India’s digital infrastructure, user base, and accessibility are rapidly improving. However, proper cyber security measures have yet to keep up with India’s digital push – leaving many companies vulnerable to cyber-attacks.
According to the Ministry of Electronics and Information Technology, India witnessed over 27,000 cyber security threats in the first half of 2017. These threats include ransomware attacks, website intrusions or defacement, phishing attacks, and data breaches.
Foreign businesses entering the Indian market should be aware of the increasingly commonplace nature of cyber-attacks in the country, and craft proactive measures to anticipate and respond to these threats.
Government’s cyber vulnerabilities affect private sector in IRNN hack
A recent report by Seqrite Intelligence Labs, the enterprise security solutions brand of Quick Heal Technologies, disclosed an advertisement they discovered on the Darknet (a small portion of the internet hidden from search engines). The advertisement announced secret access to the servers and databases of over 6,000 Indian organizations – including internet service providers (ISPs) as well as public and private sector organizations. The hacker offered this information for 15 bitcoin (equivalent to approximately USD$73,000). The hacker subsequently offered to execute further cyber-attacks against the listed companies for an undisclosed price.
Seqrite Cyber Intelligence Labs, along with its partner seQtree InfoServices, called it one of the biggest breaches affecting Indian organizations. Seqrite and seQtree reported that the Indian Registry for Internet Names and Numbers (IRINN), which comes under the National Internet Exchange of India, was the organization that hackers had compromised.
After discovering the advertisement, Seqrite and seQtree teams started gathering background research on the hacker but were unable to identify the perpetrator. The research team then contacted the hacker for further details, posing as an interested buyer. The hacker shared a sample of their stolen data, which included an email address of a prominent Indian technology firm and information linked back to the Indian government.
According to Seqrite Intelligence Labs, this hacker may have the capacity to create serious service outages in India. The entities affected by the data breach include the Bombay Stock Exchange, the Reserve Bank of India, the Indian Space Research Organization, Wipro, Mastercard, Visa, Hathaway, IDBI Bank, and Ernst & Young.
According to researchers, the seller claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or distributed denial of service (DDoS) condition.
Recent cyber threats in India
In May 2017, the WannaCry ransomware attack disrupted operations at hospitals, telecommunication firms, and several other sectors worldwide. The ransomware required only one computer in the entire network to be affected. Once the malware was installed it quickly spread to the entire network – locking out all users. The perpetrators behind WannaCry demanded ransom money in the form of bitcoin to unlock their system.
India was the third worst affected country by the WannaCry ransomware attacks. Major urban centers to be targeted included Bengaluru, Chennai, Hyderabad, and Mumbai. ATMs in India are particularly vulnerable to cyber-attacks as they often rely on retrograde versions of Microsoft, which are easy for hackers to infiltrate.
According to the Indian Computer Emergency Response Team (CERT-In), almost 11,000 networks in India were victims of probe-scanning between March 2016 and May 2017. Probing and scanning are usually the initial steps used by a hacker to monitor a system before the malware or ransomware is installed on the network.
On June 28, 2017, the Petya global cyber-attack disrupted cyber services in Russia, Ukraine, India, and Australia. India’s largest port, Jawaharlal Nehru Port Trust (JNPT), near Mumbai, had to be temporarily shut down as a result of the attack; the virus affected computers running Microsoft software for the second time after the WannaCry attack.
While all countries are vulnerable to cyber-threats, hackers are taking notice of India’s growing prosperity and weak cyber security infrastructure, making the country an easy target for cyber-attacks.
Is India equipped to tackle cyber breaches?
After the recent Wannacry and Petya attacks, Ravi Shankar Prasad, the Information Technology Minister of India, claimed that cyber-attacks against India were at a minimum. However, cyber security experts believe that the data breach targeting over 6,000 companies confirms the credibility of cyber security risks in the country.
The recent attacks have shown that aggressive hackers from across the globe are capable of shutting down critical government and corporate infrastructure. Worse, hackers can use government websites – which often lack critical cyber-security infrastructure – to access private business’ information.
India was ranked the fifth most vulnerable country for cyber breaches in 2016 by Symantec’s Internet Cyber Security Threat Report of 2017. Cyber-attack cases in India are usually under-reported because people tend to rely on software to protect them from a breach, rather than cyber security agencies. Moreover, unlike the U.S., India has no legal requirement to report the incident, nor is there a legal obligation to let victims know that their data has been compromised.
How foreign businesses can protect themselves in India
The Indian government remains reluctant to acknowledge both its own vulnerabilities to cyber-attacks and the country’s appeal to hackers. Foreign companies doing business in India must safeguard their data with robust and well-maintained cyber security infrastructure. Otherwise, the promise of Digital India can be eclipsed by hackers, ransomware, and data breaches.
Foreign companies entering the Indian market should consider cyber security an increasingly important requisite for success. When approaching cyber security, businesses should consider the following:
- Risk analysis: In order to build a strong defense, an organization needs to identify its weak points and usual entry spots for hackers. An in-depth understanding of the risks involved help in the implementation of strong hardware, office, and internet security policies by the organization.
- Regular software and hardware updates: The organization needs to invest in a reputed software solution that offers frequent anti-virus updates. Moreover, all employees have to be trained to install updates on real time basis. The main servers should always have the latest versions of firewall and anti-virus systems. This will significantly reduce the feasibility of any cyber-attack.
- Cloud-storage: Decentralizing data storage substantially reduces its vulnerability. Leading cloud storage providers ensure advanced cyber security measures, thereby ensuring that all crucial information has multiple layers of protection.
- Data encryption: Encryption safeguards for company information on hard drives prevent unauthorized access.
- IT support: Organizations can consider building an in-house IT support department or outsourcing it to established service providers. This will enable the enterprise to design a robust defense system that both protects the business and ensures its continuity.
Dezan Shira & Associates provide business intelligence, due diligence, legal, tax and advisory services throughout the Vietnam and the Asian region.