NEW DELHI : Crime rates have come down during the lockdown, but cybercrimes are on the rise. With millions accessing critical work data on home networks and personal devices, cybercriminals have found targeting organizations easier than before.

According to cybersecurity firm K7 Computing, between February and March, the number of devices in India that received at least one cyberthreat grew by 12%. By the end of April, the number of cyberthreats is expected to increase by four percentage points over the previous month.

“Businesses had very little time to prepare for this situation and ended up employing quick measures to enable business continuity," said Himanshu Dubey, director, Quick Heal Security Labs.

Small and midsize businesses (SMBs) are especially at high risk, since they are allowing rented laptops and BYOD (bring your own devices) to connect to their enterprise networks. Many of these devices often run on outdated operating systems and do not have an up-to-date security solution. Many employees are remotely connecting to their organization’s network without using VPNs, or via unsecured routers, added Dubey.

Attackers are casting a wider net and trying to exploit individuals with spear phishing emails carrying malicious files, which, if installed, can grant them access to the user’s system and on to critical company data. Similarly, after the recent cases of break-ins into videoconferencing app Zoom by unknown people, many recordings were leaked online.

When individuals are using their devices at home, IT teams don’t have the same visibility or control over web activity that they would otherwise have if everyone was in the office. A user who accidentally navigates to one of these sites can release destructive malware into the remote device and then onto the corporate network, warned Murali Urs, country manager, India, Barracuda Networks.

In an April global survey by Check Point Software, 71% of IT and security professionals reported a spike in security threats and attacks since the outbreak. Around 56% said providing secure remote access to employees was a big challenge, followed by the need for remote access scalable solutions, which was felt by 55%. Around 47% found use of shadow IT solutions by employees working from home as the third challenge.

“Employees are no longer behind a corporate firewall along with gateway web-filtering. We found around 50,000 computers in India with default RDP (remote desktop protocol) port open to allow remote access. Many IT admins would have had to loosen their firewall settings to allow employees to connect to their remote computers in the office," said J. Kesavardhanan, CEO, K7 Computing.

According to the IT (Amendment) 2008 Act, in case of a breach or damage to nominal data, one can seek up to ₹5 crore in damages under Section 43 of the IT Act. If the breach compromises sensitive data, then one can seek unlimited damages by way of compensation under Section 43A of the Act. Besides, under Section 66 of the IT Act, any such activity is punishable with up to three years imprisonment and ₹5 lakh in fine.

“The amendment to IT Act made a mistake by making most cybercrimes a bailable offence. Once out on bail, people will destroy electronic evidence. So, convictions started drying up. Today, the conviction rate for cybercrime is less than 1% in India," said cyberlaw expert Pavan Duggal.