In recent years there has been an increase in the frequency and volume of cyber-attacks on India, specially the government sectors are in foremost line of fire which include the defence and energy sectors as per the latest Kaspersky global research report.
Explaining the rise of targeted cyber-attacks in India to News18, Saurabh Sharma, senior security researcher at Kaspersky APAC’s global research and analysis team, said, “Most of the cyber attacks on Indian government are targeting the defence and energy sectors.”
Further adding to this, Sidharth Mutreja, enterprise solutions architect at Kaspersky APAC, stated that alongside defence and energy sectors, cyber-attacks in India also predominantly target banking and finance, as well as “critical infrastructures”, such as oil and gas.
Elucidating on targeted attacks on Indian government infrastructure, Mutreja added, “We see very sophisticated attacks coming in, which are also constantly evolving in technique to fly under the radar. These are referred to as APTs, or Advanced Persistent Threats. Typically, APTs have a life cycle of 200+ days, during which it looks at multiple avenues to breach.”
Continuing on this note, Sharma further added, “If we do not detect the attack right away, it can take up to 200 days to figure out what really is happening. The first questions that we attempt to solve are how to detect such an attack, what is the course of action to be taken, and how to quarantine the threat.”
The implementation of the upcoming Personal Data Protection Bill, 2018 may play a key role in defining the scope of not just the government, but of India as a whole, opines Mutreja. “How the data privacy law gets implemented will play a key role. But, laws will always be playing catch up with technology, and will not change every year and have different interpretations.
As a result, certain basic ‘cyber hygiene’ tasks need to be followed. Default configurations are the most disastrous, so is the issue of not updating systems on time, as well as not restricting usage on sensitive computers to only specific, requisite tools. Many attacks are also human-born, where people click on malicious links on sensitive systems,” he says.
There has been rampant increase of interest in India among cyber criminals, as many reports have stated. In March 2019, endpoint security researcher Sophos revealed that as much as 76% of all firms were hit with cyberattacks of varying degrees of intensity, marking a staggering average as a statistic. It is this that calls for adopting more stringent privacy and data security practices.
This would further involve a far more robust spread of knowledge and awareness among users and officials alike — an imperative factor, given that the threats are increasing in volume and complexity by the day.
(Image Courtesy: www.nepalwebsolutions.com)