Home >specials >Tech@work >India tops cybercrime hit list

Mumbai: India is increasingly becoming a hotbed of cybercrime and companies are finding it difficult to cope with the onslaught of online attacks, resulting in a huge loss of money and reputation, say online security experts.

Cyber attacks are showing no signs of abating. India was ranked among the top five countries to be affected by cybercrime, according to a 22 October report by online security firm Symantec Corp.

On 18 November, The Times of India newspaper said 4,191 Indian websites were defaced or hacked into in August alone, much higher than the 2,380 attacks recorded in July, 2,858 in June and 1,808 in May, citing confidential reports by the Indian Computer Emergency Response Team, or CERT-In, part of the government’s department of electronics and information technology. Most of these attacks were on “.in" domains that have their servers in India.

“India Inc. has not kept pace with the evolving hacker. On the business side, there are at times state-sponsored individuals getting into these acts from across the world...the risk is very global in nature," said Sanjay Kedia, chief executive and country head of Marsh India Insurance Brokers Ltd, which offers cyber risk insurance services.

Senior executives who spoke at the Digital Threats and Cyber Risks Conference 2013, organized recen

Indeed, the average cost per cybercrime victim in India increased to $207 (around 13,000) in 2013 from $192 a year earlier, Symantec said in its report. Globally, the cost rose 50% from a year ago to $298 in 2013. Loss of client information is the biggest cost involved, according to Valerie Bowles, chief operating officer at law firm Amarchand Mangaldas.

“One is the direct cost which we see, but the implication of indirect cost will be much bigger, as in this well-connected world, information travels very quickly, and that compounds impact. The loss due to reputation could actually compound the losses to a great extent," said Kedia of Marsh India Insurance.

According to Diwakar Dayal, head of the security business at Cisco (India and SAARC), given that the Internet is an “extremely dynamic environment, in terms of both topology and design, it makes it that much more vulnerable to exploits".

Cybercriminals are becoming increasingly sophisticated and their attacks more difficult to predict and stop, especially with the emergence of corporate trends such as bring- your-own-device, social media and the advent of cloud computing (making services available over a network), he added.

“Enterprises should look at adopting solutions which can help them get real-time visibility and control of the situation... Clearly, multiple audits are the order of the day as the paradigm of security is moving from mere device safety to protection of data/information/intellectual property with increased awareness of risk management and the reputational cost," said Srinivasa Boggaram, a team leader (India and SAARC) at McAfee India Sales Pvt. Ltd, a digital security services company.

Some companies, for instance, have begun creating new positions called chief risk officer, or CRO, “and CISOs (chief information security officers) are being made to report to CROs especially among conglomerates and public sector banks", he added.

Kedia of Marsh India, however, said the nature of risk is evolving and changing so fast that “to start with, one needs a lawyer, a forensics consultant looking at the magnitude of the problem, and a couple of PR (public relations) managers are also required to fix it (the problem)."

Subscribe to newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.

Click here to read the Mint ePaperLivemint.com is now on Telegram. Join Livemint channel in your Telegram and stay updated

My Reads Logout