Ukraine war brings respite from cyberattacks for Indian firms

The Russia-Ukraine war, enhanced scrutiny by government bodies on cybersecurity, and enterprises strengthening their security postures seem to have worked in favour of Indian companies who were facing a brunt of cyberattacks last year.

According to a report by virtual private network (VPN) provider, NordVPN, only 52 companies in India were hit by cyberattacks between January and September 2022, which is a big drop from the 308 companies hit by such attacks in 2021. The report also noted that the total number of users affected by such attacks dropped from 46 million to 21 million.

Daniel Markuson, cybersecurity expert at NordVPN attributed the slowdown to the Russia-Ukraine war. “Russia has long been known to have significant state cyber warfare capabilities. After the leak of internal records from a leading cybercrime group called Conti, many analysts suspect that the group is at least partially controlled by Russian security or intelligence agencies. It could be that some cyber criminals have now been directed to perform cyber warfare instead,” he said.

Markuson also noted, the western sanctions against Russia may have played a role as well. “The sanctions mean cryptocurrency and fiat transactions may be under greater scrutiny, and it can also be harder to move around online as well. All of this makes profiting from cybercrime a bit more complicated,” he said.

Prateek Bhajanka, cybersecurity expert and technology strategist at American cybersecurity company, SentinelOne, agreed that certain political deterrence may have resulted in decline in the number of ransomware attacks.

“Increased attention and surveillance on ransomware attacks by governments, calling for political cooperation among the countries to put a halt on ransomware operations, and infighting among the ransomware gangs have resulted in a temporary dip,” he said.

The war aside, companies too have been improving their security postures. Debesh Choudhury, security researcher and advisory board member at UK-based Mnemonic Identity Solutions Limited, said that companies have become more resilient by “investing significant resources into their security strategy” in the last two years. He added that the sudden move to work-from-home led to an increase in the use of digital tools, which made firms more vulnerable to attacks.

However, security experts warned that the respite may be temporary. Bhajanka, Choudhury and Markuson all said that companies can’t afford to slow down investments in security due to this slowdown either.

Data breaches cost businesses an average of $4.24 million, according to the Cost of Data Breach report by IBM published in July 2022. The company noted that the cost of such breaches in this year’s edition of the report was the highest in its 17-year history. It also said that Indian firms had lost ₹17.6 crore in 2022 on an average to data breaches, a 25% increase from 2020, and a 6.6% increase from 2021. These costs include lost business, regulatory fines, and the price of clearing hackers out of networks, the study noted.