India is going the digital way – from governance to its Financial Transactions, According to the Data Security Council of India (DSCI) report, between 2016 and 2018, India became the second most cyber-attacked nation – this includes all types of attacks – Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, Man-in-the-middle (MitM) attacks, Phishing, and spear-phishing attacks, Drive-by attack, Password attacks, SQL injection attack, Cross-site scripting (XSS) attacks, Eavesdropping attacks, Birthday attacks, and Malware attacks.
According to the report the average cost per breached record is estimated at INR 4,552 (USD 64), and 53% of all Cyber-attacks led to financial losses of more than USD 500,000 (including lost revenue, customers, opportunities, and out-of-pocket costs among others) for organizations in 2018 – this according to a CISCO Annual Cyber Security Report.
What is a cyber-attack?
A cyber-attack is any type of offensive action that targets computer information systems, infrastructures, computer networks or personal computer devices, using various methods to steal, alter, or destroy data or information systems.
One of the ways to prevent a Cyber Attack would be to use a Virtual Private Network (VPN) like the one provided by VPN India. A Virtual Private Network is a service that allows you to connect to the Internet via an encrypted tunnel to ensure your online privacy and protect your sensitive data. A VPN is commonly used to secure a connection to a public Wi-FI hotspot, hide IP address, and make your browsing private.
The Indian Context
According to kratikal.com, 2019 was a field year for Hackers in the Indian Cloud space, just as 2020 was Covid19’s year. The attacks were across multiple sectors. Here are a few:
The 2018 daring attack on the Cosmos Bank in Pune shook the whole banking sector of India. Hackers siphoned off Rs. 94.42 crores from the bank in Pune using data in the ATM Server. Similarly, in mid-2018, the Canara bank ATM servers were targeted in a cyber-attack. Almost 20 lakh rupees were wiped off from various bank accounts. Transactions made from stolen details amounted from Rs. 10,000 to the maximum amount of Rs. 40,000.
Then came the famous UIDAI Aadhaar Software Hack – There was a massive data breach of personal records of 1.1 Billion Indian Aadhaar cardholders. UIDAI revealed that around 210 Indian Government websites had leaked Aadhaar details of people online. Data leaked included Aadhaar, PAN and mobile numbers, bank account numbers, IFSC codes and mostly every personal information of all individual cardholders.
There were also attacks on Major Health Care websites, and individual bank accounts using SIM information. These attacks were a wake-up call for the Indian Government and Corporates across India.
Waking up to a new reality!
In the wake of these attacks, the Indian government-initiated steps on data-protection at the policy level. July end, this year, a high-level panel headed by Justice BN Srikrishna submitted its recommendations and the draft Personal Data Protection Bill 2018 to IT minister Ravi Shankar Prasad. Since then, the Indian government has faced a backlash from members of the business community and associations such as the Internet and Mobile Association of India, NASSCOM, the EU, and eCommerce companies like Amazon and Walmart over the provisions of the draft bill. The Bill envisages control of Data servers within the country which the EU, is naturally objecting to.
But countries such as Japan, Korea, and New Zealand have already passed data protection laws based on the principle of data localization. Meanwhile, in Latin America, Brazil passed its own law in August 2018, while Chile announced the setting up of an independent data protection authority.
The Facebook-Cambridge Analytica scandal and other data breaches, has governments across the world scrambling to implement laws around the flow of data including localization of data servers.
The High risk of cyber-attacks has opened a new industry – Cyber Insurance. About 350 cyber insurance policies have been sold in India till 2018, which is a 40% increase from that in 2017. While IT, banking, and financial services were early adopters of cyber insurance, a new demand has arisen among manufacturing, pharmaceutical, retail, hospitality, R&D, and IP-based organizations.
Organizations can take the following measures to Prevent Cyber Attacks in addition to using VPNs.
- Educate employees on the emerging cyber-attacks with security awareness training.
- Keep all software and systems updated from time to time with the latest security patches.
- Implement email authentication protocols such as DMARC, DKIM, and SPF to secure email domains from email-based cyber-attacks.
- Get regular Vulnerability Assessment and Penetration Testing to patch and remove the existing vulnerabilities in the network and web application.
- Limit employee access to sensitive data or confidential information and limit their authority to install the software.
- Use exceptionally strong passwords for accounts and make sure to update them at long intervals.
- Avoid the practice of open password sharing a
