Could It companies of India able to take step against Cyberthreat in New Year?
Indian companies are yet to openly start talking about the cyber attacks, but a recent spate of vicious yet unreported strikes have raised the alarm, forcing companies to assess their vulnerability.
In 2015, two conglomerates reportedly paid $5 million (Rs 3.3 crore) each as extortion money after two separate attacks; the website of a large Indian bank was taken down in a ‘denial of service’ attack; two IT companies were breached by hackers based in China; a major oil and gas company lost confidential information through a cyberbreach, according to highly placed sources from consulting firms, investigative agencies and cybersecurity firms closely aware of the details of these attacks. All of these went unreported.
Experts say that the frequency and ferocity of cyber attacks will only go up in 2016, as economic progress invariably attracts more such predators.
“Going ahead, as the economic activities in India increase even hackers would increase the attention on the country,” said Sivarama Krishnan, leader, cybersecurity, at PwC India.
The most common type of attacks that Indian companies currently witness includes extortion based on cyber sabotage threats or denial-of-service (DDoS) attack.
In these attacks the cyber criminals flood the company’s system with fake traffic. As a result the company or customers (in case of websites) would not be able to access the systems. “I can’t reveal the name of the country (from where attacks were emanating) but we have seen India featuring on our list of likely targets several times,” Vitaly Kamluk, principal security researcher, APAC with software security group Kaspersky Lab, told ET.
But many companies are yet to understand the full danger of this threat.
“Most Indian companies currently are inadequately prepared for cyberattacks so much that they may not even know that they are being or have already been hacked,” said Dhruv Phophalia, managing director, India leader, global forensics and disputes, Alvarez & Marsal.
Industry trackers say that biggest sectors at risk include the BPO, e- commerce, media, banking and insurance. “The most vulnerable sectors remain those that traditionally have not made adequate investments in cybersecurity — such as manufacturing, life sciences, healthcare and public sector,” said Phophalia.
It’s not just Indian companies, global corporations too have succumbed to such attacks. Late in 2014, a hacker broke into Sony Pictures Entertainment’s systems, accessed loads of confidential information including employee data and unreleased Sony films and posted it online.
In 2014, a malware — named Tyupkin or Petpin — suspected to be developed by cyber criminals based out of Russia, caused ATM machines in Russia and Europe to spew out cash. Malaysia too witnessed similar attacks in 2015.
Experts at Kaspersky Lab, who investigated the event think similar attacks could happen on Indian banks as well. “There haven’t been similar (Tyupkin) attacks in India yet, but it’s just a matter of time,” said Kamluk of Kaspersky Lab.
“In India only 5% of the total threats or attacks come from organised criminals or are state owned, remaining 95% are related to user compromise due to weak passwords,” said Sivarama Krishnan, leader, cybersecurity, at PwC India. “For example, an employee at an oil and gas company was using his official email id and password for his Facebook account.
That password was compromised and some cyber criminals used it to access the company’s servers,” a person with direct knowledge of the incident said. Government websites have also recently been attacked by cyber criminals. While in many cases these attacks were limited to defacing websites, some of the attacks had tried to get in to servers of many government agencies too, say industry trackers.