Digitization has not only brought about convenience, but it has also become a necessity to facilitate the way we live and interact. However, the more we are becoming dependent on computerized systems, the more susceptible we are becoming to cyber-crime, be it through phishing, ransomware or other increasingly sophisticated types of attacks. A cyber-attack has the potential to cause computer systems and devices to malfunction, compromise data and expose one to financial, and potentially even physical, harm. While cyber security has emerged as a major concern for government bodies, mega corporations like Facebook and Yahoo, considered to be at the forefront of cyberspace, have been at the receiving end as well. All of this calls for urgent attention to, and recognition of, the scale of the problem, so that it can then be addressed fully.
The threat in numbers
A quick Internet search is enough to show that the writing is already on the wall with regard to the alarming proportions of the cyber security threat. Researchers at Akamai Technologies analyzed 112 billion bot requests and 3.9 billion malicious login attempts this year alone, witnessing 16% increase in distributed denial-of-service attacks since last year. This suggests that hackers, many of whom are suspected to be state-backed, are becoming more active and daring.
Perhaps the most public illustration of this was the alleged tampering of the 2016 US elections, which potentially altered the course of the country forever. Russia, China and Indonesia have emerged as hubs of cyber-crime. A recent, massive spam campaign infected over 5 lakh routers worldwide as part of a ransomware cyber-attack, even as another ransomware attack on a government agency earlier in 2018 brought its workers to their knees and forced them to use typewriters. Another debilitating instance was the phishing attack by nine Iranian hackers, which infiltrated hundreds of universities in the US and 21 other countries, several corporations and even the United Nations, and led to an estimated loss of $3 billion.
The rap of cyber-attacks on India’s door is also now too loud to ignore. Recent reports by cyber giants have found that India is among the most vulnerable countries in the world in this respect. Symantec ranked India third in the world in terms of vulnerability. Cisco confirmed that India faces the highest number of threats in the Asia-Pacific region. India also has the fourth largest number of web application attacks in the world.
You may remember recent events that made this vulnerability seem very real. Recurrent leaks in the Indian government's Aadhaar card data has compromised the personal information of millions of citizens. In August 2018, about 94 crore rupees were transferred away from Cosmos Bank’s Pune branch, precipitated by hackers entered the bank’s ATM server and stealing details of card owners. The Indian Computer Emergency Response Team reported over 493 websites being affected by malware propagation, including 114 websites run by the Government.
Response tactics
The imminent and omnipresent threat of a cyber-attack today calls for urgent action by micro agents, without waiting for macro intervention by policymakers. For corporations large and small, besides having secure firewalls in the corporate network, it is important to prepare incident response plans and educate employees about cyber-attacks. Often one employee can sound off an alarm to prevent mass destruction. After all, it takes just one click to cause havoc. Proactive companies are prepared for such attacks. Backing-up data is common sense and crucial, however doing a ransomware drill, enabling a two-factor authentication for logging into systems helps to a great extent.
Organizations also need to ensure that their IT team is familiar with their local police's cybercrime division. They can help if one furnishes them with details like email IDs and headers, screenshots and phone numbers if available. Highlighting the pressing need for such investment by organisations, Gartner, a leading IT research company, predicts that by 2020, over 60% of them will spend 35% more on multiple data security tools like data loss prevention, encryption and data-centric audit and protection tools, etc.
At the individual level too, there are steps that can be taken to safeguard yourself. If, God forbid, you are targeted by a (very common) ransomware attack, remember that fulfilling the attacker’s demands doesn’t guarantee that you’ll have your data back. Instead, try finding the decryptor keys online, for most ransomware is poorly coded. For financial transactions, ask your bank for lockbox services to transfer and receive money safety.
Stay updated with Cyber Swachh Kendra, which is a botnet cleaning and malware analysis centre - part of the Government of India's Digital India initiative. Under the Ministry of Electronics and Information Technology (MeitY), this was initiated to create a secure cyberspace by detecting and notifying botnet infections in India, enable cleaning and securing systems of end users to prevent further infections like ransomware.
These stitches, if made in time, can save you, in cyberspace, ninety-nine!
By Dr. Yavar Ehsan, Associate Professor, Information Technology at Indian School of Business & Finance (ISBF).
Disclaimer: The views and opinions expressed in this article are solely those of the original author. These views and opinions do not necessarily represent those of Deccan Chronicle and/or other staff and contributors to this site.
