Cyber extortion has become a growing threat to individuals, businesses, and governments alike. This type of crime involves the use of computer systems and the internet to threaten, intimidate, or blackmail someone into giving money, information, or other resources. India, like many other countries, has experienced an increase in cyber extortion cases in recent years.
One notable example of cyber extortion in India was the WannaCry ransomware attack on the government-run National Informatics Centre (NIC) in May 2017. The attack targeted the computer systems of more than 18,000 Indian organisations, including banks, hospitals, and government agencies. The hackers demanded a ransom, to be paid in Bitcoin, in exchange for unlocking the compromised systems.
In another instance, the City of Mumbai was hit by a cyber extortion attack in August 2020, where hackers targeted the online systems of the civic body and demanded a ransom of $1 million in Bitcoins. The hackers threatened to release sensitive information about the organisation if the ransom was not paid, putting the personal data of citizens at risk.
Another case involved an Indian pharmaceutical company that fell victim to a cyber extortion scheme in 2021. Hackers threatened to release sensitive data of the company, including intellectual property and confidential information if they were not paid a ransom of $ 5.5 million. The company had no other option but to pay the ransom to the hackers, who were based in Russia.
Cyber extortion attacks can have several detrimental effects on individuals and companies. The extortionists may release sensitive data, causing reputational damage and financial losses. These attacks also lead to financial losses and disruption of critical systems, leading to the loss of valuable time and resources. It is crucial to remain vigilant and stay informed about the latest trends and tactics used by cybercriminals to protect yourself and your organisation.
A basic IT assessment scorecard is a first step towards the diagnosis of the IT system before you move to a more technical and comprehensive assessment called VAPT (Vulnerability Assessment and Penetration Testing). This scorecard gives a basic assessment of the IT network which is assessed through a web domain name.
VAPT stands for Vulnerability Assessment and Penetration Testing. It's a process of identifying security vulnerabilities within an organisation's IT infrastructure and applications, using both automated tools and manual testing methods.
In layman language, the way we undergo full body health check-ups, VAPT is a health check-up of the entire IT network and applications of an organisation.
Vulnerability Assessment involves conducting scanning activities to identify and categorise vulnerabilities that exist within the IT infrastructure, applications, and network devices, which could lead to unauthorised access or data breaches. A vulnerability assessment provides organisations with an overall view of the security risks they face.
Penetration Testing, on the other hand, involves simulating a real-world cyber-attack to discover weaknesses that an attacker could exploit. Penetration Testing involves a detailed examination of the Security controls, using exploit tools and techniques to determine if a vulnerability can be exploited to gain unauthorised access, sensitive data theft, or to disrupt the service.
VAPT is essential for organisations because even with a well-designed and well-implemented security system, new vulnerabilities may arise over time. VAPT helps in locating these vulnerabilities, helps to eliminate them, and maintains a more secure IT infrastructure. Regular VAPT testing assists businesses in identifying vulnerabilities and providing timely responses to ensure the confidentiality, availability, and integrity of sensitive information.
Preventing cyber-attacks involves implementing various security measures and these should be part of the IT security policies of an organisation, such as:
Cyber insurance is a form of insurance that provides coverage against losses resulting from cyber-attacks, data breaches, and other online threats including cyber extortion. It typically covers expenses associated with investigating and responding to a cyber incident, as well as liability and damages to third parties due to loss of company or customer data. Cyber insurance policies may vary in coverage depending on the insurer, but in general, they can cover a range of costs, including:
Cyber threats are one of the key reasons for financial losses which mainly happen through cyber extortion. As India is in its growing phase and the cyber world has become a critical component to running a business, organisations must be updated on cyber threats and how to mitigate them. Expenditure on IT infrastructure and creating a separate budget to update IT security every year is a must-do activity.
Even with the best of systems and IT security, there is no 100% security and, in such cases, chances of financial loss are always there. To mitigate such risks, cyber insurance is an option to opt for proper risk covers. While it is not a preventive measure and is considered a post-loss measure, it helps in minimising the financial loss that an organisation may face.
Prashant Mirchandani, President – Corporate Solutions, Raghnall Insurance Broking & Risk Management Pvt. Ltd
Catch all the Instant Personal Loan, Business Loan, Business News, Money news, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
MoreLess