During the COVID19 pandemic, India witnessed an increase in the number of cybersecurity incidents.
India had a total of 11,58,208 cyber security incidents in 2020-21. Cyber security attacks increased to 12,13,784 by October 2021, the Minister of State for Electronics and Information, Rajeev Chandrashekhar, informed the Rajya Sabha.
Cyberattacks happen when it is least expected considering that it becomes important for organisations to be prepared for data breaches.
A Ponemon survey determined that 47 per cent of organisations have not assessed the readiness of their incident response teams, meaning that the first time they test their plans will be at the worst possible time in the middle of a cyberattack. Hackers constantly and consistently test the defenses and reactions, a Havard Business Review report added.
Preparedness of organisations to deal with breaches
A data breach occurs when the private information of a company or an individual is accessed by an unknown authority.
It is important to re-evaluate the security systems and procedures. Before changing the security systems for a private or public organisation the professionals calculate the strengths and weaknesses of the previous framework.
Hence no time is wasted in trying different procedures and the weaker points/areas are replaced with stronger defense.
“Crisis Simulation. Every time we are preparing for something, we always need some practice to do it more efficiently and easily or areas with flaws which need to be improved,” said Kavitha Srinivasulu, Associate Vice President, Global Head of Cybersecurity & Data Privacy, GAVS Technologies.
She further explained that similarly, in crisis simulation security systems are constantly tested by professionals to find flaws. There should be routine checks on the reason security threats are constant and evolving and there is a need for crisis management simulation to identify and eliminate issues.
“Now considering all the scenarios we have upgraded all the systems perfectly but still there is a chance that a data breach will appear due to a system failure or a human error. Hence the process of facing the legal actions and lawsuits during a data breach is known as Litigation preparedness,” added Srinivasulu.
She further added that considering simulations, evaluations, and litigation preparations data breach preparations also have budget concerns.
The professional’s set up strong data defense but a decrease in security concerns lead to a lowering in funding. Hence proper funding is necessary for the data security systems, or else the data protection systems will falter, and a data breach will occur.
According to industry experts, a few of the practices that organisations can adopt include, implementing an awareness and training programme as end users are top targets so it becomes important that everyone in the organisation is aware of the ransomware attack and how it can be tackled.
“Scan and filter all incoming and outgoing emails by using content scanning and email filtering to detect threats before they reach end-users. Enable strong Spam Filters – This is to prevent phishing emails from reaching end-users,” said Srinivasulu.
Configuration of Firewalls as it allows authorised users to access data while blocking access to known malicious IP addresses.
Logically separate Networks as it helps prevent the spread of malware. If every user and server is on the same network, the most recent variants can spread.
Users should not be assigned administrative access unless absolutely needed. It is also important to consider using a centralised patch-management system and back up data regularly along with verifying the integrity of those backups and testing the restoration process to ensure it’s working.
Lastly, secure offline backups ensure backups are not connected permanently to the computers and networks they are backing up. Conduct an Annual Penetration test and Vulnerability assessment.