Data breach | Why Indian companies get hacked so often, and simple tips to keep hackers at bay

BigBasket, Dominos, Mobikwik, Airtel, Zomato and the list goes on.

It has become a worrying routine at this point. We hop online and see one more company being added to the list of data breaches in the last two years. Post COVID, the work conditions have only served to accelerate the frequency of these attacks, so what is going on? And why do Indian companies keep getting hacked?

The new work from home environment

Owing to the pandemic, a lot of companies have had to quickly shift their work philosophy to online due to lockdowns and quarantines. The pace at which this has happened has provided an immense opportunity for hackers to really probe an organisation's security systems and for the most part, they have been lacking.

Corporations, government organisations and small business have had it the worst. The 2020 Global Cyber Security Survey found that 74 percent of Indian organisations were threatened and eventually paid up after getting attacked with malicious ransomware. The survey concluded that Indian organisations paid between $1 million - $2.5 million (approx. Rs 7,30,00,000 - Rs 18,23,00,000) to get their data back.

Last year, Indian sweets and snacks maker Haldiram was hit by a ransomware attack that demanded $7,50,000 (approx. Rs. 5,47,00,000). The Ministry of Electronics and Information Technology (MeitY) reported nearly 7 lakh cyber security incidents till August 2020. Unreported incidents are said to be even higher.

These attacks seemed to be largely focused on start-ups that deal with large amounts of consumer data. In 2020 companies such as Big Basket, Dunzo, Unacademy, White Hat Jr and many more found themselves targeted.

2021 hasn't really been that great either with big names like Mobikwik, Airtel and Dominos having data stolen from their servers.

Why is India being targeted? 

It's perhaps unfair to single out India here as the entire world pretty much witnessed attacks but the higher volume of attacks suggests that we simply do not invest in our IT security infrastructure.

Many of the companies that were targeted lump themselves in with the start-up crowd even when they aren't. Given the team sizes and the magnitude of the businesses in question, many falsely believed they couldn't be targeted.

They simply did not invest or pay heed to the required security during the shift in workplace norms and left themselves wide open to attacks. Insiders and bad password practices also makes India more vulnerable. A lot of phishing attacks happened due to old passwords never getting updated and it was estimated that nearly 95 percent of the attacks happened due to human error.

According to various reports, cyber attacks have increased nearly 80 percent since 2020 and India finds itself second on the list of most targeted countries, next only to the United States of America. An estimated figure of nearly $20 billion (approx. Rs 14,59,00,00,00) has been paid out globally in 2020.

Unless there is a fundamental change in the way we think about security and start to take these threats more seriously, these attacks are only going to get worse.

COVID-19 patient lists were found in the open in January this year when government institutions leaked this information online, when they mistakenly hosted the test reports in .pdf format.

Sensitive financial information of over 100 million credit and debit card holders were gathered from Justpay's faulty servers. Trading platform Upstox suffered a breach of its own, when they lost customer KYC data from right under their noses.

It's clear that its only going to get worse unless we beef up security and invest in online threat prevention measures. It's high time that Indian companies take a good hard look at their IT security measures and upgrade them otherwise we may just inch out the US on the next most targeted countries survey.