3X increase in cyber-attacks results in increased budgets and attention on cyber security issues: ETILC Members
India reported 1.16 million cyber security cases in 2020, that’s 3X more than 2019, as per government data presented in parliament. Approximately, 3k cyber security-related issues were reported every day during the year. And the situation is not just alarming in India, but world over, including the United States.
Why Has This Happened
While the trend was already on the rise, Covid-19 has accelerated it. With WFH becoming the norm worldover the heavy dependence on technology was inevitable. In addition to that the increased adoption of 5G, interconnectedness of devices, new processes and procedures, updated employee profiles and less-controlled work environments - have all led to an increase in vulnerabilities.
"Budget allocation towards cyber security has been steadily increasing over the past few years owing to the increased threats and increasing awareness amongst IT & business leaders alike. The spend allocation has received a fillip in the pandemic and the numbers are falling between 10-12% incremental."
— Mathew Chacko, Founder & CEO, Precision Group
Hackers have been around for a long time and the first cybercrime occurred in the late 1970s. But over a period of time the nature of cyber-attacks has changed. From attacking individuals and demanding $100-$200/person a decade ago, cyber criminals in 2017 demonstrated that they could bring down entire institutions. Nation states were now involved, and it was far more impactful to attack corporate entities and governments. With large industries being attacked, federal agencies and politicians are now taking a stand on cyber-crime and that’s why there’s a sudden scramble to address the problem because ordinary people are being affected by this in much larger numbers than ever before.
"We follow the Least Privilege Principle while providing access. Unless there is a requirement, the storage rights are not provided on the local system to end users. Other principles and practices which are helpful are: purpose limitation, data minimization, storage limitation, deployment of EDR, multi-factor authentication, cloud proxy and authenticated scans on every machine."
— Vispi Palsetia, CIO, Teleperformance India
Cyber criminals are using social engineering, phishing, identity theft, spam emails, malware, ransomware and whaling to compromise their targets. Over the last few weeks there have been some major ransomware attacks in the US. The first big infiltration was at Colonial Pipeline, a major conduit of gas, jet fuel and diesel to the East Coast. And then there was J.B.S., one of the world’s largest beef suppliers. During the same time in India, Air India reported that hackers had compromised their servers and accessed the personal data of 4.5 million fliers. In March 2021, there was an attack on Pimpri-Chinchwad Municipal Corporation, Smart City project in Pune district, which is managed by Tech Mahindra.
Action By Corporate India
While there are no fool-proof measures to secure oneself against an attack, there are some basic hygiene factors, that if addressed can help companies keep their data secure.
However, most companies don’t even follow the basic practices. Even tech companies from Silicon Valley, compromise on safety as pushing out tech products fast is a priority. And thus, many are trading safety for speed. For things to change, a management buy-in is necessary. It’s a top-down approach that is necessary is integrating or deploying new frameworks or methodologies.
NSDL eGovernance Infrastructure Limited (NSDL eGov), which provides various eGovernance services on behalf of the government to the citizens of the country, says reviewing controls regularly is the key. In addition to that, continuous monitoring of data traffic and assessment of vulnerabilities is essential. And, finally spreading awareness on how customers can keep themselves safe is extremely important.
"Data theft or sabotaging services (denial of services) targeting critical infrastructure has a grave impact on ordinary residents. The situation worsens a lot more if it is falling in the category of cross-border espionage. The use of AI and ML is necessary for continuous monitoring with appropriate remedial actions."
— Suresh Sethi, MD & CEO, NSDL eGov
Trends in Cyber Security
Expleo Solutions, which provides end-to-end integrated engineering, quality services and management consulting for digital transformation says the below trends are becoming prominent in the cyber security space:
- Zero Trust Zero Access Architecture
- DevSecOps - Early Security Validation with continuous upstream security assurance
- AI/ML monitoring
- IoTm device, mobile and cloud security for Edge computing.
As a result of the above, top management is increasingly becoming involved with aspects of cyber security, devoting more time attention to how data can be kept secure. Over the last few years, this has also resulted in firms allocating more budgets towards security.
There is an increasing demand for cybersecurity and application security and verification solutions. The number of such new requirements has doubled in the last 12 months."
— Balaji Viswanathan, MD & CEO, Expleo Solutions Ltd
The Weakest Link
You are as strong as the weakest link and in matters of cyber security, it is the untrained employee who can be the biggest liability. Simpl, which is a mobile-first platform for credit card payments says it counters this risk by periodic training sessions for all employees to make them aware of phishing emails, social engineering attacks and how to promptly report them.
"Education about secure credentials and the use of password managers has become a central part of all teams. Apart from having a robust security team and aware employees, we also limit the amount of personal data collected from consumers while ensuring data encryption.At the policy level, regulations like Personal Data Protection Bill (PDB) 2019 helps companies build frameworks that help in secure storage of personal data and create provisions to safeguard in case of a data breach."
— Nityanand Sharma, Co-Founder & CEO, Simpl