Each one of us has at least once received a phishing mail. That's the mail that corporate IT teams strictly warn us against, but at times, is too tempting to resist, thanks to the offer, notice, discount which we can unlock by clicking that link. Most times we resist. If you got a mail from your CEO asking you to make a remittance, will you click? The chief financial officer of an Indian company did, which led to the hacking of their systems. Clearly, cyber crime perpetrators are way ahead of security teams and Indian companies are waking up to this reality finally.
Global electrical infrastructure company Thales, recently, surveyed over 100 Indian IT security managers for its Global Data Threat Report 2018 which polled 1,200 IT security managers in eight countries and across four major vertical markets. The survey found out that a striking 93 per cent of Indian respondents' plan on increasing IT security spending this year, the highest among countries surveyed and well above the global average (78 per cent).
The data is substantiated by experts, who say they have seen significant increase in security requests from clients recently. "The numbers of requests we are getting from clients have significantly increased. If you compare year-on-year, it has doubled," says Arpinder Singh, Partner and Head - India and Emerging Markets, Forensic & Integrity Services, Ernst & Young LLP.
The rise in requests comes as threats rise. Earlier this year, Symantec, the parent company of Norton anti-virus had reported that India featured amongst the top ten countries where mobile malware was most frequently blocked in 2017. The report revealed India ranks second in Asia-Pacific Japan region, when it comes to crypto-jacking and is the ninth most affected country around the world.
The Thales report says that 52 per cent of Indian respondents reported a successful breach last year, also way above the global average (36 per cent). Further, 75 per cent in India reported being breached at some time in the past, compared with just 67 per cent globally, it says.
This rise in cyber crimes and threats mostly comes with advancement of technology. Experts say that while technology has its perks, it has given more openings to cyber criminals too.
"This mushrooming of multiple digital technologies is creating huge amount of data. There is a technology shift also which is pushing more and more data into the public domain," says Narsimha Rao Mannepalli, Executive Vice President, Head of Cloud & Infrastructure Solutions and Validation Solutions, Infosys.
"The potential for crime and damage is very high because we all want data on the fingertips, on the cloud anywhere in time," he adds. In fact, according to one of the findings of the report, attacks and breaches at the cloud provider remains the top cloud security concern globally at 64 per cent, up from 59 per cent last year.
The threats are not only external but internal too. Most cyber security experts cite incidents when a disgruntled employee tries to extract revenge on the company by stealing data. Also often carelessness by employees leads to company's exposure to such crimes.
"People send information to their personal email ids. Key people in the company share their confidential profile social media. If you are a CFO and you publish your profile on social media, hackers will be able to see that and know that this person is the key management person," says Singh.
As a result companies are also investing in educating their employees in the safe practices. However, most of the steps being taken now are reactionary as most companies in India have neglected this area for a while now.
According to Shree Parthasarathy, partner - risk advisory services, Deloitte India, most companies have not really spent much on cyber security and now they have realised that they need to do it and hence there is an increase in spend. "Preparedness of global companies and Indian MNCs is good. However, it could be challenge for auto, financial services and government sectors," Parthasarathy says.
Most experts agree that mid-cap companies in India are under-prepared to face cyber security breaches. Meanwhile, lack of cyber security professionals is another area which has proved to a challenge to the industry and they are scrambling to train people to fill this need.