Sophos a global leader in next-generation cybersecurity announced that more than 60% of Indian organizations, surveyed by Sophos for a new study of cybersecurity experiences in India, fell victim to a cyberattack during 2021.
The survey questioned cybersecurity leaders in Indian organizations with between 1,000 and 2,000 employees and found that many of the victim organization didn’t immediately realize they’d been hit. Just under one fifth (19%) of respondents surveyed said they discovered the attack within two weeks, but 22% took three to four weeks to realise they’d been targeted.
Even then, many only learned about the attack from an external source. While half said they’d discovered the attack when they were unable to access data or systems (21% overall) or were contacted by the attackers (19%), a significant 40% only realized they’d been targeted when they found their company data exposed online (17%) or were notified by customers (12%) or the media (11%).
Almost a quarter (23%) of victim organizations in the survey said it took more than a month for the organization to recover from the impact of the attack.
“Sophos’ survey shows that organizations in India are at significant risk of a cyberattack, including ransomware, which can have a far-reaching impact on customers, reputation and operations,” said Sunil Sharma, managing director – sales, Sophos India and SAARC. “In addition, many organizations may be under-prepared to detect and respond to an attack. According to the survey, attackers can remain in victim networks for weeks before being detected, and a considerable number of organizations learned of the attack from external sources after the damage was done.”
“As cyberattackers increasingly use legitimate and everyday IT tools and techniques to implement their attacks, being able to spot the warning signs that an attack is underway and acting fast to neutralize a threat are becoming harder than ever. Human-led, active threat hunting is now a key component of a defense-in-depth security strategy. And while it was encouraging to find that 80% of the cybersecurity leaders surveyed believe that threat hunting is an effective approach for strengthening their cybersecurity defenses, the survey findings suggest that some organizations may need support in putting that into practice. Fortunately, there are many external partners and service providers who can help to supplement in house resources and skills with effective threat detection, investigation and response.”
Tech Research Asia (TRA) conducted the survey for Sophos and questioned cybersecurity leaders in 500 Indian organisations with between 1,000 and 2,000 employees.