The ‘Cyber Attacks’ Winter is Coming — straight for small firms in India Inc.

Cyber intrusions and attacks have increased exponentially over the last decade approximately, exposing sensitive information pertaining to people and businesses, thus disrupting critical operations, and imposing huge liabilities on the economy. 

Cybersecurity is a responsibility that employees and leaders across functions must shoulder simply because it is the gospel truth – you cannot protect what you cannot see. As organizations have shifted to the work-from-home model due to the outbreak of the COVID-19 pandemic, it’s increasingly important to keep your company’s data secure. 

While the pandemic has led to near or complete digitalization of operations amongst financial institutions, it’s also increased the potential for cyberattacks that lead to adverse financial, reputational, and/or regulatory implications for organizations. 

According to Accenture, cybercrime is said to cost businesses $5.2 trillion worldwide within five years. “With 43% of online attacks now aimed at small businesses, a favorite target of high-tech villains, yet only 14% prepared to defend themselves, owners increasingly need to start making high-tech security a top priority,” the report continues.

A recent McAfee study shows global cybercrime costs crossed US$1 trillion dollars in 2020, up almost 50% from 2018.

India too saw an exponential rise in cybersecurity incidents amid the coronavirus pandemic. Information tracked by the Indian Computer Emergency Response Team (CERT-In) showed that cybersecurity attacks saw a four-fold jump in 2018, and recorded an 89 percent growth in 2019.

The government has set up a Cyber Crisis Management Plan for countering cyber-attacks effectively, while also operating the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre)

Banks and Financial Institutions (FIs) are some of the highest targeted market sectors. An analysis by FitchRatings in collaboration with SecurityScorecard reveals that banks with higher credit ratings exhibited better cybersecurity scores than banks with lower credit ratings. 

Bharti Airtel’s chief executive officer for India, Gopal Vittal, in a letter to the telco’s 307.9 million subscribers, detailed out how Airtel is carrying out home delivery of SIM cards and cautioned subscribers from falling prey to cyber frauds. He cautioned them against the rapid rise in cyber frauds, highly likely via digital payments. “There has been a massive increase in cyber frauds. And as usual, fraudsters are always finding new ways to trick you,” he added in the letter. 

Barcelona-based Glovo, valued at over $1 billion, that delivers everything from food to household supplies to some 10 million users across 20 countries, came under attack recently when the “hacker gained access to a system on April 29 via an old administrator platform but was ejected as soon as the intrusion was detected”, according to the company.

The attack came less than a month after Glovo raised 450 million euros ($541 million) in funding. 

According to Kaspersky’s telemetry, close on the heels of coronavirus-led pandemic and subsequent lockdown in March 2020, saw a total number of meticulously planned attacks against remote desktop protocol (RDP) jumped from 93.1 million worldwide in February 2020 to 277.4 million 2020 in March — a whopping 197 percent increase. In India, the numbers went from 1.3 million in February 2020 to 3.3 million in March 2020. In July 2020, India recorded its highest number of cyberattacks at 4.5 million.

The recent data breach at the payment firm Mobikwik, affected 3.5 million users, exposing Know Your Customer (KYC) documents such as addresses, phone numbers, Aadhaar card details, PAN card numbers, and so on. The company, however, still maintains that there was no such data breach. It was only after the Reserve Bank of India’s intervention that Mobikwik got a forensic audit conducted immediately by a CERT-IN empaneled auditor and submitted the report. 

Security experts have observed a 500% rise in the number of cyber attacks and security breaches and a 3 to 4 times rise in the number of phishing attacks from March until June 2020.

These attacks, however, are not just pertaining to the BFSI sector, but also the healthcare sector, and the education sector.

Image Source: BusinessStandard.com

What motivates hackers to target SMBs? 

Hackers essentially target SMBs because it’s a source of easy money. From inadequate cyber defenses to lower budgets and/or resources, smaller businesses often lack strong security policies, cybersecurity education programs, and more, making them soft targets. 

SMBs can also be a ‘gateway’ to larger organizations. As many SMBs are usually connected electronically to the IT systems of larger partner organizations, it becomes an inroad to the bigger organizations and their data. 

How can companies shield themselves from a potential cyberattack: 

As a response to the rising number of attacks in cyberspace, the Home Ministry of India issued an advisory with suggestions on the prevention of cyber thefts, especially for the large number of people working from home. Organizations and key decision-makers in a company can also create an effective cybersecurity strategy that’s flexible for adaptation in a changing climate too. Here are a few use cases: 

• CERT-In conducted ‘Black Swan – Cyber Security Breach Tabletop Exercise’, in order to deal with cyber crisis and incidents emerging amid the COVID-19 pandemic, resulting from lowered security controls. 
• To counter fraudulent behavior in the finance sector, the government is also considering setting up a Computer Emergency Response Team for the Financial Sector or CERT-Fin.
• Several tech companies have come forth to address cybersecurity threats by building secure systems and software to mitigate issues like these in the foreseeable future. For example, IBM Security has collaborated with HCL Technologies to streamline threat management for clients through a modernized security operation center (SOC) platform called HCL’s Cybersecurity Fusion Centres. 

Some of the ways through which companies can mitigate potential risks include: 

• Informing users of hacker tactics and possible attacks
• Establish security rules, create policies, and an incident response plan to cover the entire gamut of their operations
• Basic security measures such as regularly updating applications and systems
• Following a two-factor authentication method for accounts and more

While these measures are some of the ways to be on top of your game in the cybersecurity space, they will also help in sound threat detection while helping gain better insights into attacks and prioritizing security alerts so that India is better prepared for an oncoming attack and battling any unforeseen circumstance that might result in huge loss of data, resources and more.