More than 60% of Indian mid-sized companies fell victim to a cyberattack during 2021, most of which are linked to external sources, shows a new Sophos report.
The findings further said that Indian firms with employee strength between 1,000 and 2,000 didn’t immediately realize they’d been targetted.
Just under one fifth (19%) of respondents surveyed said they discovered the attack within two weeks, but 22% took three to four weeks to realise they’d been attacked.
Besides, many of them had learned that the attack was linked to an external source. While half said they’d discovered the attack when they were unable to access data or systems (21% overall) or were contacted by the attackers (19%), a significant 40% only realized they’d been targetted when they found their company data exposed online (17%) or were notified by customers (12%) or the media (11%).
Almost a quarter (23%) of victim organizations in the survey said it took more than a month for the them to recover from the impact of the attack.
“Sophos’ survey shows that organizations in India are at significant risk of a cyberattack, including ransomware, which can have a far-reaching impact on customers, reputation and operations,” said Sunil Sharma, managing director – sales, Sophos India and SAARC.
“In addition, many organizations may be under-prepared to detect and respond to an attack.
The report further said that attackers can remain in victim networks for weeks before being detected, and a considerable number of organizations learned of the attack from external sources after the damage was done.”
It added that as cyberattackers increasingly use legitimate and everyday IT tools and techniques to implement their attacks, being able to spot the warning signs that an attack is underway and acting fast to neutralize a threat are becoming harder than ever.
Human-led, active threat hunting is now a key component of a defense-in-depth security strategy. And while it was encouraging to find that 80% of the cybersecurity leaders surveyed believe that threat hunting is an effective approach for strengthening their defenses, the survey findings suggest that some organizations may need support in putting that into practice.
Fortunately, there are many external partners and service providers who can help to supplement in house resources and skills with effective threat detection, investigation and response.