Recent alleged cyber attacks on Mobikwik and ACER have placed a question mark on the data security in India. What’s more, they remind us that not only do cyber attacks result in monetary losses but also compromise data privacy, putting the economy and lives of many in danger.
In 2020, India witnessed highest number of cyber attacks after Japan in Asia-Pacific region, as per a report by IBM X-Force Intelligence Index. The report further suggested that India accounted for 7 percent of the total attacks in Asia.
Several risks including data leakage, phishing attacks, ransomware attacks are some of the common cyber threats plaguing Indians daily. Despite being the largest base of internet consumers, India continues to remain vulnerable to several national and international cyber-attacks.
What’s Making India Vulnerable?
While the drive for digitisation has been at the forefront of government initiatives over the last 7 years, cybersecurity is an area which is still nascent in terms of development.
Sharing his thoughts on this, Prasad T, Chief Information Security Officer, Instasafe told The Quint “Driven by COVID restrictions, most organisations have moved to the cloud today, while individual use of the internet has also increased exponentially. And given the somewhat fragmented cybersecurity regulations that govern the Indian cyberspace, there is a dire need for a defined set of guidelines that can help build a robust security strategy”.
“With the advent of organisations like CERT-In and DSCI, cybersecurity awareness has reached new heights, but there are still miles to go before India can be classified as a country with a robust cybersecurity posture,” he added.
Why Do We Still Face Cyber Attacks ?
The Indian digital space is not driven by strict regulation as compared to other foreign countries like USA, Europe and Canada. It becomes comparatively an easier task for attackers to exploit security loopholes against exposed network devices and addresses.
“India’s cyber footprint is huge, to say the least. This adds to the probability of getting hacked too. And when it comes to phishing attacks, cyber awareness and cyber hygiene are indispensable in maintaining a strong defensive posture against attacks of this kind,” said Prasad.
Siddharth Gandhi, COO Asia Pacific, 1Kosmos told The Quint that there are several reasons why companies often find themselves in troubled waters like when they keep their databases behind single, exploitable layers of security, and do not have enough measures in place to prevent a breach.
"When customers/employees start accessing enterprise resources from unsecured networks or personal devices, it puts the entire network at risk. In most cases, the point of entry / access is the target and once credentials are stolen, the chances of protecting the data is very low as the intent of cyberattack may vary from espionage, stealing IP or just ransomware," he added.
Rate of Cyber Attacks Increased During The Pandemic
Since the pandemic has driven institutions and individuals to expose their applications, devices and data over the internet to collaborate, this has resulted in an opportunity for cyber threats.
According to a report by Barracuda Networks , 74 percent of Indian IT decision-makers say their organisation has experienced a ransomware attack due to remote working conditions.
Speaking to The Quint, Murali Urs, Country Manager, India, Barracuda Networks said, “Since the outbreak of the COVID-19 virus, we have seen a serious escalation of cyber attacks worldwide. Organisations embraced the work-from-home model powered by digital transformation, which made distracted remote workers susceptible to mistakes of sending sensitive information to the wrong people”.
“Clearly, human errors continue to be the major vector in this evolving threat landscape post-pandemic. Fear and a sense of urgency are some of the most powerful vectors of human exploitation and until the pandemic recedes and people become less anxious about the threat it poses, more sophisticated cyber-threats using COVID-19 as a cover for performing malicious activities will continue to occur,” Murali added.
What Can be Done to Make Digital Space Safer?
In light of Mobikwik’s recent alleged data leakage where millions of users’ data was exposed, only a well-defined strong cybersecurity strategy can protect Indian citizens and companies.
Prasad believes that the country has a wide variety of users, software, operating systems and other technologies, though it’s hard to ensure that everyone spend on security to stay safe. It can be enforced only by the strict laws.
“Encourage organisations and IT teams to implement novel security measures to protect against the unseen attacks. Expose what must be exposed. Validate every configurations that have been put in place,” he suggests.
It’s important to have a complete asset inventory of the organisation handy. This means that security teams should have an all round view of who is accessing what, and these assets should go through regular audits to ensure that all the known vulnerabilities are patched.
Companies and governments need to move on from obsolete technologies and embrace disruptive technology that is in line with the new normal.
“Indian authorities can take a page from the books of the US Department of Defence, which is partnering with security giants to build a Zero Trust Strategy to secure its assets.”Prasad T, Chief Information Security Officer, Instasafe