Indian Organisations face rising cyber risks and losses, urgent cybersecurity measures needed

A recent study unveiled significant financial losses for Indian organizations, as 83% reported enduring million-dollar setbacks due to cybersecurity incidents in the past year. The study, conducted by IT and cybersecurity firm Cloudflare and titled “Securing the Future: Asia Pacific Cybersecurity Readiness Survey,” revealed that among the 83% of companies affected, 48% faced 10 or […]

A recent study unveiled significant financial losses for Indian organizations, as 83% reported enduring million-dollar setbacks due to cybersecurity incidents in the past year. The study, conducted by IT and cybersecurity firm Cloudflare and titled “Securing the Future: Asia Pacific Cybersecurity Readiness Survey,” revealed that among the 83% of companies affected, 48% faced 10 or more cyberattacks.

Cloudflare’s report sheds light on the current state of cybersecurity preparedness in the region, exploring how organizations are grappling with a surge in cybersecurity incidents and their resultant impacts.
Cyber risks loom large as the foremost threat, with 38% of survey respondents expressing a high or extreme level of vulnerability. This underscores the pressing need for enhanced cybersecurity measures and readiness in the Indian business landscape.
With this, cybersecurity has jumped two spots from number three to number one on the risk radar when compared to the 2022 Global Risk Survey, the PwC’s 2023 Global Risk Survey- India edition stated.

PwC said the final results of the survey are based on 3,910 survey responses from Business and Risk Management leaders (CEO, board, risk management, operations, technology, finance, audit) across 67 territories providing their views on the status and direction of risk in their organisation. 163 Indian organisations were a part of this survey.
Other digital and technology risks are also top concerns for business leaders in India (at 35 per cent).
To address the challenges, Indian organisations are making bold investments in cybersecurity with more than half of the respondents planning to invest in cybersecurity tools (55 per cent) and AI, machine learning and automation technologies (55 per cent) in the next 1-3 years, according to survey findings.
To back these investments, 71 per cent of Indian organisations are gathering and analysing cybersecurity and IT data for risk management and opportunity identification. Globally 61 per cent of the organisations are doing the same.

Sivarama Krishnan, Partner and Leader, Risk Consulting, PwC India said that the 2023 Global Risk Survey shows that Indian business leaders are not only demonstrating an increased appetite for taking risks but are also doing a reasonable job of identifying opportunities presented by risks.
“This mindset shift is critical for an organisation’s progress- it will not only help businesses be better prepared to manage risks, but also grow, build resilience, deliver outcomes and create value for all stakeholders,” Krishnan added.
The survey also showed that 99 per cent of Indian business leaders are confident their organisation can balance growth with managing risk effectively, of which 66 per cent are very confident of the same. Globally these figures stand at 91 per cent and 40 per cent, respectively.
Further, Indian businesses are seeing technology disruptors as opportunities, with 69 per cent of Indian executives seeing Generative AI as an opportunity (against 60 per cent globally).
The survey also revealed how organisations are taking the help of emerging technologies such as GenAI for risk management, with 48 per cent of Indian enterprises having deployed AI and machine learning for automated risk assessment and response to a large extent. This is slightly lower than the global response of 50 per cent.
To leverage the positives brought in by risks and disruptions, the survey said 88 per cent of Indian organisations are actively investing in building resilience in their ecosystem over the last 12 months. Globally, 77 per cent of the businesses are investing in the same.

Cloudflare’s report said that despite the frequency of cybersecurity incidents in India, only 52% of respondents consider themselves highly prepared. Also, 47% of the companies indicated that the financial impact of such incidents exceeded $1 million in the past 12 months, while 27% experienced financial setbacks of no less than $2 million.
“Preparedness is key, as organisations continue to grapple with a cybersecurity landscape that has unprecedented complexities,” said Jonathon Dixon, vice-president and managing director, Asia Pacific, Japan and China at Cloudflare.
“With India’s growing digital prowess and continued business reliance on technology, it is critical for organisations to foster a security culture that empowers their leaders to approach cybersecurity as a strategic business imperative,” he added.

The report noted as a result of cybersecurity incidents, 46% of respondents said that their organisations reduced or restricted hybrid work, were forced to lay off employees, and postponed expansion plans.
Talent shortage was also identified by 57% of Indian business leaders as the biggest challenge they’re facing when it comes to cybersecurity preparedness, and 44% indicated a lack of funding is hindering their ability to protect their businesses, the report highlighted.

Cybercriminals often target companies to steal valuable data, such as financial records, intellectual property, or personal customer information, which can then be sold on the dark web or used for various malicious purposes.
Another critical threat is ransomware attacks, where cybercriminals encrypt a company’s data and demand a ransom for its release. These attacks can cripple a company’s operations and result in substantial financial losses. Phishing attacks, in which employees are tricked into revealing sensitive information or installing malicious software, also remain a significant threat. Additionally, insider threats from employees or contractors with malicious intent can compromise a company’s cybersecurity.

*Educate employees on emerging cyber-attacks with security awareness training.
*Keep all software and systems updated from time to time with the latest security patches.
*Implement email authentication protocols such as DMARC, DKIM, and SPF to secure your email domain from email-based cyber-attacks.
*Get regular Vulnerability Assessment and Penetration Testing to patch and remove the existing vulnerabilities in the network and web application.
*Limit employee access to sensitive data or confidential information and limit their authority to install the software.
*Use highly strong passwords for accounts and make sure to update them at long intervals.
*Avoid the practice of open password sharing at work.

Hack Attack on Indian Healthcare Websites: Indian-based healthcare websites became a victim of cyber-attacks recently in 2019. As stated by US-based cyber security firms, hackers broke in and invaded a leading India-based healthcare website. The hacker stole 68 lakh records of patients as well as doctors.

SIM Swap Scam
Two hackers from Navi Mumbai were arrested for transferring 4 crore rupees from numerous bank accounts in August 2018. They illegally transferred money from the bank accounts of many individuals. By fraudulently gaining SIM card information, both attackers blocked individuals’ SIM cards and with the help of fake document posts, they carried out transactions via online banking.