As cyber-attacks become more and more mainstream and everything from payments to tax filing goes digital, cyber security is no longer just a hypothetical concern. It is real and it is impacting organisations and fast becoming a national security concern, Kaushal Dalal, Managing Director for India at cyber security firm FireEye, told Neha Alawadhi.
Q: What are the top three things people should be careful about when they file their GST returns?
A: This is for an accountant to answer. Filing returns isn’t a major security issue. The issue is those small businesses are now more reliant on technology.
Q: What do you see as the weakest link in the GST chain? With several SMBs coming on board a digital format of filing taxes for the first time, what is the one thing they should be most careful about?
A: The involvement of SMBs (small and medium businesses) is the weakest link in the GST chain.
When these small businesses come online for the first time, they have poor awareness of security practices and are thus open to threats such as ransomware. It is now mandatory for them to invest in technology to manage invoices and control their businesses. When such financial information goes online, these businesses become attractive targets for attackers.
These SMBs are also linked to larger businesses in the supply chain, thus allowing attackers a less secure entry into their real targets for sophisticated attacks.
Q: What learning can enterprises and businesses draw from the recent Petya and WannaCry ransomware attacks that affected Indian systems also?
A: Cyber security is an operational risk which businesses need to manage.
Enterprises should develop a cyber security plan to manage data security as part of their business operations. To stop attacks like ransomware, organisations should ensure they have strong security controls in place to stop exploits. They should keep their systems updated and improve their defences with a smarter and stronger Endpoint Security.
Q: Cybersecurity threats are becoming more mainstream, but what about policies and guidelines around how cyberattacks are handled. Have policies kept pace with the sophistication of attacks?
A: There is no denying that attacks have become mainstream, there is need for disclosure and that will make this a boardroom issue at a very rapid pace. Building a war time practice is equally important in these times. Look at WannaCry and Petya (ransomware attacks), various organisations had patched their systems and kept them up to date and were safer. So making it mandatory to patch their core systems to safeguard themselves.
We have seen ransomware activity in India increase 300 times from November,2015 to February,2016.
What is important is as the transition to digital occurs, whether through Digital India or Smart Cities, it has to be thought in terms of security first.
The RBI last year revealed comprehensive guidelines that helped translate this into action, but clearly more is needed.
Q: Where are the existing trends in cyber attacks headed?
What we’re seeing across the board is a cyberarms race, which has been heating up for years. So if you go back five years ago, maybe a dozen countries were capable of having cyber cell. Today you are looking at well over 50, or well over 100. The newest entrant to this is Vietnam and they were targeting foreign companies with traditional espionage, and not just govt but also multinational. We’re starting to see cyber crime as a more national security issue.