New Delhi: India witnessed the second highest number of legitimate cybersecurity threats in the Asia-Pacific region after Australia, according to a report published in September by Cisco Systems Inc. It added that according to 27% of Indian respondents, the cost of a breach was less than $100,000, while a fifth pegged breach-led losses between $5 million and $10 million. Every single device that is on the network, at some point or the other, could be vulnerable, according to Venkat Krishnapur, vice president, engineering, and managing director of McAfee India.

Why are attacks increasing? Shrenik Bhayani, general manager, Kaspersky Lab (South Asia), believes it is difficult to assess the total amount of losses incurred by businesses in India because a lot of businesses “did give into the ransomware attacks as they did not have backups or strong cybersecurity teams to fight this attack". Not updating tools and strengthening infrastructure in time are other issues that Indian organisations have to address. “What is perhaps more alarming is the fact that many organisations across the country use pirated software to save on money, or have not upgraded their software and hardware in a very long time. This is exacerbated by the poor level of general cybersecurity awareness and the lack of proper security hygiene," says Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies.

A case in point is the WannaCry attack on ATMs in India, which according to Bhayani, was possible “because a majority of the ATMs worked on an outdated operating system" that became an easy target for the hackers. “The attacks have also increased because the tools enabling them are more easily available on the dark web. People can not only buy strains, but also hire hackers to carry out attacks," says Burgess Cooper, partner at Ernst and Young.

India faces 500,000 cybersecurity-related alerts daily and 39% of these alerts remain unattended due to lack of required skill sets: Cisco-

AI (artificial intelligence) can help organisations receive close to 350,000 suspicious samples daily, according to Krishnapur of McAfee. These are not legitimate pieces of malware, but things that just need to be analyzed and identified. He believes machine learning and AI “are perfect to do the analysis of large amount of data of this sort, because of the kind of deep learning and pattern recognition capabilities that they offer".

Strengthening security frameworks:

According to Cooper of EY, government agencies and companies are trying to create more awareness on cybersecurity through awareness programmes, risk assessment and ethical hacking. The Reserve Bank of India (RBI), for instance, introduced a cybersecurity framework for banks in August 2017, making periodic vulnerability tests and regular updation of security tools mandatory for all banks.

Consolidate vendors:

About 57% respondents of the Cisco survey citied above, said they were dependent on more than 10 security vendors, while 8% were working with over 50 vendors. Relying on different security products from different vendors, note Cisco security experts, makes updation complex and harder for security tools to detect threats.