In April 2021, Dominos India officially made it to the dark web, where 13TB of customer data of over 18 Cr orders and personal data of over 250 employees, from the pizza chain, had been made public, thanks to one of the biggest data breach events in India Inc., in 2021. Further, Israeli security researcher, Alon Gal, revealed on April 18 that the credit card data of 1 million Domino’s India customers had been breached, and as per an Indian cybersecurity researcher, Rajshekhar Rajaharia, this data, that includes sensitive and crucial details, such as names, email addresses, mobile numbers, GPS coordinates, and more related to Domino’s orders, has also now been made public.
Even as the world is coming to terms with a digital-first approach to business, education, healthcare, banking and finance, news and entertainment as well as for a series of leisure and work-related activities, data breaches have been posing a major roadblock to faster digital adoption. In the absence of strong cybersecurity awareness and data security laws, India Inc. continues to battle regular and grave cyber frauds/ crimes, making them extremely vulnerable.
As per an Impact report released by Uni-commerce, India’s leading eCommerce-focused SaaS platform, titled ‘E-commerce Trends Report 2020’, India had recorded a 37% rise in cyber-attacks, in just the first quarter of the calendar year. Risks like data leakage, connection to unsecured Wi-Fi networks, phishing attacks, ransomware, spyware, apps with weak encryption (also known as broken cryptography) are some of the common cyber threats plaguing India Inc. As the second largest consumer for smart devices and a country with one of the largest base of internet consumers, India continues to remain a sitting duck, vulnerable to several national and international cyber-attacks. The increasing remote desktops and work-from-home policies adopted by companies in the wake of the pandemic are further making it increasingly important for firms to not only create a robust cybersecurity infrastructure but to also spread enough awareness about the need for cybersecurity.
This makes it extremely important that Indian businesses and organizations, both big and small, wake up to the need for building cybersecurity awareness and investing in a robust data security infrastructure. To begin with, the below mentioned basic steps can work as good starting points:
1. Build Awareness and relevant SOP’s: With the rising threats, adequate awareness among all stakeholders is vital, and must be followed by a detailed SOP/ Action plan on how to handle the same. A step-by-step communication on what one needs to do so as to avoid attacks and vulnerabilities, and how one can continue to be vigilant about online security, should be one of the basic Company HR induction SOP. In addition to this, it is important to have a cyber-security expert on board, who can assist in putting these basic guidelines in place, like SOP’s needed for identifying and reporting security threats, which can reduce the turn-around time needed to fix it. Cybersecurity is no longer the sole responsibility of a bunch of IT team members or external vendors but, requires a vigilant and aware force of individuals to combat the online threat.
2. Training programs: As the next steps to combating data security, after setting up a system in place, it is also important to plan and conduct a detailed training program, under the guidance of an expert cybersecurity consultant. The training, targeted towards the in-house IT team and general employees that are dealing with the data, can be conducting where the experts can talk about cybersecurity protocols, basic do’s and don’t’s and how the employees should be vigilant about the various cyber threats and frauds. This can help build a strong core team together, and this can go a long way in ensuring that employees are well aware of the gravity of the problem and are playing an active role in the prevention of the cyber-attack.
-
With the rising threats, adequate awareness among all stakeholders is vital, and must be followed by a detailed sop/ action plan on how to handle the same
Sumana Iyengar, CEO & Cofounder, Goavega Software India Pvt Ltd
3. Threat Analysis: Most businesses and organizations lack adequate information and have little awareness of how to detect cyber threats. Thus, having an expert consultant on board, who can run a dedicated Threat Analysis that can help discover risk factors, threats and highlight the current cybersecurity analysis, one of the first steps to building a cyber-security defense within a corporate ecosystem. A threat analysis also helps companies to understand the types of threats (including ones specific to the industry), and the grave consequences that can lead to not just financial losses but even loss of credibility and in some cases (Healthcare), life.
4. Stringent Implementations: Just the way modern Indian workforces are adopting digital workspaces, they need to also be educated about the urgent need for cybersecurity
protocols and protection. With rising instances of work from home, that are making companies vulnerable as they no longer have control over the data network used by employees, especially those working in remoter areas, makes it even more important that companies focus on the stringent implementation of cyber-security methods, urgently. With the help of expert consultants, who can provide customized solutions for cybersecurity based on the specific need-based scenario, is important for businesses today to be able to survive and grow safely.
While factors like outdated systems or processes, and an un-organised cyber security infrastructure, are impacting online security, lack of cyber security awareness and laws, in the backdrop of rising cyber threats, and data breaches, at a time when there is accelerated digital adoption across sectors, is making modern businesses and the economy at large, even more vulnerable. Under such circumstances, a strategic cybersecurity infrastructure, set up by expert consultants, is no longer an optional item on the list of corporate investments, but a major necessity and needs to be addressed urgently if companies wish to survive and thrive in the digital age.