Recently Indian organizations have gone through six hours of a data breach, and the country’s computer emergency response team (CERT-in) has implemented new rules.
Critical parts of India’s network and IT infrastructure, data centers, and government organizations, including service providers, must follow the new rules.
Compared to other large economic countries like the EU, India has a shorter reporting window. Whit in 72 hours GDPR mandates that breaches are reported.
Service providers like data centers, cloud service providers, VPN operators, etc. will have to maintain customer information like IP addresses, and pan numbers for at least 5 years to know your customer.
Similarly, phone pay, and Paytm uses KYC(know your customer) records.
A list of 20 types of incidents has been issued by CERT-In, that organizations must report within the six-hour window. This includes identity theft, credential loss, spoofing, phishing, data breach, malware, and ransomware attacks.
Unauthorized access to some of the service-proving platforms and social media accounts has been affected by these incidents.
After the announcement of new policies and regulations, India’s IT ministry stated that CERT-In has found certain gaps which are causing hindrance in incident analysis and also sadi that the policies and regulations would enhance overall cybersecurity posture and ensure safe and trusted internet in the country.
Director at Versatilist consulting and ISACA ambassador RV Raghu has announced an insight toward improved information and customer safety which strengthen the cybersecurity domain posture of Indian organizations.
