Cyber breaches become frequent in India exposing vulnerability

Cyberattack on All India Institute of Medical Sciences (AIIMS) last month is a rude reminder of how hackers can cripple critical infrastructure in a devastating way. For 15 days, AIIMS network was out of bounds for system engineers, doctors and administrative staff. As a result, many critical functions, from patient registration to functioning of equipment was gravely disrupted. Preliminary investigation indicated that the server was hacked through a ransomware attack. When the country awaits final word on the nature and responsible parties behind this attack, one thing came to the fore that the digital infrastructure of India's most prestigious medical was weak to withstand such breach. Many reports suggest that huge amount of patient data got stole in this attack.

If this is the fate of country's premier hospital and medical college, then the state of affairs in small hospitals can be easily imagined. This is not the first instance when India's critical infrastructure had to face such cyber breaches. In 2020, Mumbai faced massive power outage owing to virulent malware attacks on Maharashtra's power grids. Similarly, several universities, state government offices and private firms had been victims of malicious cyberattacks in recent years. Interestingly, cyberattacks have become state-sponsored with geo-politics becoming a major factor behind such nefarious activities. India with its geo-political rivalry with Pakistan and China is becoming the target of state-sponsored attacks, emanating from these territories. For instance, there is strong indication that Mumbai outage and AIIMS attacks were carried out by China-supported groups.

No wonder, as India grows economically, instances of such cyberattacks are set to rise. During the Covid pandemic period, cyberattacks had seen an exponential rise. High level of digital adoption was the major factors behind this trend. According to cybersecurity firm Kaspersky, more than 4,00,000 new malicious files were distributed each day to attack users daily. Over 6.74 lakh cybersecurity incidents were reported in the country in 2022 till June, as per data shared by CERT-In (Indian Computer Emergency Response Team). CERT-In reported that more than 14 lakh incidents of cyberattacks in 2021. So, cyber incidents are on a rise every year.

In this context, robust cybersecurity infrastructure is desirable. To achieve this, cyber awareness is critical. Most of the time, cyber breaches happen because of not following the protocol. The user or the individual is the most critical first line of defence against any cyberattacks. Sharing of password, multiple users, easy access to outsiders, weak end point security, and other such practices lead to cyber breaches. Therefore, in this digital era, staffers have to be sensitized on the issue of following the good practices for maintaining a robust cybersecurity infrastructure. Most organisations, though become adopters of digital channels, don't invest enough on cyber security tools. This makes the system vulnerable to phishing, malware, ransomware attacks among others. Organisations, therefore, have to create separate budgets for investing in cyber security framework within their technology spend. Any negligence in this aspect can expose companies to severe financial and reputational risks. It's time that everyone takes cybersecurity theme seriously for protecting critical data from cyber thieves.