#FactCheck-Fake Video of Mass Cheating at UPSC Exam Circulates Online

Introduction

The Digital Personal Data Protection (DPDP) Act, of 2023, introduces a framework for the protection of personal data in India. Data fiduciaries are the entity that essentially determines the purpose and means of processing of personal data. The small-scale industries also fall within the ambit of the term. Startups/Small companies and Micro, Small, and Medium Enterprises (MSMEs) while determining the purpose of processing of personal data in the capacity of ‘data fiduciary’ are also required to comply with the DPDP Act provisions. The obligations set for the data fiduciary will apply to them unilaterally, though compliance with this Act and can be challenging due to resource constraints and limited expertise in data protection. 

DPDP Act, 2023 Section 17(3) gives power to the Central Government to exempt Startups from being obligated to comply with the Act, taking into account the volume and nature of personal data processed. It is the nation's first standalone law on data protection and privacy, which sets forth strict rules on how data fiduciaries can collect and process personal data, focusing on consent-based mechanisms and personal data protection. Small-scale industries are given more time to comply with the DPDP Act. The detailed provisions to be notified in further rulemaking called ‘DPDP rules’.

Obligations on Data Fiduciary under the DPDP Act, 2023

The DPDP Act focuses on processing digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto. Hence, small-scale industries also need to comply with provisions aimed at protecting digital personal data.

The key requirements to be considered:

• Data Processing Principles: Ensuring that data processing is done lawfully, fairly, and transparently. Further, the collection and processing of personal data is only for specific, clear, and legitimate purposes and only the data necessary for the stated purpose. Ensuring that the data is accurate and up to date is also necessary. An important part is that the data is not retained longer than necessary and appropriate security measures are taken to protect the said data.
• Consent Management: Clear and informed consent should be obtained from individuals before collecting their personal data. Further, individuals have the option to withdraw their consent easily.
• Rights of Data Principals: Data principals (individuals) whose data is being collected have the right to Information, the right to correction and erasure of data, the right to grievance redressa, Right to nominate.the right to access, correct, and delete their personal data. Data fiduciaries need to be mindful of mechanisms to handle requests from data principals regarding their concerns.
• Data Breach Notifications: Data fiduciaries are required to notify the data protection board and the affected individuals in case a data breach has occurred.
• Appropriate technical and organisational measures: A Data Fiduciary shall implement appropriate technical and organisational measures to ensure effective observance of the provisions of this Act and the rules made thereunder.Cross-border Data Transfers: Compliance with regulations in relation to the transfer of personal data outside of India should be ensured.

Challenges for Small Scale Industries for the DPDP Act Compliance 

While small-scale industries have high aims for their organisational growth and now in the digital age they also need to place reliance on online security measures and handling of personal data, with the DPDP act in the picture it becomes an obligation to consider and comply with. As small-scale industries including MSMEs, they might face certain challenges in fulfilling these obligations but digital data protection measures will also boost the competitive market and customer growth in their business. Bringing reforms in methods aimed at better data governance in today's digital era is significant. 

One of the major challenges for small-scale industries could be ensuring a skilled workforce that understands and educates internal stakeholders about the DPDP Act compliances. This could undoubtedly become an additional burden.

Further, the limited resources can make the implementation of data protection, which is oftentimes complex for a layperson in the case of a small-scale industry, difficult to implement. Limitations in resources are often financial or human resources.

Cybersecurity, cyber awareness, and protection from cyber threats need some form of expertise, which is lacking in small enterprises. The outsourcing of such expertise is a decision that is sometimes taken too late, and some form of harm can take place between the periods by which an incident can occur.

Investment in the core business or enterprise many times doesn't include technology other than the basic requirements to run the business, nor towards ensuring that the data is secure and all compliances are met. However, in the fast-moving digital world, all industries need to be mindful of their efforts to protect personal data and proper data governance.

Recommendations 

To ensure the proper and effective personal data handling practices as per the provisions of the act, the small companies/startups need to work backend and frontend and ensure that they take adequate measures to comply with the act. While such industries have been given more time to ensure compliance, there are some suggestions for them to be compliant with the new law.

Small companies can ensure compliance with the DPDP Act by implementing robust data protection policies, investing in and providing employee training on data privacy, using age-verification mechanisms, and adopting privacy-by-design principles. Conduct a gap analysis to identify areas where current practices fall short of DPDP Act requirements. Regular audits, secure data storage solutions, and transparent communication with users about data practices are also essential. Use cost-effective tools and technologies for data protection and management.

Conclusion

Small-scale industries must take proactive steps to align with the DPDP Act, 2023 provisions. By understanding the requirements, leveraging external expertise, and adopting best practices, small-scale industries can ensure compliance and protect personal data effectively. In the long run, complying with the new law would lead to greater trust and better business for the enterprises, resulting in a larger revenue share for them.

References

• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1959161 
• https://www.financialexpress.com/business/digital-transformation-dpdp-act-managing-data-protection-compliance-in-businesses-3305293/ 
• https://economictimes.indiatimes.com/tech/technology/big-tech-coalition-seeks-12-18-month-extension-to-comply-with-indias-dpdp-act/articleshow/104726843.cms?from=mdr 

‍

Introduction

‍
As the calendar pages turn inexorably towards 2024, a question looms large on the horizon of our collective consciousness: Are we cyber-resilient? This is not a rhetorical flourish but a pragmatic inquiry, as the digital landscape we navigate is fraught with cyberattacks and disruptions that threaten to capsize our virtual vessels.

What, then, is Cyber Resilience? It is the capacity to prepare for, respond to, and recover from these cyber squalls. Picture, if you will, a venerable oak amid a howling gale. The roots, those unseen sinews, delve deep into the earth, anchoring the tree – this is preparation. The robust trunk and flexible branches, swaying yet unbroken, embody response. And the new growth that follows the storm's rage is recovery. Cyber resilience is the digital echo of this natural strength and flexibility.

The Need for Resilience

Why, you might ask, is Cyber Resilience of such paramount importance as we approach 2024? The answer lies in the stark reality of our times:

• A staggering half of businesses have been breached by cyberattacks in the past three years.
• The financial haemorrhage from these incursions is projected to exceed a mind-numbing $10 trillion by the end of 2024.
• The relentless march of technology has not only brought innovation but also escalated the arms race against cyber threats.
• Cyber resilience transcends mere cybersecurity; it is a holistic approach that weaves recovery and continuity into the fabric of digital defenses.
• The adaptability of organisations, often through measures such as remote working protocols, is a testament to the evolving strategies of cyber resilience.

• The advent of AI and Machine Learning heralds a new era of automated cyber defense, necessitating an integrated framework that marries security with continuity protocols.
• Societal awareness, particularly of social engineering tactics, and maintaining public relations during crises are now recognised as critical elements of resilience strategies.
• Cyber threats have evolved in sophistication, paralleling the intense competition to develop new AI-driven solutions.
• As we gaze towards the future, cyber resilience is expected to be a prominent trend in both business and consumer technology sectors throughout 2024.

The Virtues 

The benefits of cyber resilience for organisations are manifold, offering a bulwark against the digital onslaught:

• A reduction in the risk of data breaches, safeguarding sensitive information and customer data.
• Business continuity, ensuring operations persist with minimal disruption.
• Protection of reputation, as companies that demonstrate effective cyber resilience engender trust.
• Compliance with data protection and privacy regulations, thus avoiding fines and legal entanglements.
• Financial stability, as the costs associated with breaches can be mitigated or even prevented.
• Enhanced customer trust, as clients feel more secure with companies that take cybersecurity seriously.
• A competitive advantage in a market rife with cyber threats.
• Innovation and agility, as cyber-resilient companies can pivot and adapt without fear of digital disruptions.
• Employee confidence, leading to improved morale and productivity.
• Long-term savings by sidestepping the expenses of frequent or major cyber incidents.

As the year wanes, it is a propitious moment to evaluate your organisation's cyber resilience. In this edition, we will guide you through the labyrinth of cyber investment buy-in, tailored discussions with stakeholders, and the quintessential security tools for your 2024 cybersecurity strategy.

How to be more Resilient 

Cyber resilience is more than a shield; it is the preparedness to withstand and recover from a cyber onslaught. Let us explore the key steps to fortify your digital defenses:

• Know your risks: Map the terrain where you are most vulnerable, identify the treasures that could be plundered, and fortify accordingly.
• Get the technology right: Invest in solutions that not only detect threats with alacrity but also facilitate rapid recovery, all the while staying one step ahead of the cyber brigands.
• Involve your people: Embed cybersecurity awareness into the fabric of every role. Train your crew in the art of recognising and repelling digital dangers.
• Test your strategies: Regularly simulate incidents to stress-test your policies and procedures, honing your ability to contain and neutralise threats.
• Plan for the worst: Develop a playbook so that everyone knows their part in the grand scheme of damage control and communication in the event of a breach.
• Continually review: The digital seas are ever-changing; adjust your sails accordingly. Cyber resilience is not a one-time endeavour but a perpetual commitment.

Conclusion 

As we stand on the precipice of 2024, let us not be daunted by the digital storms that rage on the horizon. Instead, let us embrace the imperative of cyber resilience, for it is our steadfast companion in navigating the treacherous waters of the cyber world. Civil Society Organizations such as ‘CyberPeace Foundation’ playing a crucial role in promoting cyber resilience by bridging the gap between the public and cybersecurity complexities, conducting awareness campaigns, and advocating for robust policies to safeguard collective digital interests. Their active role is imperative in fostering a culture of cyber hygiene and vigilance.

References 

• https://www.loginradius.com/blog/identity/cybersecurity-trends-2024/
• https://ciso.economictimes.indiatimes.com/news/ciso-strategies/cisos-guide-to-2024-top-10-cybersecurity-trends/106293196

Executive Summary:

Several videos claiming to show bizarre, mutated animals with features such as seal's body and cow's head have gone viral on social media. Upon thorough investigation, these claims were debunked and found to be false. No credible source of such creatures was found and closer examination revealed anomalies typical of AI-generated content, such as unnatural leg movements, unnatural head movements and joined shoes of spectators. AI material detectors confirmed the artificial nature of these videos. Further, digital creators were found posting similar fabricated videos. Thus, these viral videos are conclusively identified as AI-generated and not real depictions of mutated animals.

‍

Claims:

Viral videos show sea creatures with the head of a cow and the head of a Tiger.

Fact Check:

On receiving several videos of bizarre mutated animals, we searched for credible sources that have been covered in the news but found none. We then thoroughly watched the video and found certain anomalies that are generally seen in AI manipulated images.

Taking a cue from this, we checked all the videos in the AI video detection tool named TrueMedia, The detection tool found the audio of the video to be AI-generated. We divided the video into keyframes, the detection found the depicting image to be AI-generated.

In the same way, we investigated the second video. We analyzed the video and then divided the video into keyframes and analyzed it with an AI-Detection tool named True Media.

It was found to be suspicious and so we analyzed the frame of the video.

The detection tool found it to be AI-generated, so we are certain with the fact that the video is AI manipulated. We analyzed the final third video and found it to be suspicious by the detection tool.

The detection tool found the frame of the video to be A.I. manipulated from which it is certain that the video is A.I. manipulated. Hence, the claim made in all the 3 videos is misleading and fake.

Conclusion:

The viral videos claiming to show mutated animals with features like seal's body and cow's head are AI-generated and not real. A thorough investigation by the CyberPeace Research Team found multiple anomalies in AI-generated content and AI-content detectors confirmed the manipulation of A.I. fabrication. Therefore, the claims made in these videos are false.

• Claim: Viral videos show sea creatures with the head of a cow, the head of a Tiger, head of a bull.
• Claimed on: YouTube
• Fact Check: Fake & Misleading

‍

‍