The recent cyberattack on the Iranian gas stations all over the country showed how vulnerable our IT infrastructure can be. The attack rendered state issued electronic cards useless and caused many long queues at gas stations. The fact that a change in a single line code is all that is required to gain access is chilling. Unfortunately, India is on a list of countries with a history of cyber attacks.
More than 600,000 cyber attacks were recorded in India in the first half this year, including one on the computer systems of Air India, in which hackers managed to access the personal and financial information of 4.5 million customers worldwide, according to the Indian government’s Computer Emergency Response Team.
Software solution provider Mobikwik Systems Pvt. Ltd, telecom service Airtel Ltd and the Indian units of Domino’s Pizza Inc. also fell victim to hackers in the first half.
The overall figure for the period from January to June compares with 1.1 million cyber attacks reported all of last year, an almost threefold increase from 400,000 in 2019. That translates to almost 3,000 cases reported every day of 2020.
Last year, hackers targeted, among others, online grocery store Bigbasket, home delivery service Dunzo and educational technology firms Unacademy and WhiteHat Jr.
As Indians switched to working from home on their personal computers amid restrictions that were forced by the COVID-19 pandemic that spread last year, the vulnerability of the computer systems used by both corporate entities and individuals was exposed.
Why do these attacks happen?
In an office environment, where data is monitored and access to the internet is limited by a company’s information technology (IT) policies, preventing threats is much easier. When that safety net is removed, it leaves many systems vulnerable and that is what hackers are taking advantage of.
The pace at which the shift to work-from-home happened forced organisational entities out of their comfort zone to a less-secure environment that couldn’t be as tightly controlled as their office spaces.
You are only as strong as your weakest link, and in the case of cyber security, that makes more of a difference. Most of the attacks that take place aren't complex; they rely on exposing and taking advantage of weaknesses that you may not realise even exist.
Flaws such as weak passwords or faulty network configurations become amplified when you have to deal with a work force functioning out of an uncontrolled environment. Insiders pose another major challenge.
Phishing attacks are the most common. They rely on psychological manipulation, enticing gullible would-be victims with impossible-to-believe offers such as ultra low loan interest rates. All you need to do is click one malicious link and the hackers will have penetrated your computer system.
Cyber attacks can be especially devastating when an employee with high-level access falls victim.
Absence of legislation
Technology is constantly evolving, so a country’s legislation has to keep up and evolve with it.
India's Information Technology Act entered the statute books in 2000 and went through its first major revisions in 2008. That pace is not rapid enough, when it comes to keeping up with technology.
We still don't have a clear data protection bill that protects citizens’ data online. The Personal Data Protection Bill, which was first proposed in 2019, is still a work in progress.
The recent rash of cyber security attacks has served as a wakeup call, and India needs to step up the pace of strengthening its IT laws. Another issue is that companies simply haven't invested in robust enough security measures.
How do we stop these attacks?
It should be fairly obvious by now that we need to invest in better security infrastructure. What works for a controlled environment, such as an office, is susceptible to attacks when taken out of it.
We need stronger IT leaders to step up and take charge. Better practices and guidelines should be adopted for keeping our systems safe from a potential attack.
There is no fool-proof method of preventing data breaches. Even so, we shouldn't let that dull us into complacency. We should be prepared for all eventualities.
It's also time lawmakers start taking things more seriously and understand the technologies that they are writing laws for. The fact that our IT Act has changed so little since its enactment serves as a warning.
A larger budget needs to be assigned for IT security professionals. The more money you spend on great computer security architecture, the safer you will be.
According a recent report by the Business Standard, nearly 73 percent of Indian firms said they expected a data breach in the next one year. Thirty four percent had already suffered at least seven data breaches and 20 percent had experienced more than seven.
We have to go back to the basics when it comes to online security and learn from our mistakes. We have to identify our critical data clusters and focus on the threats that are impacting businesses worldwide.Indian IT needs to go back to the drawing board and chalk up comprehensive solutions that work multi-device and across major technology platforms. It doesn't guarantee that you won't be attacked by hackers, but at least you will sleep a little easier knowing you did everything you could.