300 Mumbai ICT partners pledge to enhance capabilities in mitigating threats to cyber security in the evolving ‘cashless economy’, post demonetization
Fast paced changes in information technology, adoption of social media and digital lifestyle products by consumers and automation of business processes are increasingly driving enterprises to adopt a digital ‘avatar’. While this has undoubtedly transformed their connectedness and reach, and provided businesses with a powerful competitive advantage, it has also exposed them to various threats and security risks.
Cybercrime cases have surged worldwide, making Indian users also vulnerable to cyber threats. A joint study conducted by the Associated Chambers of Commerce and Industry of India (ASSOCHAM) and consulting firm PricewaterhouseCoopers (PwC) stated that India has seen a rise of nearly 300% in cybercrime cases registered under the IT Act, 2000 in the period from 2011 to 2014. While the emerging digital economy has led to increased volumes of electronic fund transfers, post demonetization of Rs. 500 and Rs. 1,000 currency notes by Government of India, online payments and mobile wallet-based transactions also face increased risk of attacks by cyber criminals.
According to Viren Bavishi, Director, TAIT, “India has already witnessed huge financial and data breach cases. Earlier in 2016 a case has surfaced where data of around 30 lac debit cards has been compromised, due to malware infestation in the system of Hitachi Payment Services, which went undetected for three months. Another case of login by an unauthorized offshore hacker into the systems of Axis Bank is also a recent incident. Both these cases highlight the amount of risk we are all exposed to.”
“In the past couple of weeks a number of Twitter handles of Indian political leaders were hacked by various groups and false and malicious messages spread through the same – this speaks volumes about the possibility of creating social unrest by rogue hackers, and the ability to ruin credibility of persons in public life. A Distributed Denial of Service attack on a large ISP a few months back, choked their network and the company suffered huge financial losses, besides losing many of their loyal big ticket bandwidth customers,” Bavishi added.
In view of the above, it is essential for individuals, business organizations and the public sector to secure their sensitive information, as there is no escaping the digital revolution. SMEs are more prone to cyber-attacks as they usually do not have a systematic, institutional mechanism for review of the extent of their vulnerabilities.
Founder CEOs and Owner-Managers typically lack the experience or expertise to assess the cyber security risks to their business. Very often cyber security threats are put on the back burner, and investments made in basic security solutions such as anti-virus software and firewalls to keep their accounting and financial transaction data protected. However, most SMEs tend to underestimate the value of their data. In order to make SMEs understand the importance of cyber security and adopt the latest techniques to protect their business from cyber threats, the Mumbai-based premier association of IT companies – Trade Association of Information Technology (TAIT) organized a workshop on cyber security for members. The workshop was conducted by Joel Divekar, Chief Technology Officer, Creative Antenna who talked about issues such as safe and secure usage of the Internet, threats from phishing and Ransomware and techniques to avoid them, Bitcoins, Cryptocurrencies and Blockchain technology.
As cybercriminals have moved from isolated acts of cyber vandalism to cybercrime as a business, Ransomware has emerged as the go-to malware to run nefarious money-making schemes. SMEs are easy targets for Ransomware as they have relatively fewer cyber security tools compared to mid-size or large organizations. Ransomware has become one of the most feared cyber threats for all. It is a type of malware that infects a computer and restricts access to it until a ransom is paid to unlock it. It can penetrate organizations via phishing emails containing malicious attachments, by downloading malicious files, clicking on malicious ads, unknowingly visiting an infected website which downloads and installs malware, web based IM applications, and exploiting web servers to gain access into an organisation’s internal network. Ransomware uses evasion tactics more than once, making it very difficult to be detected by anti-virus software or cyber security researchers.
Addressing the TAIT members Joel Divekar, Chief Technology Officer, Creative Antenna said, “As we try to implement digitization initiatives that help to expand business and increase revenues, we are moving towards cloud storage. In this scenario, protecting business against cybercrime or data threats is critically important. Consequences of ignoring security risks can be disastrous for current business transactions as well as long term brand image and reputation. It is therefore important not to underestimate the scale of a phishing or ransomware attacks. These can penetrate organizations in many different forms via spam, malvertising or malicious domains. Ransomware is indiscriminate and targets anywhere it can.”