By Tanya Agarwal
Cybercrimes employ a computer as the object of the crime. It also includes offences like child pornography and hate crimes. Cybercriminals can use computer technology to access personal information or business trade secrets. They may also use the internet for exploitative or malicious purposes. Criminals can use computers for communication and document or data storage. Criminals who perform these illegal activities are often referred to as hackers.
In the last few years, cybercrime has established itself as one of the biggest threats to privacy and safety. Emails continue to be the main route of entry. Ransomware got its own stage in 2016. In 2015, many people were mixing the attack up or it was not on the agenda for many decision makers.
Cybercrimes in India
At least one cybercrime was reported every 10 minutes in India in the first six months of 2017. That is higher than 2016, which had a crime every 12 minutes. These include phishing, probing, site intrusions, malicious code, ransomware and denial-of-service attacks. Cyber experts say, “More Indians are going online. This makes putting in place the critical infrastructure to predict and prevent cybercrimes crucial.”
India has seen a total of 1.71 lakhs cyber crimes in the past three-and-a-half years. “It is not enough to make efforts at the government level. But cybercrime affects hundreds of individual systems and firms. All need to be ready for specialized teams,” cybercrime expert Mirza Faizan Asad said. Analysis of data from 2013 to 2016 shows that network scanning and probing formed 6.7% of all cases. Virus or malware accounted for 17.2%.
Looked at one way, 2016 was a normal year when it came to cyber security in India. Businesses and government carried on as usual. Yet, it was a banner year for cyber-breaches. From hacking of Twitter accounts to leakage of cloud data. In either view, ask security experts and they say the situation is critical.
CERT-In is an emergency response team. It was set up under the Ministry of Electronics and Information Technology. It deals with a range of cyber-attacks. The Indian Government has four Sectoral Computer Emergency Response Teams. These address Cyber Security Threats in Power Systems.
Cybersecurity instances in India
A botnet malware named Mirai took over the internet in India. It targeted home router users and other IoT based devices. The malware affected 2.5 million IoT devices. CERT-in had also issued an advisory about the attack back in October 2016.
Again, ransomware WannaCry swept the world in May. CERT-In immediately put out an advisory notice. India reported few instances of the ransomware. It affected the businesses of Tamil Nadu and Gujarat during the first wave of the attack. Rail ware users were also most affected by the ransomware.
According to cybersecurity firm Symantec, India was on the top 10 list of countries to hit by Petya ransomware attacks. Other Asia Pacific (APAC) countries were also affected. Globally, India took the seventh spot, with less than 20 organisations.
The Deloitte cyber attack
A sophisticated hack targeted one of the worlds big four accountancy firms. It compromised the confidential emails and plans of some of its blue-chip clients. Deloitte was the victim of a cyber-security attack that went unnoticed for months. Deloittes internal review into the incident is ongoing. Deloitte discovered the hack in March this year. However, the attackers may have had access to its systems since October or November 2016.
The hacker compromised the firms global email server through an administrators account. This gave them privileged, unrestricted access to all areas. The account did not have two-step verification, sources said. Microsoft-provided Azure cloud service stored emails to and from Deloittes 244,000 staff. This is Microsofts equivalent to Amazon Web Service and Googles Cloud Platform. Moreover, the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details. It has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were responsible.
A measure of Deloittes concern came on 27 April. It hired the US law firm Hogan Lovells on special assignment. It did so to review what it called a possible cybersecurity incident. Deloitte confirmed it had been the victim of a hack. But it insisted only a small number of its clients were “affected. Deloitte said the number of emails that were at risk was a fraction of this number. It, however, declined to elaborate.
In response to a cyber-incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte, a spokesman said. We remain committed to ensuring that our cybersecurity defences are best in class. To investing heavily in protecting confidential information and to continuously reviewing and enhancing cybersecurity. We will continue to check this matter and take more steps as required,” he added. Deloitte declined to say which government authorities and regulators it had informed. It hasn’t revealed when, or whether it had contacted law enforcement agencies.
Cybersecurity in the era of transformation
Cybersecurity is the body of technologies, processes and practices. It protects networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.
Technologies such as big data analytics, the Internet of Things (IoT), the blockchain, and mobile computing are re-inventing the way companies handle everything from decision making to customer service. The automation of virtually all business processes and the increasing digital connections of the entire value chain create agility. However, they also significantly raise cybersecurity risks and threat levels.
As companies embark on their journeys of digital transformation, they need to make cybersecurity a top priority. Michael Golz, CIO, SAP Americas, said, We have to maintain confidentiality, integrity, and availability of data in all these contexts: on premises, in the cloud, and in hybrid environments.
Both the value and the volume of data have never been higher, and end points are more vulnerable than ever. Any vulnerability in the supply chain now have a wildfire effect. This results in loss of millions of dollars and destruction of trust on impact. It used to take a while to exploit these weaknesses. Nowadays, its very fast and the damage is immediate, says Justin Somaini, global CSO, SAP.
With the stakes so high, senior IT leaders, including both CIOs and CSOs, need to adopt a more proactive approach to securing critical data.
Featured Image Source: Pixabay