Indian Companies Sluggish In Responding To Cyberattacks: Report

At a time when India is witnessing a string of cyberattacks, a latest study reveals how Indian companies take more time to respond to data breaches as compared to other countries.

The study by the US cyber tech firm CrowdStrike says that Indian companies’ average response time to cyber breaches is 9 days (222 hours) while globally companies on average take 7 days (162 hours).

The tech firm covered around 300 senior IT decision-makers and IT security professionals from India as part of a survey of 1,900 professionals across countries. The study reveals a lack of preparedness in dealing with online attacks in India.

The study also talks about how most organisations across the world are able to discover the identity of a ‘threat actor’ half way through their investigation whereas Indian organisations are able to zero down on the identity of the attacker only after 75% of the investigation process is completed.

According to the study, up to 97% of the Indian professionals surveyed said that cyberattacks sponsored by malicious and unfriendly countries posed a clear danger to companies, 43% of senior IT decision-makers from India said China was the country that they were most worried about when it came to the potential origin of a nation state-sponsored cyberattack. Interestingly, the global average for respondents calling China as a potential origin of attack was only 35%.

The tech firm recommends organisations to meet the 1-10-60 rule, which means detect within one minute, triage in 10 minutes and contain and remediate within 60 minutes. “Organisations are challenged to achieve the kind of speed required to match sophisticated nation-state and eCrime adversaries known to be targeting organisations, from governments to enterprises,” Thomas Etheridge, vice president of CrowdStrike Services told media.

Indian Startups That Suffered Cybersecurity Lapse In Recent Times

Bike-sharing startup Bounce was recently home to a vulnerability that could have allowed hackers to access the 2Mn users’ Bounceshare account and their sensitive information, such as driving license, selfies, phone number, or email addresses.

“A technical bug was detected in our system about a potential vulnerability to some user information. We immediately launched an investigation and fixed the bug to ensure that there is no risk to user data because of the identified bug,” CEO and cofounder of Bounce Vivekananda Hallekere told Inc42 after the attack.

Last month, Bengaluru-based edtech startup Vedantu also confirmed that it faced a data breach in the last week of September. Data of 687K Vedantu customers came under risk as the data breach allegedly exposed customer details including email and IP addresses and names. Previously, almost 1.3 Mn debit and credit card details were allegedly put up for sale on a website called Joker’s Stash. Media reports said that the database had details from various issuing banks and 98% of the leaked data belonged to Indian customers.

The most prominent one of all is the Pegasus spyware debacle. Phones of a group of journalists, lawyers, academics, writers and social activists were hacked through Facebook-owned WhatsApp by Israeli cyberarms firm, NSO Group, accused of deploying the spyware.

According to a Data Security Council of India (DSCI) report this year, India witnessed the second-highest number of cyber attacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.