New Delhi, Oct 5 : If you are running an enterprise or planning a start-up in India, accepting the fact that cyber security threats are real and dangerous is the first step towards securing your data in the long run, a top cyber expert has suggested.
India is among the top five countries in the world to be attacked by ransomware -- malware that forces its victims to pay a ransom through certain online payment methods to regain their data.
Globally, cyber crimes are on the rise. China tops the chart of countries attacked by mobile malware with over 35 per cent of users becoming victims in one form or the other. India ranks 7th, with 21 per cent of users affected.
"Every CXO has to realise that IT security is a journey and not a destination. There is no space for 'it will never happen to us' or 'we have the best security in place'. The threat to data is fairly new and many old-fashioned businesses have trouble understanding the real extent of the threats," Altaf Halde, Managing Director, Kaspersky Lab (South Asia), told IANS in an email interview.
Headquartered in Moscow, Kaspersky Lab is a leading software security group operating in almost 200 countries and territories worldwide.
"Each time we hear of an extremely expensive data breach that happened to some company, we believe it won't happen here. But, unfortunately, it very much could. Cyber crime is happening to everyone -- from governments to the corner store owner," Halde said.
According to Kaspersky Lab, browsers (48 per cent) continue to be the top application used by cyber criminals to attack machines. This is followed by Android (24 per cent) and Microsoft Office (14 per cent).
"Traditionally, the old-school sees every cost as a burden. Hence, many organisations believe that each such cost must be contained. But they perhaps fail to see how much more it gives to them in return -- security of data, protection from harmful malware and viruses, ease of running the business and, above all, peace of mind," Halde explained.
Those who can be convinced to invest in cyber security generally opt for the cheapest solution offered. "Many believe that simply updating the anti-virus is enough security. They have trouble understanding the millions of ways in which data can be compromised. Organisations do not wish to invest time and resources in understanding this," Halde emphasised.
In the second quarter of 2016, Kaspersky Lab repelled 172 million malicious attacks via online sources located in 191 countries.
India, according to Halde, is one of the fastest-growing markets in the world and is slowly becoming popular among hackers thanks to a burgeoning middle-class, coupled with growing disposable incomes and an aspirational lifestyle.
"A stunning majority of smartphones, computers and tablets are completely without protection and open to cyber crimes in India. As more and more people do online banking transactions, sensitive data like credit card details, shipping address, etc., are open to hacking. So, yes, India is an attractive country for hackers," Halde pointed out.
It is difficult to even fathom how much harm online hacking can cause to sensitive data on government and corporate websites.
"Encrypt your data. It's basic but it is surprising many large organisations still don't do this. The more smartly you've encrypted your data, the better protected you are from millions of hackers who can't decode it," the expert suggested.
The larger the organisation, the higher the risk of information either falling into wrong hands or being vulnerable to outsiders.
"It's easy to dismiss internal threats but they are real and big. Make sure you protect all your bases and that your firewalls are in place and working," Halde said, adding that it's perhaps not prudent to allow complete access to all information to one single person, no matter how trustworthy or important he or she may be.
According to him, divide how much sensitive information is accessible even to your data administrator, security administrator or the IT head.
"At Kaspersky Lab, we believe that humans are the weakest link in any set-up. Keeping this in mind, it is imperative that education and awareness of the threats and basic do's and don'ts are given to the users at regular intervals," he pointed out.
Smartphone malware is more frightening than you think. Keep your mobiles and tabs protected too. Always use two-factor authentication during sensitive transactions such as banking.
"If anything goes wrong, contact the authorities. Do not hesitate to file a legal complaint. If you let the criminals go, they'll be back -- perhaps with more damage," Halde warned.
(Nishant Arora can be contacted at nishant.a@ians,in)