but it is growing fast. As IoT by virtue involves linking devices to each other on an internet platform, the threats to a cyber breach increase exponentially. The major security implications are in terms of support, manufacturing and supply chain industry.

There are over 8.4 billion IoT devices in 2017 which will rise to 20.4 billion by 2020. These unregulated IoT devices will create havoc as it might become the cyber weapon delivery system of choice for the botnet building attackers. India stands second globally in the top 20 attack source countries of 2017. Apart from attack vectors originating from India, a report also cites the presence of Persirai-infected IP cameras across the country. Persirai is a malware which attacks IP cameras with DDoS attacks. IoT devices can also be used as thing-bots to take out vulnerable IoT platforms and host trojan attacks on banking infrastructure as well.
Artificial intelligence is also at a very nascent stage in India. The concept of automated cars and robotics is limited to only the advanced manufacturing units. The risks to AI devices though high, have not yet been seen on a noticeable scale in India.


Leave a Reply