India Inc unprepared to deal with cyber attack

Mumbai: With incidence of cyber attacks increasing in terms of frequency and intensity, a survey showed that India Inc is least prepared to detect such incidents with majority of the respondents identifying social media as a big risk.

While the survey conducted by Ernst & Young’s (EY) Fraud Investigation and Dispute Services department found that employees are one of the weakest link in the company’s defence mechanism against data theft, about 90 per cent of the respondents unanimously identified social media as a big risk, possessing a high probability of being used to identify and target key individuals in organisations.

“A mobile workforce, increased sharing of personal and professional information on social media channels, and gaps in protecting this information could evolve as a significant cyber hazard. Emerging techniques such as phishing or spoofing can make unsuspecting employees even more vulnerable,” the survey said.

According to it, only 22 per cent of the respondents said they were able to detect incidents of cyber attack effectively.

This means that a majority (about two-third) of businesses were unable to detect a cyber incident, which could result in serious repercussions for their internal and external stakeholders.

Though one-fifth of the respondents said employees are one of the weakest links in the company’s defensive mechanism, most of the companies are still focussing more towards mitigating attacks from unknown hackers highlighting the need for a more balanced effort in addressing both the internal as well as external threats.  

“Corporate India’s exposure to cybercrime risks has magnified significantly over the last few years, with attacks becoming exceedingly complex, targeted and globalised. The shift to a digital economy has also uncovered vulnerabilities in many organizations and highlighted the need to build strong cyber strategies. The ability to foresee and remediate future threats will separate the better prepared organization from the rest,” said Arpinder Singh, partner and national leader, fraud investigation & dispute services, EY India.

About 72 per cent of the respondents believe their company’s IT security teams do not have enough specialists to deal with cybercrime incidents.

However, only less than half of the respondents surveyed are planning to increase cyber security spends, indicating that incident response is still not on the priority list.

“Organisations need to understand that the quantum of losses suffered because of a cyber breach will continue to escalate in the future, and there is a heightened need to make investments in building robust cyber diagnostic programs, provide remediation approach, cyber threat intelligence and incident response,” EY said.