Cyber criminals are targeting big corporations as the stakes are high there. Most of these big corporations pay little attention to the regulatory and cyber security requirements of different jurisdictions. For instance, a dominant majority of national and international e-commerce websites and technology companies are flouting the e-commerce laws of India and the cyber security requirements as applicable in India.
India cannot be lax regarding cyber security in India. There are numerous cyber security challenges before the Narendra Modi government that are still unresolved. The cyber security issues for the Modi government would not be easy to manage keeping in mind the messed position of Indian cyber security. However, Modi government is also open to engage private people to expand its expertise and this may change this sad cyber security position very soon. At present, the cyber security trends and ICT trends are showing a negative report about Indian initiatives in these fields.
Recently, the computer systems of EBay were attacked and compromised by unknown hackers. Joshua Rogers also detected SQL injection vulnerability in EBay’s sub domain. He intimated about this vulnerability to EBay that was grateful to him for exposing this vulnerability. Very soon EBay patched the vulnerability and publicly acknowledged the efforts of Joshua. This is best step that Ebay team has done after the recent cyber breach.
As per Cjnews India, Ebay initially downsized the incidence and its impact by stressing upon mere password change. However, things are not as casual and easy as Ebay has considered. Three U.S. States are investigating whether Ebay’s has committed any wrong by not reporting the matter in a timely manner.
In short, Ebay is under investigation to ascertain the effectiveness of its cyber security practices. This is not the first case of this type and this certainly would not be the last of its kind as well. For instance, Target Corporation was also cyber attacked in the past and as a result of that Target Corporation faced litigation threats around the world. Now EBay is also facing similar litigation threats.
There seems to some very serious policy level lapses in U.S. that is allowing the companies to go away with legal consequences. However, this would not help these U.S. companies in other jurisdictions and they are vulnerable to diverse forms of legal actions there.
According to New Delhi based ICT law firm Perry4Law, “U.S. companies cannot hide behind the veil of conflict of laws in cyberspace anymore. No company can know this much better than Google who is facing online defamation case in India and has to comply with the right to be forgotten in Europe. Now the Luxembourg and U.K. data-protection authorities may probe EBay regarding the cyber-attack that exposed passwords and personal information of consumers around the world, including India. Even Indian regulatory authorities may initiative an investigation against EBay to ensure that privacy rights and data of Indian citizens may not have been violated during the cyber breach”.
Now Ebay has decided to streamline its cyber security. However, this would not be enough as the damage has already been done. U.S. needs to set an example by investigating and challenging the cyber security practices of U.S. companies. Till big corporations are forced to follow the norms there would not be any change.
Indian government must also introduce cyber security disclosure norms as soon as possible as Indian cyber security is in a bad shape. As the cyber security breaches are increasing world over, India cannot afford to keep its cyber security lax.