An organisation in India is being attacked on average 1,189 times per week in the last 6 months, compared to 465 cyberattacks per organisation globally.
According to Sundar N Balasubrmanian, Managing Director, India and SAARC at Check Point Software Technologies Ltd, a leading cyber security solutions provider globally, the Covid-19 outbreak has resulted in an increase of cyberattacks.
On a weekly basis, 11 per cent of the organisations (in India) are impacted by mobile malware as compared to the global figure of 4.5 per cent. Some 7 per cent of the organisations are impacted on a weekly basis by banking malware. The corresponding global figure is 2.7 per cent. Ransomware and phishing are common attacks, with mobile phones being the most vulnerable device.
In an interview to BusinessLine, Balasubrmanian talks about the cyber security landscape in India, nature of attacks, identifying vulnerabilities, among others. Excerpts:
What have been the cyber security trends so far since the pandemic outbtreak?
Around March and April, the CIOs were working on accommodating work from home. In the first and second weeks of April the worry moved on the right security protocols that were to be followed. The next phase was more on security posturing. Around mid-June there was a challenge of augmentation, and we saw a definite shift to the cloud. Through June and July, when people accepted that Covid is here to stay; they (began) realigning businesses, augmenting infrastructure and security posturing, at least for the medium term.
Has cyberattacks gone up and what is the nature of these attacks?
First, we saw attacks in India are double than the global average on a weekly basis. Which means, compared to attacks on a global organisation weekly, there are twice that many happening on Indian enterprises.
Most of the malicious files are delivered through emails. Nearly, 92 per cent malicious files are delivered through emails in India, as compared to the global average of 82 per cent.
There is also a fair amount of attack happening on/ through mobile devices. In India, we are most exposed through mobiles. The challenge here is multi-fold, especially regarding the type of applications downloaded. Earlier, there was threat of compromised Wi-Fi. But, I presume most networks are secure ones at home.
Because of Covid, a lot of IoT devices or smart devices are also being breached.
There have been vulnerabilities we have identified across micro-chips or DNS servers. There were also a host of bogus and fake “Covid-related sites” (primarily in the first few weeks); then other sites came up selling fake medicines and equipment. All of these aimed at phishing out personal or company data.
The entire remote work posture has alerted quite a bit and they are limiting some accesses too.
We have seen attacks on large assets in India and a lot of phishing attacks on users trying to gain access to personal information.
How easy is it for people to secure mobiles?
We are a 1.3 -1.4 billion population; and close there are about 250-300 million smartphones. Most of these either have a banking app or a telecom app or both. We can either secure the apps or we secure the device. In this early maturity phase, there is an increased awareness towards securing apps.
Do you see companies or individuals being aware of such attacks?
Most of the companies and individuals are reactive; that is, they don’t know, till the attack has actually happened.
New-gen companies, like the born-on-the cloud companies, too have been breached in some cases; apart from traditional enterprises.
What are the areas that these cyber attacks target?
The two to three vectors that attackers look at for maximum impact are large estates like say a Qualcomm or Micorsoft; breaching remote access; and thirdly, how to break the securities around the cloud.
Has cyber security spend gone up?
It’s mostly on-demand budgeting. There is also a significant shift from capital expenditure to operating expenditure. The shift has been sped-up post the pandemic. We had a very healthy first half (Jan – June) and frankly, there is no slowdown in the security spends.