Identity attacks rose 300% as organizations shifted to remote work

As India Inc. shifted towards a remote, work from home/anywhere model due to the Covid-19 pandemic, a wide variety of cybersecurity threats cropped up for organizations across the country, Irina Ghose, the executive director of cloud solutions at Microsoft, said on Tuesday.

Speaking at Mint Digital Innovation Summit, Ghose revealed that identity attacks, where attackers impersonated known organizations like WHO to phish credentials of targets, rose by a significant 300% during the last one year.

“Beyond this, human-operated ransomware attacks, where ransoming the entire network in less than 45 minutes, and targeted malware attacks on OT and IoT infrastructure were also happening,” she said, emphasizing that India was the 7th most suffered country from malware attacks in Asia and the 3rd most suffered Asian country in the category of ransomware attacks.

Nearly 1.16 million cases of cyberattacks were reported in 2020, up nearly three times from 2019 and more than 20 times compared to 2016, according to government data presented in the Parliament in March 2021. The gaps in compliance, security, and identity management have driven this increase as employees have been using their home networks to access corporate apps.

“In addition to this, people are also using corporate devices for home activities which further increases the risk,” Public Policy consultant Deepak Maheshwari said during the summit.

Maheshwari said people are not fully skilled about what to do and not to do which leaves them vulnerable. Plus, they could also leave an identity trail – of personal and non-personal data – behind which could be used by potential threat actors for attacks.

To combat these cyber incidents, people need strong laws at their disposal and awareness about those laws, N. S. Nappinai, Supreme Court advocate and founder of Cyber Saathi, said during the discussion.

Nappinai said people should know that they could file complaints about cybercrimes online and seek remedies, without worrying what anyone would think/say or whether they would get any solution. This step is very crucial to ensure awareness and remedies, she said.

Along with public awareness, Nappinai said lawmakers also need to be aware about the threats and the need of a standalone cybersecurity law that is “precise, simple, and easy to follow and implement”.

“The trend we have seen over the last couple of years is going to result in something very simple and precise to help the public fight cybercrime,” she said.