India is among the top 3 most affected nations in Asia. India witnessed three times more cyber attacks in 2020 than in 2019. More than 11.5 lakh incidents of cyberattacks were tracked and reported to India’s Computer Emergency Response Team (CERT-In) in 2021. Ransomware attacks have increased by 120% in India as per official estimates.
Not only big businesses but SMBs and startups have also fallen victim to cyberattacks. Online grocery stores like Bigbasket, home delivery service Dunzo, and educational technology organisations like WhiteHat Jr. and Unacademy are among these.
India is home to more than 1.2 billion mobile subscribers in 2021 out of which 750 million are smartphone users. These are not just big numbers but show the vastness of the attack surface that needs to be protected.
According to business and consumer data company Statista, more than 3.8 thousand government services were provided over the internet in 2021. Digital payments are also growing because of the Digital India initiative. This is expected to grow more to reach every corner of India.
Indians switched to working from home on their personal computers amid the pandemic, exposing the vulnerabilities of the technologies and untrained workforce for cybersecurity awareness. In the office environment, it was easy to monitor data and restrict internet access as per the company's security policies. An open network is highly vulnerable, giving an advantage to the threat actors.
According to the research, more than 90% of attacks succeeded due to human error. Phishing attacks are the most common, relying on psychological manipulation. These attacks are most devastating when an employee with a high level of access falls victim, allowing exploiting the critical data of the organisation. Software vulnerabilities are also the biggest challenges as many people and organisations are still relying on old and outdated software for cost-saving.
Cybercrimes started soaring with the onset of the year 2014 and have increased further since then. The Government of India established a cybersecurity policy in 2013 aiming to build secure and resilient cyberspace for businesses, government and citizens. Anticipating the boom in the IT industry and the need for a secured space the policy was generated. This policy had lots of shortcomings in terms of coordination, regulations and overall awareness of cybersecurity. The onset of Covid-19 only exposed the weaknesses of this policy.
There is a remarkable growth in revenues from cyber security products and services amid pandemics as per the DSCI (Data Security Council of India) report. The major share (around 85%) of the revenue is coming from the international market. At the same time, India's cybersecurity workforce almost doubled to reach 218,000 in 2021. Although this is still less than required. With the support of enabling policies, expanding workforce, domain specialisation and required ecosystem, India is rapidly expanding its cyber security capabilities.
The major issue of concern is the awareness and coordination among the Indian public and private sectors to combat cybercrimes. The Indian government has come up with a new cybersecurity policy in 2020 with a greater focus on domestic demands and greater incentives for the private sector to participate in government contracts. There is a need for collaboration between the government and private sector along with encouraging an environment for research in cybersecurity innovation.
The cybersecurity strategy of India is pending government approval for the past two years. Looking at the current global situation all the countries are including water, power and education sectors in their policy. Our existing legal and regulatory frameworks are not capable of addressing the evolving threats.
As per the current situation responses to cyber security threats can be taken under IT Act and Indian Penal Court. Cert-In looks at incident response and National Critical Information Infrastructure Protection Centre (NCIIPC) at critical infrastructure. The Policy is required to focus on threat assessment and response. We need a dedicated body and policy to look after cyber security standards, regular audits and annual reviews.
India being the vast and fastest-growing market for digital technologies is a lucrative target for the threat actors, making cyber security in India a big challenge. Playing with human psychology and vulnerable technologies provides ample opportunities to sneak in. Being an SMB if you are ignoring your cybersecurity, it will become your biggest mistake ever. Unfortunately, these businesses are most likely to be targeted for cybercrime. According to the data, 43% of cyberattacks target small businesses. Criminals also know that big company will have security systems in place but small ones will be vulnerable. The following methods can help in securing your business -
1. Cybersecurity Awareness Training for employees - Training the employees for cyber awareness should never be compromised. Employees are of different backgrounds and don't understand technical things hence they should be regularly trained in cybersecurity awareness.
2. Devise a system security plan - Planning and having a strategy will help in streamlining the things for following the security policy. Also in case of a breach, the clear guideline will help in controlling the situation on time.
3. Regularly update the software - Old or not updated software is highly vulnerable. Keeping them updated can save lots of attacks. One small vulnerability is sufficient to bring down multiple businesses in one go.
4. Regular backups - Regularly taking backups and storing them safely is required to protect your data. This is required for the safety of your business, stakeholders and clients.
5. Outsource Cybersecurity - Hiring the technical staff and having a complete infrastructure for implementing cybersecurity is not possible for all organisations. But no need to worry about this. Many organisations like Illume intelligence India Pvt. Ltd. provide cybersecurity and auditing solutions. You may get assistance for devising a security plan as well as high-end Virtual CISO services all within your budget.
It is time to stay alert and prepared for handling the security breach. The threat actors are always in search of an unprotected system, as that is like a low hanging fruit for them. Very rarely and highly trained threat actors plan and make a targeted attack against a specific organisation. Rest others are generalised attacks. Training employees and removing vulnerabilities will help in rising the guards and blocking a majority of the attacks.