The recent surge in hacker activity in India comes in light of heightened geopolitical tensions at the nations’ border. International hacker groups are targeting crucial infrastructures of the country like power grid, transportation, defence, telecom, manufacturing plants, and pharma industries. Here are some comments on how India needs to work on its cyber infrastructure and assure that attacks will not be able to evade the country’s security system.
Vikas Bhonsle, CEO at Crayon India
“Cyberattacks are nothing new and have existed for decades now and India is no different as it is among the top 5 most targeted countries for Cyberattacks. With the awakening of COVID, hackers got a golden opportunity to make their entry known. Accordingly to security experts, India saw a rise in Cyber security attacks and breaches, this was more during the nationwide lockdown.
With India being subjugated to these cyberattacks speaks volumes about the vulnerable cyber landscape of our country. Launching cyberattacks is cheap, easy and effective. These attacks are meticulously planned and attempted. Modern hackers utilise thousands of different methods and techniques to access information, material and pretty much anything they can get their hands on – generally, these actions will have very negative results for the organisation being attacked – especially if the attack is successful and particularly if it is not even noticed. While the need of the hour is to enable crisis response on looming cyber threats, in the medium-term, cybersecurity professionals stand an opportunity to build trust through collaboration in the accelerated digital transformation that businesses will undergo.
It is already predicted that by 2020, cybercrime will increase for the worse. The cyberattack, especially in the form of ransomware, is inevitable. Any organisation that has sensitive data or is dependable on real-time computation will be targets of organized breaching. Even a negligible looking loophole in the systems and network can give in to ransomware. This usually leads to data breach that costs time, money, and damages an organisations reputation and can lead to fines. Majority of business will need to increase focus and resource capacity to deal with data, information and technical security.
Amongst the first few things that needs immediate attention on a security perspective is that people in the organisation must be trained to utilise and understand the digital assets. There must be the right control on every device and system that are connected.”
Gurpreet Singh, Managing Director at Arrow PC Network Pvt Ltd (Titanium Partners – Dell Technologies)
“India has experienced a major cyberattack on thousands of resources including infrastructure, information and banking making India’s cybersecurity structure vulnerable. This is a major security concern and India should take immediate action to save its sensitive information from cyber threat actors. Organizations must have multilevel authentication for accessing the data in which a user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism and only known networks should be accessed.
All software patches should be updated to the latest version to ensure the highest level of security. The data stored with telecom and internet service providers are sensitive and hence service providers should take necessary steps to safeguard the network security. There must be zero trust service activated on all sensitive resources and they must authenticate every user accessing the data from inside or outside the network. No access should be provided without verifying the user. Organizations must install a robust firewall to monitor network traffic and Enterprise Data Manager (EDM) security.
Systems need to be audited and verified by cyber security experts. It is not just organizations; individual users must also be educated about phishing which is one of the most common methods of cyberattack used against common people to steal sensitive data. Netizens must maintain suitable security at all levels to ensure that their data, network and applications are secured. Users should not only focus on securing their data but must also have a recovery plan in place if such an incident occurs. Data is the new power and an essential part of the world hence data protection must be prioritized at all cost.“
Shibu Paul, Vice President – International Sales at Array Networks
“Post COVID-19 pandemic, the cyber-attacks against India has surged, especially due to work from home facility which makes enterprises and users vulnerable due to inefficient and outdated VPNs. With this increasing trend of cyber-attacks, the enterprises and users must ensure to secure their valuable data. Threat actors have targeted various Indian sectors close to 40,300 times in the last few days. Denial of service (DoS), IP hijacking and phishing are the main three attack categories used by the threat actors. With this information coming to the fore, the government has increased a nationwide alert and stepped up monitoring especially in power, telecom and financial services. Mostly, cyber-attacks take place due to absence of robust security infrastructure.
Organizations must ensure to have dedicated hardware, virtualization and software-centric computing to create an environment that provides guaranteed performance and flexible management for security virtual appliances. Enterprises like telecom and financial services must include next-generation firewalls that are reliable and efficient. Data is no longer system-bound; the stakes for data protection is high as data is also available on edge and cloud platform, where security is still a concern. So, irrespective of an individual user or enterprise, one must have a security solution that would protect the data irrespective of the platform it resides in. Secure Access Gateways, Application Delivery Controllers and Network Functions Platforms can be utilized by the stakeholders to protect their enterprises and those associated with them. Enterprises must also concentrate on upgrading their security solutions and auditing their cybersecurity response plan regularly. Apart from this, at a cellular level, one should keep in mind not to open unsolicited emails, check URL integrity before providing user credentials and report if any unusual or suspicious activity is observed this would certainly give a boost to India’s fight against cyber-attacks.”