With an evident increase in the frequency and volume of cyber-attacks on India, government sectors are in the foremost line of fire. Explaining the rise of targeted cyber-attacks in India to News18, Saurabh Sharma, senior security researcher at Kaspersky APAC's global research and analysis team, said, "Most of the cyber attacks on Indian government are targeting the defence and energy sectors."
Further adding to this, Sidharth Mutreja, enterprise solutions architect at Kaspersky APAC, stated that alongside defence and energy sectors, cyber-attacks in India also predominantly target banking and finance, as well as "critical infrastructures", such as oil and gas. Elucidating on targeted attacks on Indian government infrastructure, Mutreja added, "We see very sophisticated attacks coming in, which are also constantly evolving in technique to fly under the radar. These are referred to as APTs, or Advanced Persistent Threats. Typically, APTs have a life cycle of 200+ days, during which it looks at multiple avenues to breach."
Continuing on this note, Sharma further added, "If we do not detect the attack right away, it can take up to 200 days to figure out what really is happening. The first questions that we attempt to solve are how to detect such an attack, what is the course of action to be taken, and how to quarantine the threat."
This affirms the rising threat of cyber-attacks in administrative affairs, and underlines the risk that it runs. This further brings to light the general view of India’s cybersecurity standards, which are often deemed to not be sophisticated enough. Mutreja, however, gives a different view, stating, "To be honest, (security standards) are good, but what is more important is to look at the implementation of these standards."
The implementation of the upcoming Personal Data Protection Bill, 2018 may play a key role in defining the scope of not just the government, but of India as a whole, opines Mutreja. "How the data privacy law gets implemented will play a key role. But, laws will always be playing catch up with technology, and will not change every year and have different interpretations. As a result, certain basic 'cyber hygiene' tasks need to be followed. Default configurations are the most disastrous, so is the issue of not updating systems on time, as well as not restricting usage on sensitive computers to only specific, requisite tools. Many attacks are also human-born, where people click on malicious links on sensitive systems," he says.
There has been rampant increase of interest in India among cyber criminals, as many reports have stated. In March 2019, endpoint security researcher Sophos revealed that as much as 76 percent of all firms were hit with cyberattacks of varying degrees of intensity, marking a staggering average as a statistic. It is this that calls for adopting more stringent privacy and data security practices. This would further involve a far more robust spread of knowledge and awareness among users and officials alike — an imperative factor, given that the threats are increasing in volume and complexity by the day.