131 percent increase in viruses targeted towards remote workers: Fortinet

Introduction

In July 2025, the Digital Trust & Safety Partnership (DTSP) achieved a significant milestone with the formal acceptance of its Safe Framework Specification as an international standard, ISO/IEC 25389. This is the first globally recognised standard that is exclusively concerned with guaranteeing a secure online experience for the general public's use of digital goods and services.

Significance of the New Framework

Fundamentally, ISO/IEC 25389 provides organisations with an organised framework for recognising, controlling, and reducing risks associated with conduct or content. This standard, which was created under the direction of ISO/IEC's Joint Technical Committee 1 (JTC 1), integrates the best practices of DTSP and offers a precise way to evaluate organisational maturity in terms of safety and trust.  Crucially, it offers the first unified international benchmark, allowing organisations globally to coordinate on common safety pledges and regularly assess progress.

Other Noteworthy Standards and Frameworks

While ISO/IEC 25389 is pioneering, it’s not the only framework shaping digital trust and safety:

• One of the main outcomes of the United Nations’ 2024 Summit for the Future was the UN's Global Digital Compact, which describes cross-border cooperation on secure and reliable digital environments with an emphasis on countering harmful content, upholding online human rights, and creating accountability standards. 
• The World Economic Forum’s Digital Trust Framework defines the goals and values, such as cybersecurity, privacy, transparency, redressability, auditability, fairness, interoperability and safety, implicit to the concept of digital trust. It also provides a roadmap to digital trustworthiness that imbibes these dimensions. 
• The Framework for Integrity, Security and Trust (FIST) launched at the Cybereace Summit 2023 at USI of India in New Delhi, calls for a multistakeholder approach to co-create solutions and best practices for digital trust and safety.
• While still in the finalisation stage for implementation rollout, India's Digital Personal Data Protection Act, 2023 (DPDP Act) and its Rules (2025) aim to strike a balance between individual rights and data processing needs by establishing a groundwork for data security and privacy.
• India is developing frameworks in cutting-edge technologies like artificial intelligence. Using a hub-and-spoke model under the IndiaAI Mission, the AI Safety Institute was established in early 2025 with the goal of creating standards for trustworthy, moral, and safe AI systems. Furthermore, AI standards with an emphasis on safety and dependability are being drafted by the Bureau of Indian Standards (BIS). 
• Google's DigiKavach program (2023) and Google Safety Engineering Centre (GSEC) in Hyderabad are concrete efforts to support digital safety and fraud prevention in India's tech sector.

What It Means for India

India is already claiming its place in discussions about safety and trust around the world. Google's June 2025 safety charter for India, for example, highlights how India's distinct digital scale, diversity, and vast threat landscape provide insights that inform global cybersecurity strategies. 

For India's digital ecosystem, ISO/IEC 25389 comes at a critical juncture. Global best practices in safety and trust are desperately needed as a result of the rapid adoption of digital technologies, including the growth of digital payments, e-governance, and artificial intelligence and a concomitant rise in instances of digital harms. Through its guidelines, ISO/IEC 25389 provides a reference benchmark that Indian startups, government agencies, and tech companies can use to improve their safety standards.

Conclusion 

A global trust-and-safety standard like ISO/IEC 25389 is essential for making technology safer for people, even as we discuss the broader adoption of security and safety-by-design principles integrated into the processes of technological product development. India can improve user protection, build its reputation globally, and solidify its position as a key player in the creation of a safer, more resilient digital future by implementing this framework in tandem with its growing domestic regulatory framework (such as the DPDP Act and AI Safety policies).

References 

• https://dtspartnership.org/the-safe-framework-specification/
• https://dtspartnership.org/press-releases/dtsps-safe-framework-published-as-an-international-standard/?
• https://www.weforum.org/stories/2024/04/united-nations-global-digital-compact-trust-security/?
• https://economictimes.indiatimes.com/tech/technology/google-releases-safety-charter-for-india-senior-exec-details-top-cyber-threat-actors-in-the-country/articleshow/121903651.cms? 
• https://initiatives.weforum.org/digital-trust/framework 
• https://government.economictimes.indiatimes.com/news/secure-india/the-launch-of-fist-framework-for-integrity-security-and-trust/103302090 

‍

Introduction

‍

युद्धे सूर्यास्ते युध्यन्तः समाप्तयन्ति, In ancient times, after the day’s battle had ended and the sun had set, warriors would lay down their arms and rest, allowing their minds and bodies to recover before facing the next challenge, and giving warriors time to rest and prepare mentally and physically for the next day. Today, as we remain endlessly connected to work through screens and notifications, the Right to Disconnect bill seeks to restore that same rhythm of rest and renewal in the digital age. By giving individuals the space to disconnect, it aims to restores balance, protects psychological health, and acknowledges that human resilience is not limitless, even in a world dominated by technology.

The Right to Disconnect Bill, 2025, was recently introduced in the lower house of Parliament during the winter session, which began on 1st December 2025, as a private member’s bill by Ms. Supriya Sule, Lok Sabha MP.

‍

Understanding the Psychology Behind the Proposed Right to disconnect Bill

‍

The purpose of this law is based on neuroscience for humans. When workers are always in a state of being "always on", the situation of their bodies gets to the chronic stress response state where they are getting overwhelmed with cortisol, which is the main human stress hormone. The constant vigilance that the body and mind are under forces the nervous system into always being in a state of sympathetic activation, while depriving it of the restorative (parasympathetic) states that are necessary for genuine recovery. Neuroscience studies show that 96% of heavy users of technology suffer from anxiety and lack of sleep due to technology. This phenomenon is known medically as "bytemares." The brain tries to attend to several things at once, and this way its cognitive capacity becomes thinner, so there is a reduction in focus, productivity is decreased, and the stress level is increased considerably.

Increasingly, the mental suffering that people get through is not only the physical and psychological aspects of it. The digital fatigue generated by the "always-on culture" getting chronic takes its toll on the emotional capacity of the staff, interrupts their sleep cycles (particularly depriving them of REM sleep), and leads to lower melatonin secretion.

Employees in such environments have a 23% increased chance of suffering from burnout, which the World Health Organisation defines as an occupational syndrome consisting of emotional exhaustion, depersonalization, and downgrading of performance. Mental health is the silent destruction that goes on without anyone noticing; the individuals who are affected show productive performance while their neuroendocrine systems are dying little by little.

Hence, the intent of the Indian legislature is clear, which is to prioritize the human dimension, allowing employees, the warriors of the digital age, to pause and recover, fostering work‑life balance without compromising commitment or productivity, and reflecting a thoughtful, humane approach in the modern technology driven world. 

The proposed Right to Disconnect Bill takes position as a law that can greatly help with the mental health of employees and therefore keep them healthy. The bill allows employees to legally disconnect from electronic communication related to their jobs outside of the working hours set by the employer; this way, it recognises more or less that the human brain was never meant to be always connected.

‍

The Need for Digital Detox from a Scientific Perspective

‍

Digital detoxification is the process through which the brain resets its dopamine receptors, hence stopping the process of instant gratification that is constantly reinforced through notifications. The employees who cut off their connection can focus better, remain emotionally stable, and lead healthier lives, the effect of which is measurable. Not only on single persons, but also the World Health Organisation, through its studies, has declared that mental health interventions in workplaces can yield a return of 4:1 on investment through increased productivity and decline in absenteeism.

‍

Digital Detox: Structured Disconnection, Not Digital Rejection

‍

One of the most important aspects of the proposed bill is the acknowledgment of digital detox as a supportive tool. However, it is very important to note that digital detox does not mean completely cutting off technology. It is the rule-based disengagement that brings back cognitive balance. Measures like limiting notifications after work hours, protecting weekends and holidays from routine communication and creating offline time zones facilitate the brain's resetting process. Psychological studies associate such practices with better concentration, emotional control, sleep quality and finally productivity in the long run. The initiative of having digital detox centres and offering counselling services is an indication that the issue of overexposure is not just a matter of personal lack of discipline, but rather a problem of modern working designs.

‍

Positioning Mental Well-Being as Core 

‍

The fundamental aspect of the bill is based on the constitutional assurance provided by Article 21 (Constitution of India), the Right to Life and personal Liberty, which has been interpreted by the courts to cover health of mind and body as well as time for leisure. This law reform grants a right to not be available at work, which means that employers will not be able to require constant availability at work without suffering legal consequences. The Right to Disconnect Bill finally illustrates society's unanimity that, amidst our digital age, mental well-being protection is no more a nice-to-have it is a must-have. The bill permits the guarding of the recovery periods, and at the same time, it recognises that the productivity that is sustainable comes from employees who are rested and mentally healthy, not from the constantly depleted workforce in the digital chains.

‍

The psychological Rationale

‍

Psychological analysis indicates that this always-on condition impacts productivity in measurable ways. The human brain may get overloaded to distinguish between important and unimportant information due to the uninterrupted flow of alerts and communications. The whole process leads to a situation, continuous exposure to alerts diminishes the ability to notice the really important events thus allowing the critical ones to go unnoticed. Burnout results as a natural consequence. Research shows that the psychological state resulting from digital overstimulation is anxiety, sleep problems, tiredness, and inability to focus. 

‍

Work Culture in the Cybersecurity Realm and Analysis of the Right to Disconnect

‍

Although every sector today demands high productivity and significant commitment from its workforce, the Cybersecurity professionals, IT engineers, SOC analysts, incident responders, cyberseucrity researchers, cyber lawyers and digital operations teams are often engage in 24x7 loop because they deal with uniquely critical responsibilities, if ignored or delayed, can compromise sensitive systems, data integrity, and national security. 

It is notable that the flow of activities has been silently but significantly changing the paradigm. Availability has replaced accountability, and often responsiveness is regarded as performance. The “on duty” and “off duty” line blurs when a client escalation or a suspected breach alert calls the phone at midnight. This way, an unspoken rule develops that the worker has to be reachable irrespective of the time as being reachable has become part of the job.

In India, the 48-hour work week that is already among the world's most demanding has been made even more intense by digital connectivity. The work intensity of remote and hybrid models has further crossed spatial and temporal boundaries producing a psychologically endless workday. Hence, the cyber workforce lives in a constant state of low-grade alertness, i.e., never fully sleeping, never fully offline. For professionals working in cyber security, this issue of wellbeing is not just a personal issue but also a business issue. Mental fatigue may lead to poor decision making, slower response time in case of incidents, and more errors being made unintentionally  by people.

Hence comes the relevance of the proposed Right to Disconnect bill, Implementing it in the cybersecurity realm may require employers to plan for additional task forces so that productivity remains unaffected, while ensuring that employees receive the rest and balance they need. This approach not only protects mental well‑being but also creates opportunities for new roles, distributes workloads fairly, and strengthens the overall resilience and efficiency of the organization.

‍

Legislature Intent - The Right to Disconnect as a preventive control

‍

In this scenario, the Right to Disconnect Bill, 2025, which was presented in the Lok Sabha as a private member's bill, can be seen as a precautionary measure in the digital risk ecosystem instead of merely as a employee welfare initiative. It intends to create legally enforceable lines of demarcation between the demands of a job and one's personal life. The bill provisions, like the right not to answer work calls and texts after office hours, protection from being fired, pay for overtime, and agreed-upon emergency protocols, are all tools to set new norms rather than to impose restrictions on the output. 

This can be seen as security logic that has been established in the cyber governance sphere. Even the best systems require planned downtimes for patching, upgrading, and recovery. Humans cannot be treated differently. Loss of operation without recovery will only increase the likelihood of failure. The Right to Disconnect works as a human-layer security, which reduces the risk of incidents caused by fatigue and burnout among employees.

‍

The Legislative Recognition of Human Needs

‍

The Right to Disconnect Bill is a landmark change of thinking, moving from the perception of disconnection as unprofessional to the acknowledgement of it as a basic requirement for human dignity and health. The Indian legislation, which was passed through a private member's bill, clearly defines the limits of professional and personal time. By providing the employees with the legal right to disconnect, the bill affirms what psychological science has been telling us for a long time: people need real breaks to be at their best.

‍

Conclusion

‍

The Proposed Right to Disconnect Bill, 2025, is a progressive move in law, which, among others confirms that a digital world, constant connectivity may undermines both individual health and company/orgnisation’s buisness continuity. A balanced approach is essential, with clearly agreed-upon emergency norms to guide situations where employees may need to work extra hours in a reasonable and lawful manner. It recognises that people are the backbone of the digital ecosystem and need time off to work effectively and securely. In a connected economy, protecting mental bandwidth is as crucial as protecting technical networks, making the Right to Disconnect a key element of sustainable resilience. 

From a cybersecurity perspective, no secure digital future can emerge from exhausted minds. A strong digital and cyber‑India will have laws like the Right to Disconnect Bill, signaling a shift in policy thinking. This law moves the burden from individuals having to adapt to always-on technologies onto systems, organisations, and governance structures to respect human limits. By recognising mental well-being as an essential factor of employee’s wellbeing, the bill reinforces that resilient work ecosystems depend not only on robust infrastructure and controls but also on well-rested, focused, and secure individuals.

‍

References

• https://www.shankariasparliament.com/blogs/pdf/right-to-disconnect-bill-2025
• https://ijlr.iledu.in/wp-content/uploads/2025/04/V5I653.pdf
• https://timesofindia.indiatimes.com/education/news/no-calls-and-emails-after-office-hours-right-to-disconnect-bill-introduced-in-lok-sabha-to-set-workplace-boundaries/articleshow/125806984.cms
• https://www.hindustantimes.com/india-news/what-is-right-to-disconnect-bill-introduced-in-lok-sabha-and-can-it-clear-parliament-101765025582585.html

‍

Introduction

In the wake of the Spy Loan scandal, more than a dozen malicious loan apps were downloaded on Android phones from the Google Play Store, However, the number is significantly higher because they are also available on third-party marketplaces and questionable websites. 

Unmasking the Scam

When a user borrows money, these predatory lending applications capture large quantities of information from their smartphone, which is then used to blackmail and force them into returning the total with hefty interest levels. While the loan amount is disbursed to users, these predatory loan apps request sensitive information by granting access to the camera, contacts, messages, logs, images, Wi-Fi network details, calendar information, and other personal information. These are then sent to loan shark servers.

The researchers have disclosed facts about the applications used by loan sharks to mislead consumers, as well as the numerous techniques used to circumvent some of the limitations imposed on the Play Store. Malware is often created with appealing user interfaces and promotes simple and rapid access to cash with high-interest payback conditions. The revelation of the Spy Loan scandal has triggered an immediate response from law enforcement agencies worldwide. There is an urgency to protect millions of users from becoming victims of malicious loan apps, it has become extremely important for law enforcement to unmask the culprits and dismantle the cyber-criminal network.

Aap’s banned: here is the list of the apps banned by Google Play Store :

• AA Kredit: इंस्टेंट लोन ऐप (com.aa.kredit.android)
• Amor Cash: Préstamos Sin Buró (com.amorcash.credito.prestamo)
• Oro Préstamo – Efectivo rápido (com.app.lo.go)
• Cashwow (com.cashwow.cow.eg)
• CrediBus Préstamos de crédito (com.dinero.profin.prestamo.credito.credit.credibus.loan.efectivo.cash)
• ยืมด้วยความมั่นใจ – ยืมด่วน (com.flashloan.wsft)
• PréstamosCrédito – GuayabaCash (com.guayaba.cash.okredito.mx.tala)
• Préstamos De Crédito-YumiCash (com.loan.cash.credit.tala.prestmo.fast.branch.mextamo)
• Go Crédito – de confianza (com.mlo.xango)
• Instantáneo Préstamo (com.mmp.optima)
• Cartera grande (com.mxolp.postloan)
• Rápido Crédito (com.okey.prestamo)
• Finupp Lending (com.shuiyiwenhua.gl)
• 4S Cash (com.swefjjghs.weejteop)
• TrueNaira – Online Loan (com.truenaira.cashloan.moneycredit)
• EasyCash (king.credit.ng)
• สินเชื่อปลอดภัย – สะดวก (com.sc.safe.credit)
  

Risks with several dimensions

SpyLoan's loan application violates Google's Financial Services policy by unilaterally shortening the repayment period for personal loans to a few days or any other arbitrary time frame. Additionally, the company threatens users with public embarrassment and exposure if they do not comply with such unreasonable demands. 

Furthermore, the privacy rules presented by SpyLoan are misleading. While ostensibly reasonable justifications are provided for obtaining certain permissions, they are very intrusive practices. For instance, camera permission is ostensibly required for picture data uploads for Know Your Customer (KYC) purposes, and access to the user's calendar is ostensibly required to plan payment dates and reminders. However, both of these permissions are dangerous and can potentially infringe on users' privacy.

Prosecution Strategies and Legal Framework

The law enforcement agencies and legal authorities initiated prosecution strategies against the individuals who are involved in the Spy Loan Scandal, this multifaced approach involves international agreements and the exploration of innovative legal avenues. Agencies need to collaborate with International agencies to work on specific cyber-crime, leveraging the legal frameworks against digital fraud furthermore, the cross-border nature of the spy loan operation requires a strong legal framework to exchange information, extradition requests, and the pursuit of legal actions across multiple jurisdictions.

Legal Protections for Victims: Seeking Compensation and Restitution

As the legal battle unfolds in the aftermath of the Spy loan scam the focus shifts towards the victims, who suffer financial loss from such fraudulent apps. Beyond prosecuting culprits, the pursuit of justice should involve legal safeguards for victims. Existing consumer protection laws serve as a crucial shield for Spy Loan victims. These laws are designed to safeguard the rights of individuals against unfair practices.

Challenges in legal representation

As the legal hunt for justice in the Spy Loan scam progresses, it encounters challenges that demand careful navigation and strategic solutions. One of the primary obstacles in the legal pursuit of the Spy loan app lies in the jurisdictional complexities. Within the national borders, it’s quite challenging to define the jurisdiction that holds the authority, and a unified approach in prosecuting the offenders in various regions with the efforts of various government agencies.

Concealing the digital identities

One of the major challenges faced is the anonymity afforded by the digital realm poses a challenge in identifying and catching the perpetrators of the scam, the scammers conceal their identity and make it difficult for law enforcement agencies to attribute to actions against the individuals, this challenge can be overcome by joint effort by international agencies and using the advance digital forensics and use of edge cutting technology to unmask these scammers.

Technological challenges

The nature of cyber threats and crime patterns are changing day by day as technology advances this has become a challenge for legal authorities, the scammers explore vulnerabilities, making it essential, for law enforcement agencies to be a step ahead, which requires continuous training of cybercrime and cyber security.

Shaping the policies to prevent future fraud

As the scam unfolds, it has become really important to empower users by creating more and more awareness campaigns. The developers of the apps need to have a transparent approach to users.

Conclusion

It is really important to shape the policies to prevent future cyber frauds with a multifaced approach. Proposals for legislative amendments, international collaboration, accountability measures, technology protections, and public awareness programs all contribute to the creation of a legal framework that is proactive, flexible, and robust to cybercriminals' shifting techniques. The legal system is at the forefront of this effort, playing a critical role in developing regulations that will protect the digital landscape for years to come.

Safeguarding against spyware threats like SpyLoan requires vigilance and adherence to best practices. Users should exclusively download apps from official sources, meticulously verify the authenticity of offerings, scrutinize reviews, and carefully assess permissions before installation.

References

• https://www.bleepingcomputer.com/news/security/spyloan-android-malware-on-google-play-downloaded-12-million-times/#google_vignette

• https://www.gadgets360.com/apps/news/spyloan-malware-blackmail-extort-users-detected-play-store-4639194

• https://thehackernews.com/2023/12/spyloan-scandal-18-malicious-loan-apps.html

• https://www.the420.in/exposed-18-deceptive-loan-apps-google-play/