Is CERT-In being too strict in enforcing regulations?

Amit Kulkarni

Just before I started writing this article, I was sitting with my daughter who has her exams starting in 10 days. She kept making excuses for not giving enough time for her studies until I raised my voice, made her sit at one place, and gave her a planned target for the next 10 days. Isn’t that exactly what CERT-In had to do in India?

In the country of 1408 million population with about 1.43 million registered businesses and more than 1 billion mobile users with massive country transformation with digitisation, one can imagine the amount of data that is getting churned every millisecond without inadequate cyber security measures. Cyber security is a persistent problem targeting individuals, large, small and medium enterprises, government organisations and all the entities possessing digital infrastructure. Consequence of any successful cyber security breach can result in revenue loss, reputation damage, national security and in some cases life endangerment.

Also Read | Cyber-resilient network builds upon the inherent reliability of networking

In spite of knowing the gravity of the cyber security issues, organisations are ignoring their cyber safety. Companies are being ignorant with naïve reasons like “I have not got attacked until now, so I don’t need any security”, “I have couple of security solutions hence I am fully safe”, “I have no confidential data, so I don’t need to worry about security” and many more. Most importantly there wasn’t any strict guideline which forced enterprises to secure their environment hence it was a matter of choice.

CERT-In’s initiative in making changes in the regulations is a great first step towards ensuring cyber safety. The change in the IT act has created a strong regulation against ignorance and leniency of the organisations towards cyber safety. Still there are many who are unaware of the cause and its effects but at least the drive has started. Apart from certain specific requirements put on the VPN providers, below are the main points organisations have to comply.

CERT-In Guideline : sub-section (6) of section 70B

1. Report cyber incidents within 6 hours of noticing
2. Take immediate action or seek help from CERT-In for mitigation
3. Enable and maintain all ICT logs for a rolling period of 180 days
4. Connect to NIP’s NTP server
5. Designate a point of contact and publish the details to CERT-In
6. Complete all of the above by Sept 2022

Also Read | Cybersecurity will become a productivity enhancer and not an enigma

Though the points mentioned above look straight forward, one needs to understand the cyber security space well in order to achieve the compliance. Companies like Allied Digital Services have launched a comprehensive program called “AIM 360° Cyber Security” through which they help organisations achieve compliance and protect them from cyber-attacks. In today’s fast-moving world, business houses want to focus on their core business and outsource the support functions to specialists. Outsourcing the CERT-In compliance will be a quick win for organisations and government.

The journey to cyber safe India has started, let’s all support to build a cyber safe India !!!

Views Expressed by- Amit Kulkarni, Head – Cyber Security Practice, Allied Digital Services

Elets The Banking and Finance Post Magazine has carved out a niche for itself in the crowded market with exclusive & unique content. Get in-depth insights on trend-setting innovations & transformation in the BFSI sector. Best offers for Print + Digital issues! Subscribe here➔ www.eletsonline.com/subscription/

Get a chance to meet the Who's who of the NBFCs and Insurance industry. Join Us for Upcoming Events and explore business opportunities. Like us on Facebook, connect with us on LinkedIn and follow us on Twitter, Instagram & Pinterest.