Cyberattacks have become a significant roadblock to global digital growth, with India being no exception. In this exclusive story, The Catalyst connected with Payal Nambiar, Founder and CEO of B Square, to explore her perspectives on the rising tide of cyber threats and their impact on India’s digital transformation. From challenges faced by critical sectors like IT and retail to the vulnerabilities of SMEs, her insights provide a comprehensive view of the risks and strategies needed to combat cyberattacks effectively.
How is the rise in cyberattacks impacting India’s digital landscape?
Cyberattacks are becoming a serious threat in today’s digital world. The frequency of these attacks is rising annually and might include everything from financial fraud to data theft. In the digital age, India stands at the crossroads of opportunity and vulnerability, with increasing reliance on technology driving economic growth and exposing critical sectors to the growing threat of cyberattacks. In 2024, India faced many cyberattacks, including data breaches, ransomware incidents, and data leaks.
The greatest risk of cyberattacks is seen in metropolitan regions. They are prime targets because these cities are home to the greatest concentration of government offices, companies, and businesses whereas due to fewer digital services and lesser internet penetration, rural India is comparatively less vulnerable to cyberattacks. According to PwC’s Digital Trust Insights 2024, Indian organizations were most concerned about cloud-related threats (52%), attacks on connected devices (45%), hack-and-leak operations (36%), and software supply-chain compromises (35%).
Why are the IT and retail sectors particularly vulnerable to cyberattacks?
The IT sector, being one of the largest industries, is both a target and a provider of cybersecurity services. The rise of cloud computing, software-as-a-service (SaaS), and remote working have expanded the attack surface for cybercriminals. Cyberattacks on Indian IT firms are typically aimed at stealing intellectual property and data or causing service disruptions.
The retail sector is also a prime target for cyberattacks due to the expansion of e-commerce in India. Cybercriminals frequently use DDoS (Distributed Denial of Service) assaults against e-commerce websites, steal client information, and take advantage of flaws in online payment systems. The retail industry is increasingly vulnerable to cyberattacks as a result of the increased usage of digital wallets and online transactions. To safeguard consumer data and enhance cybersecurity, numerous e-commerce businesses are investing in security features like encryption, multi-factor authentication, and fraud detection.
As per last year’s PwC’s reports of the year 2024, cyber-budgets continue to rise, with 99% of respondents reporting an increase. Of these, 50% expect a rise of 6% to 15% in the next 12 months.
What are the key strategies for enhancing Resilience within an organization’s cybersecurity framework?
According to a report by the Data Security Council of India (DSCI), India detected an average of 761 cyberattack attempts per minute in 2024, with the healthcare industry being the top target, followed by hospitality and banking.
A structured approach would help prevent cyberattacks with an emphasized use of the “3Rs” which are Risk, Resilience, and Recovery.
Risk: Identifying Vulnerabilities Early
To develop effective defenses an organization must understand the risks that are involved and should conduct comprehensive assessments of their infrastructure to pinpoint vulnerabilities. This process should include analyzing software, hardware, and processes to detect the gaps that could be open to exploitation. Based on the analytics, risks should be ranked by their potential impact.
To mitigate the identified risks companies should strategies to upgrade software and implement strong access controls while educating employees about cybersecurity best practices would add up to their efforts in reducing exposure to threats.
Resilience: Withstanding Cyberattacks
Ensuring that your business can sustain operations during a cyberattack is subject to resilience. To achieve this a strong security infrastructure of cybersecurity awareness is required with developing comprehensive incident response plans and conducting regular drills to familiarize employees with their roles during potential threats. Companies need to strengthen their defense infrastructure by investing in security solutions such as firewalls, intrusion detection systems, and encryptions. Again, regular training programs are vital as most of the breaches occur because of human error.
Recovery: Bouncing Back Quickly
Recovery of a digital infrastructure from a phase of cyber-attack should not disrupt the kind of data exposed and hence bouncing back to normalcy will be quite a task. The recovery plans should be kept prepared well in advance wherein they can be implemented as soon as an attack is identified using the cause of the breach and containing the damage.
How can SMEs protect themselves from cyberattacks?
Protecting against cyberattacks is essential for SMEs and implementing a multi-layered cybersecurity strategy can enhance their defense mechanisms. Find out which measures you can implement to secure your business.
Implement strong password policies
Implementing strong password policies is a foundational step to enhance cyber security and protect sensitive information from unauthorized access. This includes creating complex passwords that are difficult to guess and requiring regular updates to maintain account security.
Another beneficial aspect is encouraging the use of password managers, which can help employees generate and store unique passwords securely, reducing the risk of password reuse across multiple accounts.
Use two-factor authentication
Utilizing two-factor authentication (2FA) strengthens the security of businesses, adding an extra layer of protection to sensitive accounts beyond just passwords. This method requires users to provide a second form of verification, making it far more difficult for cyber criminals to gain unauthorized access.
Here are some effective methods:
- SMS codes: A one-time code sent via text message
- Authentication apps: Applications like Google Authenticator or Authy generate time-based codes
- Hardware tokens: Physical devices that provide access codes
Train employees on cybersecurity awareness
Another aspect to ensure SMEs are prepared to defend against cyber attacks is employee training. Implementing a comprehensive training program not only enhances employee knowledge but also fosters a culture of security within the organization.
Regular sessions should be scheduled to reinforce learning, ideally on a quarterly basis, to keep staff updated on the latest threats and best practices.
The content of these sessions can include topics such as:
- Identifying social engineering attacks
- Safe internet browsing techniques
- Mobile device security
- Data classification and handling
Regularly update software and systems
Regularly updating software and systems helps businesses to protect against vulnerabilities that could be exploited by cyber criminals. Ensuring that antivirus software and other security tools are kept up to date helps to fortify defenses and maintain effective network security.
Backup data regularly
Backing up data regularly is a critical practice for SMEs to safeguard against data loss, whether due to cyberattacks, hardware failures, or natural disasters. Establishing reliable backup protocols can mitigate the impact of ransomware and ensure business continuity in times of crisis.
What are the best practices for ensuring that backup data remains secure, particularly with multi-method backups?
Cloud solutions: Utilizing cloud services allows for offsite data storage, offering scalability and ease of access, which is particularly beneficial in remote work scenarios.
External drives: Maintaining physical external drives can provide a quick recovery solution, ensuring a tangible backup is available during emergencies.
It’s essential for businesses to create a backup schedule that suits their operational rhythm, whether it’s daily, weekly, or monthly.
What do you think are the best ways to enhance cybersecurity preparedness and foster a culture of awareness to effectively tackle evolving threats?
As cyber-threats become increasingly sophisticated, the need for strong cybersecurity preparedness is paramount. One of the most effective ways to address this challenge is through education and awareness. Cybersecurity education helps individuals, organizations, and government agencies to understand the risks and implement necessary measures to protect themselves from cyber threats. In India, there has been a growing recognition of the need for specialized cybersecurity training and awareness programs at both the educational and public levels.
Cybersecurity preparedness is not just about having the right tools and technology in place, it also involves creating a culture of awareness and responsibility. Many cyberattacks occur because individuals and organizations fail to follow best practices or are unaware of the risks. By increasing cybersecurity awareness, India can create a proactive approach to cybersecurity, where citizens, businesses, and government agencies are equipped to recognize threats and take steps to prevent or mitigate attacks.
The rise in cyberattacks poses a significant threat to digital growth, emphasizing the need for stronger defenses and better awareness. By adopting proactive strategies, enhancing resilience, and fostering a culture of cybersecurity, organizations and individuals can mitigate risks and protect the digital landscape from evolving threats.
All Content Rights Reserved by The Catalyst
