In 2019, a range of cybersecurity breaches surfaced all across the globe. Several cyber attacks specifically targeted India as the nation marched along the lines of the ‘Digital India’ initiative. They included malware attacks (ATMDtrack) on Indian ATMs and banking institutions, customer data leak of iXigo and JustDial, and breaches at fintech startups Chqbook and Credit Fair to name a few.
According to a report, 1,852 cyber attacks struck India every minute on an average in 2018. We are still waiting for the corresponding figure of 2019, which is likely to be higher. The report also pointed out that Mumbai – the financial capital of India – was the worst-affected as it registered the highest cyber attacks. So, let us have a quick look at some of the major cyber attacks intercepted in India and the world over and what should be our outlook for 2020.
ATMDtrack Attack on Indian ATMs: In September, Indian ATMs and banks were found to be on the receiving end of the malware ATMDtrack. The malware is reported to be controlled by cyber-hacking outfit Lazarus Group and builds on the RAT (Remote Access Trojan) attack vector. It can read and store card credentials from the ATM. The investigation into the breach found 180 new malware strains that were bundled as ATMDtrack.
Facebook’s Data Breach: In the wake of global uproar about the Cambridge Analytica scandal, in 2019, Facebook was caught in another trouble. Around 540 million records of its users were publicly divulged on Amazon’s cloud hosting service.
This figure is about 7% of the world population when a substantial sum of the same is still to digitize. Unfortunately, this incident took place in about a month after Facebook admitted that 600 million of its users’ passwords were stored in plain text and were accessible by 20,000 of its employees. Till the time of being reported, around 9 million searches for passwords had already been conducted by 2,000 of its employees.
Attack on Indian Healthcare: In February 2019, a US-based cybersecurity firm also disclosed an attack on an Indian healthcare website. It was conducted by a bad actor ‘fallensky519’ who extracted about 68 lakh documents that contained personally identifiable information, doctor details, and even credentials. The attack highlighted the need to secure our healthcare industry from targeted attacks since they often come across as sitting ducks during cyberwarfare.
Key Industry Predictions and the Outlook for 2020:
Now, let us have a look at the industry trends that might surface in 2020:
The Widening of Cybersecurity Skill Gap: According to a report by ISC, the world is already staring at a skill gap of 4 million. India alone needs more than 1 million cybersecurity professionals at present. This challenge might further aggravate in 2020 as more sophisticated cyber attacks hit the global market. There will also be a need to upskill the current cybersecurity workforce.
Multiple studies point out that most cybersecurity professionals experience their first malware attack while they are on the job. This hampers their ability to intercept and remediate such cyber attacks, something that needs to be addressed using ultramodern solutions like the simulated cybersecurity training solution Cyber Range. Deployment of such solutions amongst colleges and universities will also enable India to not only solve its own cybersecurity challenge but also cater to the ripe global market.
SOC Automation and Orchestration: The processes in the SOC (Security Operations Centre) will have to be automated and orchestrated given the volume of alerts that get generated day in and day out. Only this can enable the SOC team to focus on critical events as the repetitive and non-critical alerts could be looked after using technology.
Similarly, the SOC team has to use a labyrinthine set of security tools. This needlessly complicates their functioning, SOC Orchestration initiatives will help them to streamline all tools into a single screen, thereby considerably adding to their productivity.
The Attacks on SCADA-based Critical Infrastructure will increase: Given the voids in OT and IT security framework and the fact that their respective operations are led in siloed environments, it is relatively easy for cyberattackers to navigate their way into the network of SCADA-based Critical Infrastructure organizations including Oil and Gas, Nuclear Power Plants, Water Utilities, Manufacturing hubs, and so on.
Therefore, we might see more attacks targeted at the critical infrastructure of India in 2020. Most SCADA attacks that we see today originate from the IT world with their source being anything from spear phishing and social engineering to infected USB sticks or even systems. If our nation has to deliver on the Digital India front, it will have to turn towards integrated IT and OT security solutions like SCADAShield.
Ransomware attacks will become more threatening: As more people hop onto the digital bandwagon globally, ransomware attacks like 2017’s infamous WannaCry incident can prove to be an irritant for security experts. The projections by Cybersecurity Ventures informs us that a business would’ve fallen victim to a ransomware attack in every 14 seconds during the year just gone by.
Till 2021, it will happen in every 11 seconds. So, 2020 might see its own ransomware setback as new strains prop up that can penetrate most of the conventional and sophisticated solutions like antivirus, firewalls, and enterprise-level EDR.
MSPs will focus on detection and response capabilities for customer acquisition: Businesses having different shapes and sizes often don’t have the in-house resources and expertise to go beyond the preventative security technologies to the intuitive ones. There is a grave need for pre-emptive detection, response, as well as round-the-clock and detailed monitoring to battle modern attacks. This, however, provides an opportunity to the Managed Service Providers (MSPs), who can drive customer acquisition by focusing on these pain points of global businesses.
According to a report by Cybersecurity Ventures, cybercrimes are going to cause damages worth $6 trillion to the global economy by 2021. As bothersome as this trend is, it also gives India – a nation that has the largest pool of youth around the world – an opportunity to carve its own path in the global cybersecurity market. 2020 can become a crucial milestone for the nation and enable it to grab a lion’s share in the burgeoning market. Perhaps, adding a considerable thrust to the economy’s 5-trillion-dollar-run till 2025.
Rakesh Kharwal, Managing Director, Cyberbit