While BigBasket was able to save financial data of its customers, if someone breaks the password codes, hackers can still gain control of the user’s financial information.
The cyberattack on BigBasket shows how badly the company needs to ramp up its security—thanks to the data breach, the account information of close to 2 crore users of the app ended up on the dark web for sale. This also underscores the need for top companies where customers generate significant amounts of data to ramp up security.
While it is not clear how much money is spent by Indian companies on cybersecurity, but the absence of a data security law means that the government cannot make them commit to certain fixed expenditure. An analysis of payouts by companies in terms of bug-bounty programmes, however, show that Indian companies still do not treat cybersecurity as a top priority. In comparison to millions spent by foreign firms on bug-bounty challenges, Indian firms pay meagre amounts.
However, getting companies to address cybersecurity concerns is only one measure. While BigBasket was able to save financial data of its customers, if someone breaks the password codes, hackers can still gain control of the user’s financial information.
Most people avoid spending on security because they do not rate it as a high priority and instead rely on companies and governments to meet cybersecurity needs. Despite the market being flush with password vaults and antivirus suites for mobile phones and desktops, the uptake is limited to firms and not individuals. VPN services, along with password vaults and antivirus suites, can increase security manifold. Unless users increase their cyber-spends, companies cannot ensure cyber-hygiene.