Technology infrastructure in the country remains vulnerable against cyber intrusions such as Petya and WannaCry as many large corporations still rely on old systems with not much importance attached to the security, say experts. An IBM-Ponemon Institute 2017 study notes that the average cost of data breach has grown from Rs 9.73 crore in 2016 to Rs 11 crore in 2017 in India and unless preventive measures are taken, these costs are likely to increase year on year. While experts termed the Petya impact in India as limited, they warned that increasing thrust towards digitisation through initiatives such as Digital India and demonetisation are expected to attract the attention of cyber criminals. “Most businesses are unprotected, unequipped with critical updates and resort to firefight such attacks with emergency patching. Business leaders need to appreciate the importance of security updates.
All too often we see IT departments needing to wait for approval from divisions higher up in the hierarchy before they can issue critical patches,” said, Srini CR, SVP – Global Product Management & Data Centre Services, Tata Communications. Ransomware like Petya or the earlier Wannacry primarily encrypt the critical data held by targeted companies and seek ransom money in exchange for the release. Experts believe that some firms may be tempted to pay the ransom but there is no guarantee that once the payment is made they can get access to their data. Rakesh Kumar Singh, Datacenter lead, Juniper Networks India, said, “We are seeing some big impact at few of the Indian corporates and PSUs. Mainly corporates which are not in high-tech are more vulnerable as they have lots of legacy OS installations that were ignored as they were used for non-intensive purposes like data entry.”
The practice of many of India’s corporations to store data on their machines has also increased the vulnerability to cyberattacks. Greater prevalence of older operating systems makes it more prone to attacks with not much attention given to security updates.
Rana Gupta, VP – APAC Sales, of cyber security company Gemalto said “Data is the new oil in the digital economy, and ransomware attacks that restrict access to important data until the attacker is paid has become an increasingly common feature.”
In terms of protection against such cyberattacks, experts believe there is much to be done in terms of preventing attacks on critical infrastructure like power and transport. Jaspreet Singh, partner, – IT risk & assurance practice, EY said, “It is important to review what assets we are trying to protect and how we go about providing the security cover. There cannot be any generic solution to this.”
“You won’t be able to thwart every cyber-attack ahead of time but much like the game of chess, implementing a good strategy will always swing the odds in your favour,” said, Srini CR of Tata Communications.