The Indian Computer Emergency Response Team (CERT-In) recently reported that there have been over 313,000 reported cybersecurity incidents this year through the end of October. This is significantly higher than the number of attacks reported two years ago in 2017. These incidents included phishing attacks, network scanning/probing, malicious code, malware, and website hacking.
This increase in the number of cyberattacks is part of a growing trend across the world. As more connected devices come into use and more business is carried out on the internet, this trend is expected to continue. A recent cyberattack on the Kudankulam Nuclear Power Plant in Tamilnadu best exemplifies the changing threat landscape that has raised many questions for Indian organizations with regard to cyber threats facing their business operations and critical assets. When threat actors can penetrate the systems of such highly guarded critical infrastructure facilities, all organizations must take a step back and re-evaluate their own readiness against advanced cyber threats.
Impact On The Private Sector
Despite the growing number of cyberattacks, many companies often underestimate their cyber risks. The banking and financial services sector (BFSI) is often considered the most sensitive to cyberattacks due to the financial assets and sensitive information involved. Cybercriminals, however, don’t just aim to steal money from their targets. Besides financial gains, the motives behind cyberattacks can include theft of personal or business information, theft of intellectual property, hijacking or disruption of critical assets, conducting cyber espionage, nation-state attacks and more.
Notwithstanding the motivation behind the attacks, any damage to an organization’s business operations ultimately ends up hurting the bottom line just like any direct financial loss. The 2019 Asia Pacific CISO Benchmark Study by Cisco found that one in three Indian companies are facing huge financial losses due to security breaches. Moreover, 24% of the surveyed companies lost around $1 million or more in the past year. The study also revealed that almost 37% of companies in India suffered downtime of more than nine hours after a data breach.
Many important sectors of the economy such as manufacturing, professional services, healthcare, education, e-commerce, energy & power, telecom, transportation, etc., face growing risks from cyber threats. Let us take a look at some of the major risks facing various sectors of the economy.
- The manufacturing sector relies on a variety of small and large devices that perform parts of their operations. This can include many connected devices such as sensors, barcode readers, quality control systems, inventory management solutions, etc which often suffer from security flaws and provide minimal protection. Such connected devices are highly prone to malware infections such as botnets and can also be used as a gateway into their network.
- The healthcare industry possesses some of the most sensitive data of individuals that can be used for malicious purposes. The recent discovery of numerous unsecured PACS servers containing medical data of millions of patients has sparked concerns over the privacy and security of all patients. As more and more clinics and hospitals bring their systems online, the security of medical equipment and patients’ medical data will continue to be a major challenge.
- The BFSI sector often grabs headlines with unfortunate incidents of cyberattacks on banks and exposure of financial data. Attacks on ATM systems, SWIFT international fund transfer systems, ransomware attacks, etc are just some of the threats that have gained ground in recent years.
- The telecom sector operates a huge swathe of electronic devices in their infrastructure. This infrastructure includes their cell tower network, switching centers, software clients on end-user devices, backend systems, and administrative systems, and more. Maintaining the security, integrity, and availability of this infrastructure is not just an operational challenge, but also a major cybersecurity challenge. Cybercriminals can infect telecom systems to spread malware, propagate scams, or disrupt critical communications. Moreover, scammers also use automated calls with a computer voice to scam users.
- Energy & Power is yet another critical sector for any country. If the power grid or an oil refinery gets shut down even temporarily, it results in a tremendous loss for the economy. In recent years, several Advanced Persistent Threat (APT) groups have begun targeting such facilities through vulnerable Industrial Control Systems (ICS).
- The ecommerce sector is yet another prime avenue for cybercrime. Online shoppers are targeted through a wide range of payment frauds, phishing attacks, fake products, and more.
- Besides the private industry, government departments and agencies have also been a prime target for threat actors. As per data provided by CERT-In, 110 attacks on central ministries and 48 attacks on state government websites were observed last year through October.
Decluttering Security Operations
Many Indian organizations suffer from fundamental issues that negatively impact their cybersecurity posture. To this day, many large organizations face governance issues such as a lack of a designated top-level officer responsible for managing information security and data privacy issues. Without strong security leadership, it is difficult for organizations to effectively grasp their cyber risk, allocate necessary resources, and prioritize the right defensive measures.