Even as the number of organisations that are hit by cyber attacks is growing, the awareness levels on the attacks continue to be low, according to a survey by cybersecurity solutions company Sophos.

In 2021, when the world was reeling under the pandemic, about 60 per cent of the Indian organisations surveyed by Sophos have said that they had fallen fictim to a cyberattack.

Surprisingly, about 40 per cent of them have confessed that they got to know about the attack only after it was reported in the media or notified by their customers.

“It took at least a month for about 23 per cent of the targeted companies to recover from the impact of the attack,” Sunil Sharma, Managing Director (Sales) of Sophos India and SAARC, has said.

Tech Research Asia (TRA) has conducted the survey for Sophos and questioned cybersecurity leaders in 500 Indian organisations with between 1,000 and 2,000 employees.

“It is found that many of the victim organisation didn’t immediately realise they had been hit. Just under one fifth (19 per cent) of respondents surveyed said they discovered the attack within two weeks,” he said.

About 22 per cent of them took three to four weeks to realise they’d been targeted.

No clue on breaches

While half of the victims said they had discovered the attack when they were unable to access data or systems. About 19 per cent of them said they came to know about the attack after the attackers contacted them.

“The survey shows that organisations in India are at significant risk of a cyberattack, including ransomware, which can have a far-reaching impact on customers, reputation and operations,” Sharma said.

According to the survey, attackers can remain in victim networks for weeks before being detected.

As cyberattackers increasingly use legitimate and everyday IT tools and techniques to implement their attacks, it is becoming increasingly difficult to identify the warning signs and acting fast to neutralise a threat.