Today, the threat from cyber terrorism is as real as it can get. Increasing dependence on technology coupled with the rapidly evolving mindset of a shrewd fraudster has the potential to not only cripple corporations but even countries. Recent strikes around cyber terrorism or cyber war have made headlines globally — with each attack getting more sophisticated than the previous.

Such acts can cause havoc at multiple levels, from paralysing the companies’ infrastructure (network, email and phones), resulting in loss in revenue and even downward spiralling share prices.

In cases when the targets are very large organisations, it can even impact the economy. As the magnitude of the attacks continues to increase, Governments need to step in, investigate the matter and safeguard the country’s critical assets. The intent behind an attack of cyber terrorism is simple — disruption and destruction.

Business concerns These are primarily led by political or social objectives but it does not mean that corporates can be overlooked. Large companies with global presence, contributing significantly to the GDP of their country could be probable targets as any negative impact could lead to severe damages on a wide scale.

For such companies, business continuity is of paramount importance and any delays or disturbances may result in significant losses — both financial and reputational.

Business continuity also greatly depends on the security of the employees and targeting them could be equally detrimental. For example, consider an example of a company subjected to an act of cyber terrorism. As a daily affair, the employees walk into office at 9.30 am, unaware of what the day would bring them.

On switching on their computers, they are greeted with an ominous message stating that all their internal data, including confidential information, has been seized. They are now ‘hostages’ until the hackers’ demands are met. An email then follows up, stating the physical danger they and their family would have to face unless they did not adhere to the hackers’ orders.

A point to note is that insider presence could play a significant role in such attacks, especially when they are not very ‘technical’ in nature — more time being spent on social engineering (spying). It will not be uncommon for a hacker to connect to a resentful ex-employee who would be able to obtain ready access to the credentials of the primary IT contact/ system administrator.

Emerging trend? Organisations may overlook such threats as they may seem like isolated incidents. However, if one takes a closer look, there is an apparent trend on how fraudsters are continuously looking to identify and target the chinks in the security systems of corporations.

To give a few examples, there were recent news reports where a well-planned attack resulted in a breach of massive amounts of sensitive information in a global media company.

In another case of an online retailer data breach, hackers gained access to select employee credentials, used these to bypass online security systems and stole millions of lines of data. This data included customers’ personal and financial information.

In yet another global case, impacting a large bank in America, hackers were able to compromise the bank’s security and steal data belonging to millions of households and businesses. This was done using a single employee’s credentials. News reports also highlighted the case of a community health system where hackers gained access to medical data, including names, telephone numbers, birthdays and email addresses of a few million patients, by planting malware in the organisation’s system.

The Information Technology Act 2010 includes sections on information security, cyber-terrorism, data protection along with rules related to sensitive personal information and reasonable security practices. Over 3,900 cases were reported under this act in 2013 alone.

Good practices At an organisational level, companies should have a three pronged approach outlined for information security. Firstly, they need to proactively implement an information security framework to safeguard against cyber-risks, including having a dedicated team in place which looks at business issues/risks as track-able scenarios. It is also imperative to ensure multi-tier classification and guidelines to avoid adopting the “one size fit all” approach. For employees, organisations will have to implement tighter controls and undertake regular monitoring of devices and information linked to senior management or employees dealing with sensitive information.

Secondly, companies need to detect issues by conducting regular review of the information security framework and policies to ensure that it is kept updated and relevant. They should also conduct real-time or near real-time monitoring of cyber traffic to identify suspicious or unexplained activities.

Thirdly, organisations should be equipped to respond to these threats appropriately through multiple ways such as engaging a forensic response team, trained in data extraction, retrieval and analysing to conduct the incident investigation, in coordination with the in house IT Security team.

Today, hackers have become an evolving breed of criminals and companies’ IT security teams need to be ever vigilant to safeguard themselves from such hazardous attacks.

Companies should ensure that periodic and comprehensive external as well as internal audits and reviews are conducted that test its systems and procedures for robustness against any cyber-attack.

This specific instance has also highlighted that complex data breaches or cyber-attacks are not always about sophisticated technical skills but rely on the persistent strategy that exploits an organisation as a whole.

Arpinder Singh, Partner & National Leader, EY India

Mukul Shrivastava, Partner, Fraud Investigation & Dispute Services, EY India

Related Topics
comment COMMENT NOW