If the NSA leak of EternalBlue virus leading to Wannacry ransomware attacks wasn’t bad enough, the Zomato breach will leave people wondering over the security of online services. It is true that if NSA is hackable, Zomato doesn’t stand much of a chance. But the hack of 17 million accounts certainly leaves behind much that Zomato has to answer for, despite the company assuring that none of the payment gateways it links to can be accessed. More important, with many using the same passwords for many services—this is not Zomato’s fault—the leak can certainly lead to more damage.
Zomato is not the only service at fault, given Indian banks and government agencies have also been targets of hack over the last few years. While companies are spending on protecting their networks, few are buying insurance. A look at insurance data shows that only 200 cyber insurance policies were sold over the last five years, with the total premium below Rs 100 crore. With more people and governments relying on internet services, a good model to follow on ensuring some cyber-risks are hedged can be that of Singapore, where, last year, the government announced a cyber-security strategy allocating 8% of the total government ICT expenditure to cyber-defence.
It also introduced a new cyber-security law that requires owners and operators of critical information infrastructure to take responsibility and share information with the Cyber Security Agency. In India’s case, even the government agencies need to be ahead of the curve in dispensing information and securing networks. Although the Indian Computer Emergency Response Team has been operational for some years now, not many are aware of its existence or what it is tasked with. Besides, such agencies have often played a passive role, only acting when an attack has taken place. As for online companies, they must spend more on security, as their business is based on trust. A few attacks leading to a loss of trust will be enough to finish them off.