India is no longer immune to security attacks and breaches. Internet has become the backbone of doing business. Indian companies are becoming easy target to attackers as a race to connect globally leaves them with gaping holes in their security implementation. Some companies with alleged breaches were Zomato, IndiGo Airlines, Cosmos Bank, JNU port, Jio and State Bank of Mauritius. Many breaches go unreported as companies feel revealing such information would impact their brand and that there is still no penalities on hiding breaches within an organisation. It has also been reported that 22,000 Indian websites were attacked between April 2017 to January 2018 alone. Indian businesses were top victims of ransomware attacks where 67% were hit with it. 9 in 10 companies who claim to have end point protection were attacked.
Email are the easiest target to attack as organisations attackers get access to employees who are most vulnerable. Often mails are crafted to raise the curosity of an employee, like sending a ‘PO’ to a sales person, or sending a resume to an hr manager. As India moves rapidly to connect their businesses and use the internet as a platform to do commerce, managers need to understand that security has to become the core focus in their business architecture. Leaving gaps will not only lead to business losses, but allow reputation. Understanding various data contact points and ways to secure access from such points, will go a long way to improve security. Also, data needs to be encrypted so that even when an attackers has breached your gates, your company and consumer data is well protected.
Enterprises have also increased the use of SaaS applications. This leaves them exposed to data leaks as most perimeter security are unable to provide visibility of data that flows through such applications. Context based firewalls are able to watch the flows to SaaS applications and bring context to the information flowing to it, which leads to improved security by allowing organisation to treat SaaS applications like any layer 7 protocol and set policies based on such protocols.