Experts say that employees need to be careful and there is more sensitisation necessary in this regard.
On the day when Wipro was set to announce its annual and quarterly results on April 16, a blog KrebsonSecurity exposed a cybersecurity breach at the company.
On April 19, the same blog, by American journalist Brian Krebs, revealed that other IT majors like Infosys and Cognizant could be targeted by the same intruders. Krebs said that the clues so far suggest the work of a fairly experienced crime group that is focused on perpetrating gift card fraud.
While Wipro admitted to the cyberattack and said that that the company is conducting a forensic investigation into the cyberattack, Infosys has denied of any such breach and Cognizant said that there has been no indication of any client data being compromised.
Such attacks are anything but new for these companies. Like Wipro said in the results call, a large enterprise like Wipro goes through 4.5 million such alerts and has in place an efficient monitoring system to detect potential threats. Cognizant too said that it is not unusual for a company to be a target of such phishing expeditions.
If the Krebs’ blog is anything to go by, the perpetrators who attacked Wipro have been targeting more companies for some time and are successful in translating the access to cash. Krebs further added that anti-virus companies still are not flagging many malicious internet addresses and domains listed.The latest incidents demonstrate the need for better cybersecurity given that latest technologies, have become even more sophisticated and easier.
John Shier, Senior Security Advisor of the UK-based cybersecurity firm Sophos, in a recent interaction with Moneycontrol said, how simple it is to hack into the system with easy access to tools.Companies understand this. Compared to last few years, investments in cybersecurity have increased. In a recent interaction, an analyst said that companies have increased their budgetary allocations by 5-10 percent to cater to the rising need to have advanced monitoring systems in place.
“In fact earlier cybersecurity used to come under technology. Now many companies have a separate cybersecurity team,” the analyst added.
However awareness continue to be a challenge. In the Wipro attack, the perpetrators targeted the accounts of a few vulnerable employees . “Some employees might not be even aware that they are clicking an email with malicious content as they come under the guise of your supervisor or others known to you,” explained a cybersecurity expert.The expert added that employees need to be careful and there is more sensitisation necessary in this regard.