India’s menacing cybersecurity risks

Over these years, we have witnessed the immense advancements this country has made in IT. Our tech industry is growing in all the different avenues and has become a point of interest for investors. Internet of Things, Artificial Intelligence, and Cloud Computing has made technology even more fascinating. These fields have paved the way for innovation in various fields. But, as the world becomes more connected, there are also increased risks associated with this.

With these advancements, many vulnerabilities have also come into the light. There has been an increase in cyber attacks in recent years. Not only does this result in data loss, but it also leads to financial losses and loss of valued customers. Cyber attacks also affect the brand image of a company, making it lose its market value as well. Not always the case though. Take the example of Facebook’s market value and how it increased right after the Cambridge Analytica scandal. But, that’s just a rarity!

It cannot be stressed enough that cybersecurity is becoming a necessity to maintain a company’s security. This is why more companies in India are shifting their focus to invest in cybersecurity.

What is cybersecurity?

Cybersecurity is a term concerning a variety of software and hardware which includes servers, mobile phones, networks, and data. The term can refer to network security, application security, operational security, informational security, and others.

Cybersecurity involves avoidance of risks from malware such as viruses, hackers, and other threats. It refers to making your systems secure and operational. Most cyber attacks involve data exploitation for material gains. Because of emerging fields such as the Internet of Things, all digital devices are connected to the internet. As more and more devices are now interconnected, cyber attacks are getting easier to pull off.

Cyberattack cases

However, India’s cybersecurity is far from perfect. In fact, it ranks among the countries that have the worst cybersecurity measures in place. Several incidents have occurred over the past years such as the SIM card fraud, breach in data of Andhaar ID card holders among others. Hindustan Times reported that there has been an 18% rise in cyberattack cases in 2018. Most of the cyber attacks were directed towards power plants, oil refineries, and oil and gas pipelines.

All over the world, the frequency of cyber attacks has increased. According to a survey by Sophos, about 76% of Indian businesses were hit by cyberattacks in 2018 alone. The report, titled 7 Uncomfortable Truths of Endpoint Security, also sheds light on how much time it took for organizations to detect the environment for an attack. The average time was 13 hours, while for India this time was 14 hours, 1 hour above the average.

Another report by Microsoft and Frost and Sullivan says that cybersecurity threats can cost organizations in India as much as US$10.3 million in economic losses. Cyber attacks are becoming more frequent in India because there is a lot of money to be gained from it. SIM swap frauds have become common in India. People involved in the crime lure innocent people by asking them to provide personal information which can be used to steal money. Many cases have emerged where they have been deceived and lost a hundred thousand rupees as a result. In one case, a man based in Pune lost Rs. 93.5 Lacs.

This is just a single example of how individuals or group of people target civilians. However, cybercrime can take the form of an organized attack that targets corporations and businesses. In this case, cyber attacks can cause more damage because the loss of data can lead these companies to lose not only money but their clients, too.

Professional hackers and state-sponsored cybercriminals are usually the cause of these mass-scale cybersecurity attack. These individuals or organizations aim to conduct an attack for economic, political, or financial gains.

Other than the Indian businesses facing cyber risks and threats, the government, military, and civilians also face such threats. This is why India needs to invest in cybersecurity in various sectors.

Are Indian companies prepared for cyber attacks or not?

According to EY Global Information Security Survey 2018-2019 (India Edition), 81% of Indian companies do not have a budget allocated for cybersecurity. The report also says that 56% of organizations consider cybersecurity as an integral part of maintaining security.

EY GISS reports that an Indian bank lost Rs. 944 million after hackers installed malware on its ATM servers which resulted in unauthorized cash withdrawal.

National Association of Software and Services Companies (NASSCOM) says, “India is one of the most vulnerable nations in the world when it comes to cyber-attacks.” With the rising demand for cybersecurity in India, it is reported that it would create employment for about a million people in India. Hence, there is a gap in demand and supply of resources.

Market shares in the cybersecurity are expected to rise, whether in the form of products, services, research, and development. Global News Wire reports that the global market share in cybersecurity is expected to rise to US$ 181.77 billion by 2021.

Risks to cybersecurity have become a cause for concern for organization and countries. The explains why governments around the world are actively investing in this.

For companies to be better prepared for cyber threats and risks, there needs to be an awareness of system vulnerabilities and cybersecurity measures.

According to a report, Cyber Security in India, there are certain challenges that India face when it comes to adopting cybersecurity measures. The number one reason is that the country lacks a national-level architecture for establishing cybersecurity. The infrastructure is owned by the public and the private sector. Each has its own architecture and its own set of protocols. This can make it difficult for organizations to determine the level of threat and take action collectively in the case of a cyber attack. It prevents these organizations to cooperate and coordinate an action plan.

There is also a lack of trained individuals in the field of cybersecurity. Although the country produces many skilled individuals in the field of IT, there is little specialized training in the field of cybersecurity. The lack of awareness of cybersecurity is a major obstacle in the adoption of security methods.

What should organizations do?

Organizations need to make an effort in improving their security. Apart from changes to the security framework, organizations can hire help from ethical hackers. Ethical hackers are people who find vulnerabilities in your security system so that an organization could improve their cybersecurity.

Apart from this, there are certain practices that all IT organizations can implement. They could use password policies to strengthen passwords that are used in offices. They can spread awareness among employees about taking precautions when dealing with passwords and sensitive information. Furthermore, they can also use encryption techniques to protect company data including communication that occurs within the offices.

It is recommended that organizations invest in a cyber-insurance policy as well. This can help companies in recovering losses in case of a data breach.

There is no doubt that there is a need for cybersecurity measures at both individual and organizational levels. Companies need to employ security measures that protect data and regularly update their software and hardware as cyber attacks become more sophisticated.