Why digital India is vulnerable to new-age cyber attacks

Even as governments and economies are coming to terms with the new normal and gearing up for the long term impact of the crisis, technology innovators have been working overtime to design solutions which could help retain operations and growth. Supported by government policies and innovations in emerging technologies like AI, ML, IoT, etc., India has been steadily inching towards a technology-enabled economy. However, with the rise of connected devices, efficient internet penetration, and widespread digitization of multiple sectors, including education, finance, healthcare, retail, and even agriculture and logistics, comes the threat of cyber attacks which can cause not only monetary losses but compromise data privacy and put the economy and lives in danger.

As of the first quarter of 2020, India already recorded a 37% rise in cyber attacks. Risks like data leakage, connection to unsecured Wi-Fi networks, phishing attacks, ransomware, spyware, apps with weak encryption (also known as broken cryptography) are some of the common cyber threats plaguing us. IoT and connected devices have also reported increased cases of data breaches. 

Being the second largest consumer for smart devices and a country with one of the largest base of internet consumers, India continues to remain a sitting duck, vulnerable to several national and international cyber attacks. Following are the four key reasons for this vulnerability can be listed as:

1. Outdated Systems and processes: While we do enjoy smart personal devices, a large part of corporate and business technology systems continue to depend on outdated or legacy infrastructure, with poor or inadequate cybersecurity protection. 
2. Accelerated digital adoption, over a short span of time: The widespread digital adoption across public and private sectors has left little or no time for the proper development of a backend cybersecurity infrastructure, putting a large amount of data at risk. 
3. Limited understanding of cybersecurity: The understanding of cybersecurity and its prevention continues to be limited to the installation of antivirus and malware protection software on individual computers/ devices. Even as cyber crimes are getting more and more sophisticated, the lack of understanding among the end-user continues to aid in successful cyber attack instances. 
4. Fragmented and Unorganised cybersecurity infrastructure: This is a largely unorganized and fragmented sector of cybersecurity service providers and entrepreneurs. More so, the lack of a stringent legal framework for identifying and taking cybercriminals to the task is hampered for the lack of strong cybersecurity laws.  

Even as we are trying to deal with the cybersecurity threats, the type of cyber attacks are also evolving, creating more complex and advanced set of security threats, these include: 

Cloud Vulnerability: 

Even as an increasing number of businesses adopt cloud computing, data security concerns continue to rise. As per Oracle’s cloud threat report 2019, cloud vulnerability continues to remain the highest cybersecurity challenge in the near future. While larger third party players like Amazon and Google are investing heavily in cloud security, smaller organizations and businesses that are using independent cloud services, are sceptical about investing in cloud security and thus remain vulnerable to threats like a data breach, account hijacking, malicious internal threats, and even DDOS attacks. 

Social Engineering and phishing attacks: 

This implies manipulating and leading unsuspecting victims to perform actions or divulge information, without the knowledge of the consequences. Baiting, Scareware, Pretexting, etc., are some of the most common forms of Social engineering attacks. Phishing continues to be one of the most widespread forms of social engineering attack that involves fraudulently obtaining sensitive data like card and bank details, personal information, etc., which is then used to make fraudulent transactions. The rise of e-commerce has further increased instances of Social Engineering attacks and it is on a rise. 

Attacks using Emerging Technology: 

Machine Learning, AI, and connected devices use a large amount of crowd-sourced data and information user information from social media and apps, like satisfaction ratings, brand preferences, spending patterns, browsing histories, etc., making them a preferred target for cybercriminals. Machine learning poisoning, a method to inject instructions into a system to gain insights, information, and even control the outcome, is one of the modern security breach methods targeting sophisticated systems. AI fuzzing, another tool primarily used to detect, identify, and fix cyber attack vulnerabilities in a system, can also be used by fraudsters to control and automate attacks. 

Data breaches, malware, and ransomware: 

While these are some of the most easily executed threats, they also continue to be the most common and widely used threats among cybercriminals. In the age of AI, ML, VR, and connected devices, Data is the new currency. Data breaches thus remain the priority target for most fraudsters. Malware and ransomware have caused a lot of trouble recently when work from home had rendered official IT systems vulnerable due to access from unsecured home servers. Infecting a computer with malware or ransomware, which then encrypts and makes the data unavailable for the user until the ransom is paid, is nothing less than a bank heist! 

Conclusion

While each of the above pose a grave threat, an efficient and strategic cybersecurity infrastructure can help prevent these instances and save the government, businesses and individuals a lot of time, effort, and money. By investing in robust cybersecurity that offers end-to-end security ecosystem for individual devices and networks to reliable data back-ups, regular third-party risk assessment, and strong multifactor authentication mechanisms need to be put in place. On a mass level, the first step would be a strong legal framework for handling cyber crime, followed by a widespread awareness campaign about the significance of cybersecurity and why businesses need to take it seriously. Together, these unwarranted and fraudulent interferences can be handled, to make India a truly robust digital superpower.  

Read More:

Endpoints, the New Data Security Frontier in the age of WFH

Future of Cyber Security in the times of work from home

How to protect against insider threats: CyberSecurity practices