Two-third of information security professionals from a mix of government and private sectors admit to have encountered cyber attacks in last 12 months
Cyber attacks are a way of life now. Three out of four security professionals in a recent global ISACA-RSA Conference research said that they think possibility of a cyber attack is likely or very likely in 2016. In a recent conference organized by CSO Forum, Dr Gulshan Rai, National Cyber Security Coordinator, National Security Council, stressed on the need the government and private sectors to cooperate with each other to tackle this growing challenge.
Yet, the reality, only 8% of the respondents—information security professionals from both government and private sectors—in a research conducted by CSO Forum earlier this month, said they have reported a cyber attack to police in the last 12 months. The reporting to CERT-In, the government cybersecurity response cell, is equally abysmal with just 9% respondents saying they informed the cell about an attack.
The research was conducted in the sidelines of the CyberSecurity Roadmap 2016, a conference organized by CSO Forum, with participation of cybersecurity professionals in both government and private sectors.
While many of the findings are not exactly startling, some do surprise and emphasize important points about uniqueness of Indian market. When asked what are the most serious fallout of an attack, as many as 31% said it is “impact on employee morale”—incidentally, the second most cited fallout after “disruption of business process” and ahead of such impacts as financial loss and damage to reputation. In a services-led economy which has become a global destination for services, that is a potentially significant impact and can be exploited by cyber attackers.
While about one-third of the respondents said they have not faced an attack in the last 12 months, another one-third said they have faced between 1 – 6 attacks.
Most attacks are still fairly basic. While unauthorized access and improper use of credentials top the list, fraud/social engineering is comparatively lower down the list. In the ISACA RSA Conference research, it is one of the top attacks identified by the respondents globally.
In four out of five cases, an attack lasted for less than a day, the survey reveals. Only one out of six (17%) respondents admitted to informing about the incident to customers or employees whose data has been compromised.
A little surprisingly, only one out of four respondents admitted to an insider involvement in an attack.