Over 44,000 people have been trained by 40 institutions, including IISc Bangalore and IITs, in formal and non-formal courses in Information Security through various initiatives undertaken for capacity building in cyber security, Parliament has been informed. “Under the Information Security Education and Awareness (ISEA) Project Phase-I (2005-2014), more than 44,000 candidates were trained in various formal/non-formal courses in Information Security through 40 institutions,” Minister of State for Electronics and IT K J Alphons said in a written reply to the Rajya Sabha.
He added that these institutes include IISc Bangalore, TIFR Mumbai, four IITs, 15 NITs, four IIITs, seven government engineering colleges and select centers of CDAC/NIELIT. “Around 100 government officials, covering NIC, ICERT, STQC, CDAC, NIELIT, ERNET, scientists from MeitY, etc were trained as Master Trainers in the area of Information Security,” he said.
The ISEA project phase-II project aims to train more than one lakh candidates in various formal/non-formal courses and more than 13,000 government officials by March 2020. The National Cyber Security Policy, 2013 envisages creation of a workforce of five lakh cyber security professionals through capacity building, skill development and training.
In response to another query, Alphons said a total of 71, 63 and 77 phishing incidents, affecting customers of financial organizations, were reported in 2015, 2016 and 2017, respectively, as per incidents reported to the Indian Computer Emergency Response Team (CERT-In).
In addition, 14 incidents affecting ATMs, cards, Point of Sale (PoS) systems and Unified Payment Interface (UPI) have been reported during the year 2017, he added. As per the information reported to and tracked by CERT-In, a total number of 44,679, 49,455, 50,362 and 53,081 cyber security incidents were observed during the year 2014, 2015, 2016 and 2017, respectively.
The types of cyber security incidents include phishing, scanning/probing, website intrusions and defacements, virus/malicious code, Denial of Service attacks, etc, Alphons said.
“Over a period, the nature and pattern of incidents are becoming more sophisticated and complex. In tune with the dynamic nature of IT continuous efforts are required to be made to detect and prevent cyber attacks,” he added.