Fast paced changes in information technology, adoption of social media and digital lifestyle products by consumers and automation of business processes are increasingly driving enterprises to adopt a digital ‘avatar’. While this has undoubtedly transformed their connectedness and reach, and provided businesses with a powerful competitive advantage, it has also exposed them to various threats and security risks.
Cyber crime cases have surged worldwide, making Indian users also vulnerable to cyber threats. A joint study conducted by the Associated Chambers of Commerce and Industry of India (ASSOCHAM) and consulting firm PricewaterhouseCoopers (PwC) stated that India has seen a rise of nearly 300% in cyber crime cases registered under the IT Act, 2000 in the period from 2011 to 2014. While the emerging digital economy has led to increased volumes of electronic fund transfers, post demonetisation of Rs. 500 and Rs. 1,000 currency notes by Government of India, online payments and mobile wallet-based transactions also face increased risk of attacks by cyber criminals.
According to Viren Bavishi, Director, TAIT, “India has already witnessed huge financial and data breach cases. Earlier in 2016 a case has surfaced where data of around 30 lac debit cards has been compromised, due to malware infestation in the system of Hitachi Payment Services, which went undetected for three months. Another case of login by an unauthorised offshore hacker into the systems of Axis Bank is also a recent incident. Both these cases highlight the amount of risk we are all exposed to.”
“In the past couple of weeks a number of Twitter handles of Indian political leaders were hacked by various groups and false and malicious messages spread through the same – this speaks volumes about the possibility of creating social unrest by rogue hackers, and the ability to ruin credibility of persons in public life. A Distributed Denial of Service attack on a large ISP a few months back, choked their network and the company suffered huge financial losses, besides losing many of their loyal big ticket bandwidth customers,” Mr Bavishi added.
In view of the above, it is essential for individuals, business organisations and the public sector to secure their sensitive information, as there is no escaping the digital revolution.
SMEs and Cyber Threats
SMEs are more prone to cyber-attacks as they usually do not have a systematic, institutional mechanism for review of the extent of their vulnerabilities. Founder CEOs and Owner-Managers typically lack the experience or expertise to assess the cyber security risks to their business. Very often cyber security threats are put on the back burner, and investments made in basic security solutions such as anti-virus software and firewalls to keep their accounting and financial transaction data protected. However, most SMEs tend to underestimate the value of their data. In order to make SMEs understand the importance of cyber security and adopt the latest techniques to protect their business from cyber threats, the Mumbai-based premier association of IT companies – Trade Association of Information Technology (TAIT) organised a workshop on cyber security for members. The workshop was conducted by Mr Joel Divekar, Chief Technology Officer, Creative Antenna who talked about issues such as safe and secure usage of the Internet, threats from phishing and Ransomware and techniques to avoid them, Bitcoins, Cryptocurrencies and Blockchain technology.
As cybercriminals have moved from isolated acts of cyber vandalism to cyber crime as a business, Ransomware has emerged as the go-to malware to run nefarious money-making schemes. SMEs are easy targets for Ransomware as they have relatively fewer cyber security tools compared to mid-size or large organisations. Ransomware has become one of the most feared cyber threats for all. It is a type of malware that infects a computer and restricts access to it until a ransom is paid to unlock it. It can penetrate organisations via phishing emails containing malicious attachments, by downloading malicious files, clicking on malicious ads, unknowingly visiting an infected website which downloads and installs malware, web based IM applications, and exploiting web servers to gain access into an organisation’s internal network. Ransomware uses evasion tactics more than once, making it very difficult to be detected by anti-virus software or cyber security researchers.
Addressing the TAIT members Mr Joel Divekar, Chief Technology Officer, Creative Antenna said, “As we try to implement digitisation initiatives that help to expand business and increase revenues, we are moving towards cloud storage. In this scenario, protecting business against cyber crime or data threats is critically important. Consequences of ignoring security risks can be disastrous for current business transactions as well as long term brand image and reputation. It is therefore important not to underestimate the scale of a phishing or ransomware attacks. These can penetrate organisations in many different forms via spam, malvertising or malicious domains. Ransomware is indiscriminate and targets anywhere it can.”
SMEs, Bitcoins and Blockchain Technology
Mr. Joel Divekar further discussed the advent of Bitcoins and other cryptocurrencies and of encryption algorithms that have created a favourable context for development and proliferation of Ransomware. Hence, organisations must educate their employees about the evolving risks, maintain patches on desktop users’ systems, as well as critical data servers, reduce the automatic mapping of drives and regularly monitor infections to prevent spread of a contagion.
Mr. Divekar also talked about Blockchain Technology – which is a secured public ledger of all Bitcoin transactions that have ever been executed. A block is the ‘current’ part of a blockchain which records some or all of the recent transactions, and once completed goes into the blockchain as permanent database. This new development has the potential to increase secure data exchange and make transfer of authenticated information simpler and easier between entities and/or individuals.