2014, Gujrat. Deepak Nitrate is a listed company in BSE with an around net worth of 1500 crores. They were surprised when they didn’t receive payments after a consignment was received by a client in the US. Upon inquiry, the client said, they have deposited the money in the new account in Malaysia. Which account??!! The account you informed us about, in an email, sent from the official Deepak Nitrate id. A case was duly registered with the cyber cell of Gujrat police. Result? Nothing so far.
2015 We can’t name the affected companies in this case (you would realize why) who are two Indian conglomerates. They paid hackers 5 million dollars each, lest the hacker would disclose some wrongdoings. More surprising facts came out during the investigation. The hackers got access to the system more than 2 years ago and waited until the suspicion regarding the fraud started to form. The evidence which could have implicated the wrongdoing was held for ransom, and the ransom was paid as well.
2017 Union Bank of India’s cybersecurity was breached, and a huge sum of money was transferred. The bank could find the trail, and by using few very highly placed connections, and government interventions, the flow of the money was stopped. We are talking about huge money here, but even more importantly, we are talking about the breach of the cybersecurity of banks which generally employ heavier security.
Welcome to the modern threat to business, malicious or criminal digital activities, more commonly known as hacking. Forget the public or the government, even the Indian companies don’t realize how big a threat is looming over their heads. Without exaggerating, every 3rd SME in India is subjected to hacking efforts of different degrees.
How Many Ways Businesses Face Cyberattacks?
The third attack is real hacking, as defined by Hollywood films and poorly copied by Bollywood movies. Basically, the point we are trying to prove is how many ways you can be hacked.
If you are an IT expert, you would have realized one thing, these three attacks are different methodologies altogether. The first one is a simple case of classic phishing with a high level of polish or hacking of email accounts. The second attack is database hacking where the attacker got hold of confidential information.
Many experts would talk about 8 major threats to any business:
- Malware where malicious software is introduced/installed in the server/IT system,
- Phishing where a fake web page is created to capture sensitive data esp. passwords,
- Password Stealing where it means what the name suggests,
- DDoS where the IT system is gunned down by excessive requests to the server,
- Man in the Middle attack where an eavesdropper catches sensitive data by intercepting communications between two legit users,
- Drive-by Downloads where malicious software are installed when the user visits a website,
- Rouge Software which poses as another legitimate software and
- Malvertising where the virus/malware is installed when the user clicks on an ad.
How Does Cyberattack Hurt Your Business?
Coming to the effect of these attacks, which sounded more technical than business, the effects are far-reaching. Forget the common thoughts which are coming into your mind including loss of money or being held for ransom.
Think about what if these hackers are employed or sponsored by your competitor.
In these days of start-ups (which often ends with end-down), information (read, idea) is the key to success, and if that is stolen, the business is as good as gone. Then there are the perennial issues like a financial loss (think of the United Bank case mentioned earlier) or theft of user information (think of Yahoo) or even theft of personal (too personal at times) online assets (think of Apple iCloud) which your company might be holding.
Then there is DDoS, the best way to prove a company inefficient by repeatedly and constantly making the services offline or inaccessible.
How to Make Your Business IT-Safe?
There is a common saying among the system admins and IT security professionals, “If it has an input, it can be hacked.” In other words, everything is hackable, in IT. While protection can make these threats less likely, you are never safe or un-hackable.
The best way to go about it would be to opt for cyber insurance.
Yes, they exist! They provide rather exhaustive protection (and/or compensation) for these hack attacks.
You can expect liability and property losses to be extensively covered under these policies. During a data breach, not only the business gets liability cover for the loss of personal, financial or confidential information of the user but also other related costs like credit monitoring, notification costs, fines and penalties, the cost to defend claims and loss incurred due to identity theft. Some other losses which are covered in most of the policies are funds transfer loss, business interruption, cyber extortion, computer fraud, and data loss.
What Makes an Organisation More Vulnerable?
- Firstly, lack of awareness is the biggest problem in India. A rather standard joke is, there are two types of Indian companies online, those who know they are being hacked and those who don’t.
- Secondly, there are companies, even big names whom we can’t name here, who have no written down IT security method or standards. Many of those are not even aware of the need.
- Thirdly, these companies think that “IT security can be handled well by the IT department alone,” without realizing often management needs to get actively involved in the strategy-making or at least, pay attention to the strategies the IT department comes up with.
- And finally, the lack of interest from employees makes it worse and almost impossible for the IT department to enforce a total lockdown. Seriously, how can the IT department check every email every employee is opening and whether or not they are clicking on links on those emails?
There are a few insurance policies, protecting the companies from these debacles. Insurance advisors like SecureNow can be relied on for selecting and maintaining such policies for your business.