Major General Dr Dilawar Singh

Only few weeks ago we saw the case of AIIMS systems being locked and now we are seeing the Insurance Information Bureau Of India being hit by Ransomware Attack wherein the Hackers have demanded $250,000 As Ransom as learnt from the news report below

In today’s digital age, where data has become a valuable asset, the protection of private information has become a critical concern for individuals, organizations, and governments alike.

The increasing number of high-profile data breaches, ransomware attacks, and cyber threats have highlighted the need for robust data and cyber security measures.

As custodians of public data, it is the responsibility of government entities, public sector organizations, and corporations to ensure the utmost protection of private data. In this article I explore the imperative for establishing legal obligations to enforce comprehensive safeguards for data and cyber security.

The Magnitude of Losses

The repercussions of data theft and ransom cases are severe and far-reaching. These incidents not only result in substantial financial losses but also erode public trust and confidence.

The impact of data breaches extends beyond monetary damages, as compromised personal information can be exploited for identity theft, fraud, and other malicious activities.
Additionally, businesses and governments face reputational damage, legal liabilities, and regulatory penalties when they fail to adequately safeguard private data.

The Responsibility of Custodians

As custodians of public data, government entities, public sector organizations, and corporations bear the responsibility of protecting the privacy and security of the information entrusted to them.
This responsibility extends to ensuring the confidentiality, integrity, and availability of data throughout its lifecycle. Robust data protection measures are essential to prevent unauthorized access, data breaches, and cyberattacks. Such safeguards must include technical, organizational, and legal frameworks that align with industry best practices and evolving cyber threats.

The Need for Legal Obligations

While many organizations recognize the importance of data and cyber security, a voluntary approach is often insufficient to address the complex and evolving nature of cyber threats. Legal obligations serve as a powerful mechanism to ensure that adequate safeguards are implemented consistently across all sectors. By enacting comprehensive data protection and cyber security laws, governments can establish a baseline for minimum security standards, impose penalties for non-compliance, and create a culture of accountability and responsibility.

Relevant Technology and Solutions

To meet the challenges posed by modern cyber threats, custodians of private data must employ a range of advanced technologies and solutions. Encryption, multifactor authentication, intrusion detection systems, and firewalls are just a few examples of the tools available to protect sensitive information. Moreover, leveraging artificial intelligence and machine learning algorithms can enhance threat detection and response capabilities, enabling proactive measures against potential security breaches.

Case Studies:
Several high-profile incidents have underscored the urgency of establishing legal obligations for data and cyber security. For instance, the Equifax data breach in 2017 exposed the personal information of over 147 million individuals, leading to significant financial losses and reputational damage for the company. In the public sector, the Colonial Pipeline ransomware attack in 2021 disrupted fuel supplies across the Eastern United States, highlighting the potential consequences of cyber threats on critical infrastructure. These cases demonstrate the pressing need for stringent legal requirements to safeguard private data.

Conclusion
The protection of private data is a fundamental responsibility for government entities, public sector organizations, and corporations.
As custodians of public data, they must prioritize data and cyber security by implementing comprehensive safeguards and adhering to industry best practices.
However, voluntary measures alone are insufficient to mitigate the evolving threats posed by cybercriminals. Legal obligations that enforce stringent security standards, accompanied by appropriate penalties for non-compliance, are essential to create a culture of accountability and ensure the integrity and privacy of private data. By embracing these obligations, custodians can strengthen public trust, safeguard personal information, and foster a secure digital ecosystem for all.

---

The author, Major General Dr Dilawar Singh (Retd), Ph.D, M.Sc, MMS, MBA, B.Sc, HDOMC, HDMC, SC, PSc, CREM, CEW, CSAT, is a fourth generation veteran, who has engaged in numerous successful research projects, formulation of higher Education Policy and Management at National Level and Youth development at International level.

Major General Dr Dilawar Singh (Retd), has been: Member of Consultative Committee for Formulation of India’s New Education Policy,

Member, Expert Committee of University Grants Commission-Apex National Organisation for Regulation of Universities in India.

Governing Board Member of few Universities,

Advisory Board Member and Academic Council Member of few Universities.

Senior Faculty at both Army and Public Centres of Excellence of highest repute.

He has travelled to many countries for professional assignments and engagements viz USA, China, Russia, S. Korea, Greece, Hungary, Belgium, Kenya, Nepal, SriLanka and Bangladesh.