India leads in employees selling insider information on darknet: Report

India is one of the top countries where employees are making money by selling their organisation’s data on the dark web, said a report which by security firm Kaspersky. The country accounted for 35% of all instances of insiders selling data on the dark web in the APAC region in 2021, the report said. India also makes up 9.8% of all data leaks.

The dark web is a term used for parts of the internet that cannot be accessed using regular browsers, and requires special software, like The Onion Router (TOR) Browser. Dark web websites cannot be crawled by search engines like Google, Yahoo, Bing etc. either.

Insiders selling company data makes it easier for hackers to launch attacks on firms or plant malware in their infrastructure.

Besides India, Pakistan, Australia, China and Indonesia are other countries where such security threats are rampant. The report also highlighted that India is among the top three countries in the APAC region where companies are vulnerable to publicly available exploits, along with China and Indonesia. 

Public exploits are vulnerabilities in software code, websites etc, that are known to the security community, and can allow hackers to penetrate a company’s systems. These are usually patched by software vendors, etc., but IT teams often fail to deploy those patches which keeps firms vulnerable.

“While India is progressing in cybersecurity initiatives, cyber criminals are not slacking as well, taking every opportunity and weak points to target the region,” noted Dipesh Kaura, General Manager for South Asia, Kaspersky.  

Further, the report said that India is one of the key countries where hackers have opportunity to gain remote access on devices, followed by Indonesia, Bangladesh, the Philippines, and Vietnam. Government institutions, too, account for a large part of these access.

Kaura noted that collaboration between industry groups, authorities, and law enforcement organisations to share our technology, knowledge, and expertise can help in building a safer world.

A growing number of vulnerabilities and hacks in India have also been spotted by other security firms, and India’s Computer Emergency Response Team (CERT-In). In August, the CERT-In said that ransomware attacks, where hackers hold a company’s data ransom, on Indian organisations increased by 51% in the first half of this year.

In April, the CERT-In released new rules for cybersecurity reporting and compliance in India, which have been opposed by small businesses in the country, who claimed that the rules would raise compliance costs for them significantly, and that the time provided for such compliance wasn’t enough.