How India Inc is losing its cyber security war


Mumbai’s top cybercop Brijesh Singh has his hands full these days. With increasing cyber crime, including a rising tide of corporate cyber incidents, there’s no respite for the Maharashtra Police cyber crime team that the suave 1996 batch IPS officer leads. Recently Singh’s crack team solved a host of high-profile cases including the Reliance Jio Infocomm unauthorized data access case and Game of Thrones leak.

“We end up getting at least three-four corporate cybercrime cases in a week. Earlier the corporates wouldn’t come forward to disclose cyber incidents, but now we see them coming forward to lodge complaints and work closely with the police department to help solve the cases,” said Singh, special IG-cyber, Maharashtra Police.

Singh’s team, these days, is swamped with sophisticated business email compromise cases wherein cyber criminals injected messages in trail mails and changed invoice numbers and bank accounts to siphon off money.

With each passing day, cyberspace is becoming a new frontier for corporates.

Globally, in the past few days, Equifax breach exposed personal information of 145 million US customers, Yahoo acknowledged three billion email accounts were breached in 2013 attack and accounting firm Deloitte, which incidentally runs a large cyber practice, was also hacked.

The industry bigwigs have started sounding warning bells. Tech visionary Larry Ellison said last week, “Make no mistake: it’s a war. We have to reprioritise and rethink about how we defend our information.”

In its Q2 2017 report, leading IT security firm McAfee Labs counted 311 publicly disclosed security incidents. The report also mentioned that security teams nowadays face 244 new cyberthreats every minute.

In such a milieu, the situation is not different in India. In the past few months, two of India’s top private banks, a top telecom company, a top media company and a stock exchange have all been victims of major cyber attacks or cyber thefts, and ransomware Wannacry and Petya infected thousands of companies. “The attacks which are publicly known are only a minuscule number.

We are only looking at the surface; no one know what’s going on in the background and even the companies are not aware of threats lurking in their system,” said Altaf Halde, managing director, Kaspersky Lab (South Asia).

Given the lack of any regulations regarding disclosure – except in financial services where it is mandated by the Reserve Bank of India – companies hit by cybercrime hide the incidents even in cases where customers have been impacted. So the true extent of impact on India Inc never comes out.

Cyber experts say what makes Indian industry vulnerable is changing threat profile due to resource rich nation states now targeting companies.

Increasingly there is evidence that critical national infrastructure is being probed by cyber agents from other nation states. A few years ago, US intelligence agency NSA had picked up the trend of Chinese hackers targeting Indian pharmaceutical and IT companies and even discussed specific inputs with companies.