Cyber crime cases have surged worldwide, making Indian users also vulnerable to cyber threats. A joint study conducted by the Associated Chambers of Commerce and Industry of India (ASSOCHAM) and consulting firm PricewaterhouseCoopers (PwC) stated that India has seen a rise of nearly 300 percent in cyber crime cases registered under the IT Act, 2000 in the period from 2011 to 2014. While the emerging digital economy has led to increased volumes of electronic fund transfers, post demonetization of Rs 500 and Rs 1,000 currency notes by Government of India, online payments and mobile wallet-based transactions also face increased risk of attacks by cyber criminals.
"India has already witnessed huge financial and data breach cases,” said Viren Bavishi, Director, TAIT. “Earlier in 2016 a case has surfaced where data of around 30 lac debit cards has been compromised, due to malware infestation in the system of Hitachi Payment Services, which went undetected for three months. Another case of login by an unauthorised offshore hacker into the systems of Axis Bank is also a recent incident. Both these cases highlight the amount of risk we are all exposed to."
"In the past couple of weeks a number of Twitter handles of Indian political leaders were hacked by various groups and false and malicious messages spread through the same - this speaks volumes about the possibility of creating social unrest by rogue hackers, and the ability to ruin credibility of persons in public life. A Distributed Denial of Service attack on a large ISP a few months back, choked their network and the company suffered huge financial losses, besides losing many of their loyal big ticket bandwidth customers," Bavishi added.
SMEs and cyber threats
SMEs are more prone to cyber-attacks as they usually do not have a systematic, institutional mechanism for review of the extent of their vulnerabilities. Founder CEOs and owner-managers typically lack the experience or expertise to assess the cyber security risks to their business. Very often cyber security threats are put on the back burner, and investments made in basic security solutions such as anti-virus software and firewalls to keep their accounting and financial transaction data protected. However, most SMEs tend to underestimate the value of their data. In order to make SMEs understand the importance of cyber security and adopt the latest techniques to protect their business from cyber threats, the Mumbai-based premier association of IT companies, Trade Association of Information Technology (TAIT) organized a workshop on cyber security for members. The workshop was conducted by Joel Divekar, Chief Technology Officer, Creative Antenna who talked about issues such as safe and secure usage of the Internet, threats from phishing and ransomware and techniques to avoid them, bitcoins, cryptocurrencies and blockchain technology.
As cybercriminals have moved from isolated acts of cyber vandalism to cyber crime as a business, ransomware has emerged as the go-to malware to run nefarious money-making schemes. SMEs are easy targets for ransomware as they have relatively fewer cyber security tools compared to mid-size or large organizations. Ransomware has become one of the most feared cyber threats for all. It is a type of malware that infects a computer and restricts access to it until a ransom is paid to unlock it. It can penetrate organizations via phishing emails containing malicious attachments, by downloading malicious files, clicking on malicious ads, unknowingly visiting an infected website which downloads and installs malware, web based IM applications, and exploiting web servers to gain access into an organization's internal network. Ransomware uses evasion tactics more than once, making it very difficult to be detected by anti-virus software or cyber security researchers.
"As we try to implement digitisation initiatives that help to expand business and increase revenues, we are moving towards cloud storage,” said Joel Divekar, Chief Technology Officer, Creative Antenna. “In this scenario, protecting business against cyber crime or data threats is critically important. Consequences of ignoring security risks can be disastrous for current business transactions as well as long term brand image and reputation. It is therefore important not to underestimate the scale of a phishing or ransomware attacks. These can penetrate organisations in many different forms via spam, malvertising or malicious domains. Ransomware is indiscriminate and targets anywhere it can."
SMEs, bitcoins and blockchain technology
Joel Divekar further discussed the advent of bitcoins and other cryptocurrencies and of encryption algorithms that have created a favourable context for development and proliferation of ransomware. Hence, organizations must educate their employees about the evolving risks, maintain patches on desktop users' systems, as well as critical data servers, reduce the automatic mapping of drives and regularly monitor infections to prevent spread of a contagion.
Divekar also talked about blockchain technology, which is a secured public ledger of all Bitcoin transactions that have ever been executed. A block is the 'current' part of a blockchain which records some or all of the recent transactions, and once completed goes into the blockchain as permanent database. This new development has the potential to increase secure data exchange and make transfer of authenticated information simpler and easier between entities and/or individuals.
300 Mumbai ICT partners pledge to enhance capabilities, expand adoption of multi-platform security solutions
In the emerging 'cashless economy' and advent of the 'digital age' dominated by social media, e-commerce, analytics, cloud and IoT it is imperative not only for SME ICT partners to themselves adopt robust security solutions, but also educate their customers and help them choose and implement appropriate systems and safeguards. This was the sentiment echoed almost unanimously by attendees at the TAIT Knowledge Series Workshop.
"The negligence of SMEs in designing and adopting robust IT security policies may serve as the proverbial 'Trojan Horse' for a major cyber breach, negatively impact the affected organisations' business operations and expose their customers to vicious ransomware," said Rushabh Shah, President, TAIT.
"TAIT members feel it is not only a business opportunity but a duty they owe themselves and their customers to engage with experts to carefully assess their threat vulnerabilities and devise and implement effective safeguards to defend against pervasive security threats," Shah reiterated.
In October 2016, Government of India announced setting up of a Rs 1,000 crore fund for R&D in cyber security to be spent over five years. The Cabinet Committee on Security (CCS) decided that such an R&D programme can be operationalised and implemented by the National Security Council Secretariat (NSCS). The fund will be sourced from the annual budget of the Department of Science and Technology (DST) and placed under a separate head. Similarly, Government of Maharashtra is working on rolling out a state-wide cyber security programme with a separate budgetary allocation.
"Going forward, TAIT will coordinate with members to periodically review existing security solution vendor OEM relationships. The aim would be to identify gaps and prepare a roadmap for increased business tie-ups, training and upskilling of staff, and adopt systems and processes that can serve as a 'best practices' guide. The IT partner SME community would continue to create upstream and downstream linkages as well as long term engagements with customer organisations across key industry verticals and the public sector," Bavishi concluded.