Crowdsourcing of cybercrime data

Crowdsourced security methodologies invite a group of people (a crowd) to test an asset for vulnerabilities. The number of people can range from less than a dozen to several hundred testing concurrently. But the question is….is crowdsourcing of cyber-crime data the only way to understand the depth of the penetration of cybercrimes in India?

Given the nature of the digital transformation and digital immersion age, we hear of cybercrimes all around the place. If only people losing in loan Apps were really accounted for, it would itself come to some formidable number. The real modus operandi remains unknown. Variety of sections in our common law would need to be redefined with its commensurate connection with the cybercrimes, they cannot remain as distinct entities.

Due to the nature of the crowd, it is understandably more difficult to have your internal network pen-tested. Whereas a pen-tester physically enters your premises, internal assets don’t lend themselves to being tested by people outside of the organization as this would involve granting secure access, such as through a virtual private network (VPN), authenticated proxies, or even a model test environment. While we have seen, in many successful crowdsourced ‘internal’ pen-tests, the majority still remain focused on externally facing assets.

The Indian mass media is obsessed with declaring the govt. cybercrime figures as etched in stone. It can be NCRB data or a RTI reply. Lots of serious journalism can be done in the direction of cybercrime data discovery, but who is bothered?

They are a true reflection of the cases registered rather than the number of offences committed, in a country any number goes reported for a variety of reasons. Bangalore has been declared as the identity theft capital of India in a news item based on NCRB data.

How rampant it is all across would be known if it gets discovered by unsuspecting and ignorant victims and then the victim decides to go to the police in every single case.

Bangalore tops the cities in cyber criminals succeeding in gaining access to smartphones, email accounts and financial instruments. Bangalore has witnessed an increase of 72% and NCRB figures for the year 2021 is 1685. Given the number of digital transactions, assets and operations handled does not correspond with reality. Karnataka also has topped in identity theft crimes too and Bangalore topped the list of metropolitan cities with 6423 cybercrimes.

While digital penetration has increased by leaps and bounds, the crime figures have followed the conventional model of increase in a way. Crowd source cybercrime data/ information, people would be more than forthcoming for sure, the complexities of cases and even evidence and documentation thereof. Only this approach will pay.

Dr. Deepak Kumar Sahu, President & CEO, VARINDIA