Cyberattacks against Indian businesses are increasing and becoming more sophisticated targeting sensitive personal and business data as well as critical information infrastructure, posing a threat to the country’s economy and security. With the rapid adoption of digital technologies, and the work from home (WFH) approach increasing the attack surface among organisations, the focus on security has to increase.
According to CrowdStrike’s Global Security Attitude Survey 2021, 76% of Indian organisations suffered at least one ransomware attack in the past 12 months. Many Indian companies even gave in to extortion demands of attackers to avoid an attack. Indian firms paid around $1.128 million in extortion fees, the highest average extortion fee globally. This double extortion ransom model will grow in sophistication in 2022.
With adversaries transforming their tools, techniques and procedures to challenge often under-resourced and unprepared security teams, how do Indian businesses protect themselves better in 2022?
Threat detection and response time
Leaders need to ensure their business has the ability to detect, understand and contain threats before they escalate but the survey shows they are unfortunately getting slower. CrowdStrike encourages organisations to meet the 1-10-60 rule, to detect threats within the first minute of an intrusion, investigate and understand within 10 minutes, and contain and eradicate within 60 minutes.
In fact, Indian respondents to the survey reported they take on average 358 hours to detect, 17 hours to understand and 14 hours to then contain the threat. This is far too long, especially considering CrowdStrike’s Global Threat Hunting Report 2021 highlighted that threat actors are able to move laterally across an organization’s network in an average of 92 minutes.
Attackers are getting more sophisticated, increasingly attempting to accomplish their objectives without using malware, exploiting the proliferation of vulnerabilities, and abusing systemic weaknesses in identity architecture to get on the system and then move laterally. This makes it more difficult for legacy and next generation malware products to be effective because they are not focused on breach prevention. 62% of Indian businesses say that their security infrastructure is made up of too many disparate solutions that don’t easily integrate for proper protection and prevention. Therefore, they need to think about security implications of adding new technology to their stack.
Best practices for implementing a comprehensive cybersecurity strategy
Companies must embrace a holistic, platform approach to security – one that employs both automation and the human element of managed threat hunting, to fight pervasive threats including:
Zero Trust: Taking an ‘always verify’ approach, it continuously validates security configuration and posture before access to applications and data is granted or retained. Zero Trust security involves real-time monitoring for misuse of credentials, suspicious systems or attack patterns and prevents undesirable lapses in security
Survey the environment: Auditing systems help companies to identify potential cybersecurity threats. Performing routine vulnerability and asset management scans will enable visibility into on-premises and cloud environments
Cloud-based security: An increase in data created on personal devices has opened up businesses to malicious attacks. Businesses need to turn to next-generation antivirus (NGAV) solutions, with endpoint intelligence based in the cloud rather than trust legacy security solutions that can no longer adequately prevent ransomware and malware from sophisticated cybercriminals
Test operations with tailored exercises: Security team exercises, such as remote tabletop exercises, provide opportunities to rehearse incident response activities while aiding participants’ awareness of new-age attacks. Depending on the size of the business, these can either be performed internally or through the use of a third party specialist
Raise awareness through regular security training: Despite the level of technology involved, any security framework is only as strong as the people who implement and use it. This is why enterprises must prioritise raising security awareness amongst their employees through regular security sessions. They need to upskill staff so they have a security-first approach. Training and sensitisation can help employees keep them up to date with the latest cyber threats and attack vectors
In the digital age, cyberthreats are not a technology issue but a business risk. Enterprises must realize that security strategy entails more than just technology. It is about people, processes, and engagement. Cyber risk management requires a holistic strategy for businesses, however, the good sign is there is a growing consensus among IT leaders that security needs to be an ‘always on’ element, and a ‘security-first’ approach is a must for long-term success.
Authored by
Nitin Varma, Managing Director, India & SAARC, CrowdStrike
