With an evident increase in the frequency and volume of cyber-attacks on India, government sectors are in the foremost line of fire. Explaining the rise of targeted cyber-attacks in India, Saurabh Sharma, senior security researcher at Kaspersky APAC’s global research and analysis team, said, “Most of the cyber attacks on Indian government are targeting the defence and energy sectors.”
Further adding to this, Sidharth Mutreja, enterprise solutions architect at Kaspersky APAC, stated that alongside defence and energy sectors, cyber-attacks in India also predominantly target banking and finance, as well as “critical infrastructures”, such as oil and gas. Elucidating on targeted attacks on Indian government infrastructure, Mutreja added “We see very sophisticated attacks coming in, which are also constantly evolving in technique to fly under the radar. These are referred to as APTs, or Advanced Persistent Threats. Typically, APTs have a life cycle of 200+ days, during which it looks at multiple avenues to breach.”
Continuing on this note, Sharma further added, “If we do not detect the attack right away, it can take up to 200 days to figure out what really is happening. The first questions that we attempt to solve are how to detect such an attack, what is the course of action to be taken, and how to quarantine the threat.”
This affirms the rising threat of cyber-attacks in administrative affairs, and underlines the risk that it runs. This further brings to light the general view of India’s cybersecurity standards, which are often deemed to be not sophisticated enough. Mutreja, however, gives a different view, stating, “To be honest, (security standards) are good, but what is more important is to look at the implementation of these standards.”
There has been rampant increase of interest in India among cyber criminals, as many reports have stated. In March 2019, endpoint security researcher Sophos revealed that as much as 76 percent of all firms were hit with cyberattacks of varying degrees of intensity, marking a staggering average as a statistic. It is this that calls for adopting more stringent privacy and data security practices. This would further involve a far more robust spread of knowledge and awareness among users and officials alike — an imperative factor, given that the threats are increasing in volume and complexity by the day