This year the government has been working on a cybersecurity strategy that aims to thwart the risk of data breaches, which has been considered a top priority since 2020. In light of a series of ransomware attacks concerning critical data that may have been compromised in recent months, experts and officials view these measures as imperative to protect against such attacks. 

There has been a recent breach of Solar India Industries Limited, which is a company that supplies defense-related equipment, and the All India Institute of Medical Sciences (AIIMS), which is a leading research and healthcare organization in the country, that was reported to be the work of attackers in the last couple months. 

One of the strategies is to assess the severity of several vertical segments of data breaches, according to a person familiar with the matter. As part of these mitigation measures, a national threat intelligence exchange is being set up. A malware repository is being created. Baseline audits are being conducted, and awareness events such as Cyber Week are being planned. 

There is a three-pronged strategy centered on people, processes, and technology. A prime example is the people vertical, which entails improving cyber hygiene so that more cybersecurity professionals are trained and increasing cyber hygiene education. 

The document contains recommendations for processes, a plan for managing cybercrime crises, a standard operating procedure, and a privilege system. This is to ensure that users are given the minimum access to the system. 

There is no need for firewalls to be installed, intrusion prevention systems to be installed, behavioral analysis tools to be installed, network segmentation to be created, and offline backups to be configured. 

According to one of the officials mentioned above, some of these investment areas have already been taken on by the government. 

Aside from the National Informatics Centre (NIC), the government is also looking to revamp the Department of Information and Communication Technology, which is responsible for storing most of the government's information, as well as providing IT solutions to the government. 

The Indian National Security Council Secretariat has been conceptualizing a policy for the past two years under the leadership of Lieutenant General Rajesh Pant. He is the head of the National Security Council Secretariat. An emerging threat in the technology sector is being addressed through a policy called the National Cyber Security Strategy, 2021. This policy identifies the need for a legislative framework to address this challenge. 

To better protect data and ensure that data breaches are reported and punished, the federal ministry of electronics and information technology is drafting a digital data protection bill to govern the process of reporting and penalizing data breaches. The former official mentioned above pointed out the need for a system of regular auditing systems to make sure that data breaches are minimized. He also pointed out that an overarching mechanism is in place to ensure this happens. 

Based on a response to a question in parliament, according to the answer to the question, there were 41,378 cyber security incidents in 2017 and 1,267,564 announced in 2022. 

The government also replied to a question in the context of cyberspace being anonymous, and borderless, and now incorporating different types of devices and services into it. It uses technological innovations and innovation to make it even more sophisticated and complex. 

CERT-In is a national nodal agency responsible for incident response in the country as well as collecting information on cyber incidents that occur to Indian users. Any data breach affecting Indian users must be reported to the Indian Computer Emergency Response Team. The ministry of electronics and information technology informed Parliament on November 16 that there were a total of 14, 6, and 22 incidents identified between the years 2020, 2021, and 2022 (until November) according to the information reported to CERT-In and tracked by it. 

It was also reported to Parliament that between June 2018 and March 2022, Indian banks reported 248 data breaches that resulted in the leak of card-related information from their systems. 

There is no single National Cyber Security Strategy that can be effective without the inclusion of robust resilience measures, which is the view of Supreme Court lawyer NS Nappinai, the founder of Cybersaathi. Consequently, it is only this kind of thing that can protect us in the event of a black swan occurring. There have always been and will always be cyber security threats, but what protects against attacks on critical infrastructure is to make sure they are anticipated and avoided and to have a recovery plan that is quick and simple, she explained further.