New Delhi, Sep 21 As Indian enterprises gain more exposure and attention globally, there is a worrying downside: these firms are at an increased cyber security risk owing to aged and vulnerable security solutions at work, experts have warned.
The internet userbase in the country has steadily increased from 238 million last year to 360 million this year -- a key reason for the growing cyber security risks as well as the businesses to counter these risks.
According to Trend Micro Incorporated, a global leader in security software and solutions, 2016 has proved to be a year of online extortion through various malicious attacks in India. Over 180 Indian companies were victims of "ransomware" -- or online extortion schemes -- in the first six months of this year, it said.
"As Indian firms continue to digitise records and move towards a fully online world, concerns keep mounting over the security of the reams of data and confidential information stored online. This has required enterprises and entities to move, at a near-record speed, to transform and upgrade security strategy and systems to ensure the safekeeping of all data," said Vivek Malhotra, Cloud Leader, IBM India/South Asia.
"The recent 'Cost of Data Breach Study: India' report by IBM and Ponemon Institute indicates that India has become a hot target for cyber hackers. The economy is digitising at a fast pace and cyber crimes are growing at the same speed and intensity," Malhotra told IANS.
For Jaideep Mehta, Managing Director, International Data Corporation (IDC) South Asia, cyber security is of increasing importance as Indian companies digitise and, on the back of that, open up their boundaries through mobility, Cloud and supply chain digitalisation programmes.
"As systems become more open and data flows outside the traditional boundaries of organisations, the cyber security imperative becomes more and more urgent. The same logic applies to large national programmes being run by the government like 'Digital India'. Securing the network, end points and data is essential for success," Mehta told IANS.
Ransomware, also called Business Email Compromise (BEC), has globally caused companies a loss of a whopping $3 billion till date this year.
BEC schemes are scam tactics which compromise business accounts in order to facilitate an unauthorised fund transfer and are considered one of the most dangerous threats to organisations.
Indian businesses lost over $1 million from compromised data and downtime in the last 12 months, revealed a survey by EMC Corporation -- the world's largest data storage multinational -- in July.
"Organisations are getting better at protecting themselves against traditional threats to data but new threats mean that despite progress, more businesses are losing data than before," said Ripu Bajwa, Country Manager-Data Protection Solutions at EMC.
Ransomware is dramatically raising the stakes when it comes to cyber security. Ransomware attacks tracked in the first half of 2016 originated from emails 58 percent of the time.
"In India, companies are now becoming dependent on technology. A total of 371, 189, 155 and 128 government websites were hacked in 2012, 2013, 2014 and 2015 (up to October), respectively," informed Trishneet Arora, CEO, TAC Security, a cyber security solutions provider.
According to EMC, 46 per cent of organisations in India suffered unplanned system downtime and/or data loss due to an external or internal security breach.
"In India, on average, 34 per cent of organisations have their IT environment in public Cloud and more than 60 per cent organisations believe that not all their data stored in the Cloud is protected," it added.
Cisco's "Midyear Cybersecurity Report (MCR) 2016" found that organisations are unprepared for future strains of more sophisticated ransomware as fragile infrastructure, poor network hygiene and slow detection rates are providing ample time and air cover for hackers to operate.
"Attackers are going undetected and expanding their time to operate. To close the attackers' windows of opportunity, customers will require more visibility into their networks and must improve activities like patching, and retiring aging infrastructure lacking in advanced security capabilities," said Marty Roesch, Vice President and Chief Architect, Security Business Group, Cisco.
The way to minimise cyber threats is to adopt top-of-the-line security solutions sooner.
"The important dimension is to weave in the security strategy at the point of genesis and ensure that it is holistic in its construct, covering all layers as well as data," Mehta told IANS.