A recent report, prepared by top international consultants, KPMG, has said that an alarming 72 per cent of company leaders in India, up from 49 per cent a year ago, have said that they have faced “some sort of a cyber attack over the past year, indicating an increase in the volume of attacks.”
The sharp 23 per cent rise in the number of respondents pointing towards cybercrime on companies, however, is not the only cause of concern. The report, titled “Cybercrime Survey Report 2015”, says that “Cyber incidents have not only risen sharply in 2015, the trend is more towards cybercrime with financial motives.”
Thus, while this year 63 per cent respondents said that cybercrime has led to financial crime, about the same numbers, 65 per cent, say it has been carried out to target financial gains. A similar report a year ago said that 45 per cent respondents -- about 20 per cent less -- thought cybercrime was carried out to target financial loss.
The report adds, 46 per cent respondents believe that corporate espionage has been the motive for cybercrime, and 45 per cent “mentioned theft of sensitive information” as the cause.
The report comments, if cybercrime was only perceived as a “malaise, impacting large companies and multinational corporates who have their presence in the western hemisphere”, now “Indian companies are increasingly being targeted”.
“This spurt”, says the report, “has been on account of the following factors: increase in the number of people accessing the internet; increase in number of smartphone users; and Dawn of path-breaking transacting platforms such as m-commerce, mobile banking and mobile wallets.”
It adds, “The year 2015 has witnessed an increase in spear phishing attacks targeted at email systems to defraud companies by redirecting foreign remittances/ payments to money mule accounts of hackers.”
Pointing towards poor state of cyber security of Indian companies, the report says, “74 per cent respondents stated that a detailed annual IT and cyber risk assessment is not carried out”, adding, “Cyber risk assessment is not a focussed area for most of the enterpises across functions and people” because the “the focus is only on technology.”
It goes on to state, “78 per cent respondents stated that they do not have a cybercrime incident response plan, while 62 per cent do not have a governance process to log and monitor IT events on their critical systems.” It adds, “72 per cent respondents indicate that the number of cyber response organisations are inadequately equipped, given the level of cybercrimes.”
It also states, “68 per cent respondents stated that they do not have Security event management and incident management (SIEM) system to support cybercrime incident detection, analysis, and 61 per cent do not have data leakage with reference to prevention tools installed on servers and end user systems.”
The survey, which is based on an interview of 2,500 company leaders, claims to provide “the industry with a reference point that sheds light on key aspects of cybercrime in terms of industry perception, affected areas of the organisation, and impact and responsive measures that companies have taken.”
The survey was conducted by using web-based forms and personal interviews, with participants attached with important sectors such as oil and gas, infrastructure and government, IT and ITeS, manufacturing, pharmaceuticals and chemicals, and retail, and telecom.
“There is a significant spurt in cybercrimes across enterprises and it is of paramount importance for management to realise that these are no longer a one-time phenomenon”, the report says.
It adds, “The nature of cybercrime is constantly evolving, specifically with attackers having a solid arsenal of the ever evolving stealth attack”, with 94 per cent believing “cybercrime is one of the major threats being faced by organizations”.
Comments