Cyberattacks targeting Indian companies, especially startups that deal with large consumer data, have seen a 600 percent increase in 2020 compared to last year, according to a recent report.
The report also revealed that state-sponsored cyberattacks increased 400 percent, whereas phishing attacks saw an increase of 1,100 percent.
The report, shared with Moneycontrol by cyber intelligence firm Cyfirma, was based on cyberattacks reported by the Ministry of Electronics and Information Technology (MeitY) and the firm’s research data. MeitY had reported close to 7 lakh cyber security incidents till August 2020 compared to 4 lakh in 2019.
This is probably the highest-ever number India has seen, even going by its reported cybersecurity breaches. Security breaches reported for the past five years stand at 49,455 (2015), 50,362 (2016), 53,117 (2017), 2.1 lakh (2018), around 4 lakh (2019) and 7 lakh (2020).
In an interaction, Kumar Ritesh, CEO, Cyfirma, said, this huge spike, apart from financial gain, was driven by geopolitics, and access to a large volume of customer data.
Access to customer data
“Unlike a few years back, data is becoming a key motivator for hacking,” said Ritesh.
Take for instance commercial organisations. While the reported total security breaches by MeitY were 7 lakh in 2020, Ritesh pointed out that the unreported could be as high as 8-10X, compared to 3X last year.
This data, Ritesh said, was based on the instances of attacks witnessed during the year.
So ideally, the number of attacks could be as high as 70-80 lakh, including both reported and unreported cases. Of this, commercial organisations account for about 55 lakh and the highest jump was seen in startups and small and medium businesses.
These attacks were primarily motivated by the data that startups hold. “These born-in-the-cloud digital businesses hold massive amounts of data ranging from personal and financial information to user behaviour,” Ritesh said. Hackers who can breach the companies could gain access to this data, which can fetch handsome returns in dark web marketplaces, he added.
The year 2020 saw large startups whose customer data was reportedly stolen by cyber criminals. These firms include online grocery firm Big Basket, where reportedly personal data of about 20 million users were sold on the dark web. Hyperlocal delivery firm Dunzo, and edtech platforms WhiteHat Jr and Unacademy were other firms, which saw cybersecurity break in 2020. In all these cases, consumer data were stolen and in some cases were put on sale.
Larger firms were not spared either. Snack maker Haldirams filed an FIR in October after its hackers demanded close to $7.5 lakh as ransom after hacking the company’s server.
However, monetary gains and data apart, state-sponsored cyberattacks have seen a significant increase.
For instance, last year MeitY reported close to 3.9 lakh cases. Ritesh explained that state-sponsored attack accounted for about 80,000. In 2020, they are about 4 lakh of the reported 7 lakh cases by MeitY.
These attacks are especially visible as the tension between India and China increased.
When the Indo-China border tension escalated in June, the Chinese hacker community on the dark web was firming up plans to attack Indian media, pharma and telecommunication firms. In an earlier report published by Moneycontrol, cybersecurity experts pointed out that the idea behind the attack is to teach “India a lesson” rather than monetary benefits.
Further, in October, Prime Minister Narendra Modi's personal website, Narendramodi.in, was hacked. The site had personal details of close to 5.7 lakh people who made donations through the site, said another cybersecurity platform Cycle. The donor data reportedly was on sale on the dark web.
Cost of cyberattacks
These cyberattacks come at a huge cost for firms, both reputational and monetary.
According to a report by Sophos, a cybersecurity firm, close to 82 percent Indian companies have been hit by ransomware in the last 12 months. The report added that, on an average, Indian firms will have to spend close to Rs 8 crore for rectifying the impact of an attack.
These attacks are unlikely to slow down as people continue to work from home, which is likely to stay even post the pandemic. A network security firm Barracuda Networks in a survey said that 66 percent of Indian firms have reported data breaches since moving to work from home.
Pankit Desai, co-founder and CEO, Sequretek, a cybersecurity firm, said in an earlier interaction the infrastructure was riddled with vulnerabilities since many employees were using personal systems with no adequate protection to handle sensitive company data.
However, these incidents have increased demand for cybersecurity solutions as more firms step up their security. According to reports, cybersecurity spending for Indian firms has increased by 3 percent across large and small enterprises in 2020. Also, top IT majors have reported increased interest in cybersecurity solutions. Wipro expects cybersecurity to generate $1 billion in revenue by 2022, according to a report by ET.