BD Software Distribution (BD Software), the Country Partner for Bitdefender in India, has released a report “Going Cashless and Digital: Top Cyber Threats and Targets for 2017 in India” highlighting major trends in cyber threat landscape in India in 2017. BD Software researchers point out that the year of 2016 will be remembered in India as the year of unprecedented cyber espionage attacks and attacks against banks and financial institutions.
“The passing year has brought a good deal of challenges for India’s cyber security space. Marked with high-profile breaches and the feel of excitement and uncertainty over the country’s move towards digitizing all spheres of life and economy, the outgoing 2016 sets high expectations of more advanced, more complicated and possibly more devastating security breaches in the coming year” said Ajay Khubchandani, BD Software Senior IT Security Expert & Pre-sales Manager while commenting in the release of report.
The report highlights some of the most remarkable cyber security incidents of 2016, including attacks against government agencies and organizations carried out by cyber-espionage groups Suckfly and Danti, the leak of more than 22,000 pages of the dossier on India’s first Scorpene-class submarine, the massive breach of debit card details of leading Indian banks, among other incidents.
According to researchers, while accurate statistics on data breach and cyber incidents is
hardly available in India, one cannot underestimate the advancement of cyber incidents in the country. “Cyber security has no geographical boundaries or language barriers. Hence,
cyber security trends in India, in general, follow the global ones. However, there are certain
country-specific factors shaping India’s cyber threat landscape, and given the pace of
digitization India is going through currently, such factors will play the major role,” said Basawaraj Vastrad, Head of Tech & Support at BD Software.
The report in detail profiles several groups of targets that are more likely to attract cyber criminals’ attention.
The first group of targets covers smartphones, especially the ones running Android
operating system. BD Software experts note that growing number of mobile internet users in India contributes to the growth of malware targeting smartphones’ operating systems and mobile applications through which people access personal data and work-related information that might be of use to cyber-criminals.
- Cashless financial transactions
The second group of targets broadly includes cashless financial transactions that are
carried through ATMs, POS-terminals, online banking websites and various mobile apps
used for accessing net banking, digital wallets and other payment-related services.
- Personal data
The third target that is likely to invite unwanted attention of cyber criminals in the coming
year is personal data. Experts note: as India is becoming more and more digital, the personal data of all sorts, from biometrics and family records to bank accounts and social media accounts is in danger.
Connected devices, or IoT (Internet of Things) in general is another target for notorious
cyber-attacks. Researchers predict the IoT will soon become the biggest vector of attacks on companies as, according to Gartner, the number of connected devices may between 20 billion and 50 billion units by 2020. Even at the household level IoT is going to emerge as a big threat for privacy and data security.
The results of several studies conducted by Bitdefender researchers in 2016 show that one of the biggest challenges with IoT is not securing these devices or access to them, but the fact that device makers are shipping inherently insecure devices, be it a default password or communication between the network and devices. The security vulnerabilities discovered by Bitdefender researchers in such products as electrical switch or a smart network camera that is commonly used as a home surveillance system and communication medium between parents and children, raise many concerns over utility of such devices vs the dangers of using them unconsciously.
- Governments organizations
Finally, another large group of targets that cyber-criminals will aim their efforts and
resources at are governments, government agencies and state-affiliated organizations.
The scale of nation state-driven data breaches is going to increase further with cross-border tensions continuing in many regions of the world, and for India it would mean the continuation of cyber-conflict rhetoric exchange with its immediate neighbors.
Experts warn that not only state agencies but even the businesses and common public
having access or operating in a critical infrastructure industry (be it defense, healthcare,
finance, power generation and distribution or manufacturing or other industries) have to be
prepared for the possibility of being affected by such state-driven attacks by deploying
reliable solutions as well as implementing strong security policies that will ensure continuous monitoring of networks and user activity as is might become a top security priority for the coming years.