Cyberattacks In India Grew By 300% Due To Work From Home: How To Stay Safe
As people began shifting to remote work amid the pandemic, cybercriminals took advantage of the Covid-19 with predatory emails and spam messages. Within months, over 4,000 malicious coronavirus-themed domains popped up globally, offering fake information and home test kits to steal users' data and make money.
As people began shifting to remote work amid the pandemic, cybercriminals took advantage of the Covid-19 with predatory emails and spam messages. Within months, over 4,000 malicious coronavirus-themed domains popped up globally, offering fake information and home test kits to steal users' data and make money.
And with security teams stretched thin -- the decentralised workforce meant they were suddenly protecting several endpoints in various locations -- cybercriminals targeted security gaps at financial services firms, the Financial Stability Board (FSB) said.
The board makes recommendations about the global financial system and coordinates financial rules for the G20 group of nations that is non-binding.
Financial institutions vulnerable to cyberattacks
¡°The rapid move to work-from-home (WFH) arrangements increased the scope for cyber threats and for dependencies on third-party service providers,¡± FSB said in a report [pdf] to G20 ministers and central banks.
Greater reliance on virtual private network (VPN) infrastructure and on unsecured access points (WiFi networks) posed new types of challenges in terms of patching and other cybersecurity issues.
The report added that while outsourcing to third-party providers, such as cloud services, seems to have enhanced operational resilience at financial institutions, increased reliance on such services may give rise to new challenges and vulnerabilities.
Though cyber activities such as phishing, malware and ransomware are not new, they grew with the spread of the pandemic, from fewer than 5,000 per week in February 2020 to more than 2 lakh per week in late April 2021, the Financial Services Information Sharing and Analysis Center (FS-ISAC) said in a report [pdf].
The global financial body suggested institutions continue their investment in and maintenance of cybersecurity, such as firewalls, antivirus software, intrusion detection systems and security operations centres, which are essential. At the same time, financial institutions need to recognise the human factor as a core element of the cybersecurity chain, the report added.
Every other Indian organisation attacked
Cyberattacks in India rose by almost 300 per cent last year to reach 1,158,208 against 394,499 in 2019, according to data from India¡¯s Computer Emergency Response Team (CERT-In). Every other Indian organisation has suffered from a cyber attack since the onset of the pandemic.
And there aren¡¯t enough people to take care of it. In fact, there are about 3.1 million unfulfilled positions in cybersecurity around the world, professional recruitment services firm Michael Page India said in a report. India is expected to have over 1.5 million unfulfilled job vacancies in cybersecurity by 2025, the second-highest after China.
What the government is doing about it
It¡¯s been eight years since India unveiled its cybersecurity framework, but not much has been done in terms of creating a coordinated approach to address cyber threats, more so, to address the country¡¯s critical infrastructure that lacks encryption and certain security standards.
The prevalence of legacy IT infrastructure across smaller towns in India is one of the biggest challenges in addressing cybersecurity. According to a K7 Computing report in 2020, cases of phishing attacks were higher in tier-II and tier-III cities with users in Ghaziabad and Lucknow facing almost 6 and 4 times, respectively, more attacks than users in Bengaluru.
Indian foreign secretary Harsh Vardhan Shringla told the UN Security Council late last month that cyber tools were being used to compromise state security by ¡°attacking critical national infrastructure¡±. This follows reports in the media about the government¡¯s claims that Chinese state-sponsored hackers were behind the blackouts in Mumbai in October and the glitch at the National Stock Exchange (NSE) earlier this year.
In light of these events, the government is reportedly mulling a new strategy to beef up cybersecurity by categorising its digitally connected water, health and education systems as critical infrastructure and the nuclear, power and aviation systems as supercritical.
Protecting yourself from a cyberattack
Security experts recommend following these five basic cyber hygiene measures to protect your systems from a potential cyberattack. These include using two-factor (2FA) or multi-factor authentication; use an external hard drive to secure important information; turn on internal firewalls in your network; regularly update your password -- don¡¯t use the same password on different sites and avoid weak passwords -- and beware the vulnerabilities involving remote access to networks.
Apart from these healthy habits, users also need to be on the lookout for phishing emails, which can be identified via suspicious links, misspelt and a strange combination of words, and unusual attachments, especially a zip file or a .exe file. Also, check if you¡¯ve already been involved in a data breach -- visit haveibeenpwned.com -- and change those passwords for any accounts that it suggests may have been compromised.