Mumbai: While the exact impact of the ransomware attack on Indian establishments are yet to be ascertained, cyber security experts said it’s largely the small and mid sized firms that are more susceptible to such attacks.
According to them, companies need to step up their investment in IT infrastructure as many of them are still running with older operating system that are more vulnerable to cyber attacks.
“There are organisations which are highly IT intensive in nature and have sufficiently invested in protecting their core systems. Similarly there are large business conglomerates that have invested heavily in cyber security infrastructure.
However there are a large number of small and mid-sized firms in India that do not have adequate firewalls in place. They need to constantly update their system and software and take right steps to mitigate such risks,” said Mukul Shrivastava, partner, fraud investigation and dispute services, E&Y.
A recent survey conducted by E&Y found that a majority of Indian firms are least prepared to detect and respond to any cyber attacks. Mr Shrivastava pointed out several instances where Indian firms were found using pirated anti virus software. Additionally, the total spend on cyber security was part of a firm’s routine administration expenses suggesting that building a robust cyber security system was never on their priority list.
According to LC Singh, vice chairman and CEO of Nihilent Technologies, the nature of malicious code, or malware shifted recently from disrupting service to actively seeking financial gain. In the past, the impact on victims was primarily a disruption of service resulting in loss of productivity and sometimes a loss in revenue. Now, many significant worms are designed to steal sensitive information such as credit card numbers, social security numbers, pin codes, and passwords and send the information to the attacker for nefarious purposes including identity theft. "Unfortunately, attackers have become very adept at circumventing traditional defenses such as anti-virus software and firewalls. Standard best practices of deploying latest operating systems, application patches and anti-virus go a long way in reducing these attacks. Organizations must have information security policies that reduce exposure to malware, and will need to develop, deploy, monitor, and test security tools throughout their network. The aim is to detect any hint of anomaly to be able to avoid compromises and, in the event they do get infected, ensure a faster recovery," he added.