India Inc fought well against cyberattacks: EY
NEW DELHI: Companies in India have adapted well to respond to increased cyberattacks after witnessing “total chaos” in the first three months of coronavirus-induced lockdown, although it will take time for these firms to upgrade their networks, according to a senior official of consultancy firm EY.
EY in its Global Integrity Report 2020 had found that cybercriminals, trying to exploit the fears and uncertainties around the virus, have stepped up phishing and ransomware attacks, increasing the risks for organisations already struggling to operate during a pandemic.
The rapid shift to employees working remotely also made cybersecurity an even bigger challenge — one that organisations had little time to prepare for and such attacks have happened in various sectors, including healthcare organisations.
“But I would say India has adapted well. Today companies have much more handle on what’s happening. The first three months (of lockdown) was total chaos. That’s when all these ransomware and cyber cases happened quite a lot,” Arpinder Singh, India and Emerging Markets leader – EY Forensic and Integrity Services, said. “Today, things have opened up and people have started going back to office and also companies have invested to make sure their networks are tighter, infrastructure is tighter. But it will take time upgrading,” Singh added.
Recollecting on what happened when the lockdown was first announced in March, Singh said there was so much disruption “that I don’t think any company is fully prepared for. No one is fully prepared, even IT companies, that their employees will have to work from home. Most IT companies have desktop, and employees can’t carry desktop to home. Even a basic thing like that was not planned.”
Giving reasons for the unpreparedness, Singh said, “In India work from home has never been a very popular (concept). Companies have not really supported it like they do in the US or Europe, where it is quite common to work from home even if there is no pandemic. They are much more used to working from home than we are.” People have taken computers home, it has taken companies a month or two to set up firewalls or additional security. So that has not been easy, he added.
Singh also said with employees working from home, many companies were unable to keep full track of incidents on their network. Besides, there have been cases of companies using outdated servers which exposed the companies to cyber issues.
On the nature of cyberattacks, he said, “A lot of the issues are ransomware, where the complete infrastructure of a company is put on a standstill, where they cannot either produce, manufacture or service customers.” The EY report had stated that it’s critical to develop and implement a cyber breach incident response plan, alongside training employees, considering that most ransomware attacks occur when an employee clicks on a fraudulent email link or attachment.
It found that 62% do not have such plans in place, and less than half (49%) were adequately trained.