across the public and private sector.
“The cyberattacks are not surprising.
This is just the beginning and there
are more to come,” says Arora. “That
is why enterprises need to simulate
attacks on their own systems to
identify loopholes and address them.
If you want to catch a cybercriminal,
you need to think like one.”
For instance, EY’s Fraud
Investigation and Dispute Services
team was brought in by a large digital
media and content company (name
withheld by EY) when it discovered
that the password for its channel’s
account on an online video aggregator
content platform was reset without
its knowledge and 25 of its most
popular videos were deleted. The
EY team stealthily used some
forensic tools on the company’s
network to review and analyse the
network’s logs to check for any
exceptional occurrences, as well as
the email logs of authorised users.
The team could then reconstruct
the series of events that led to the
content being deleted. EY found that
the change of password was effected
through an internet browser on a
mobile phone and that the content
deletion command was triggered
remotely via the back-up server of
its client hosted by a web-hosting
service provider. Tracking the ID
used to access this web server, the
team was able to pinpoint the location
of the user. The address was a match
with that of an ex-employee who quit
the company a year ago on bitter terms.32 | forbes india August 4, 2017cybErattacks iN iNdia of latE
July 2016 May 2017 May 2017 June 2017
Union Bank of
india Heist
Through a phishing email
sent to an employee,
hackers accessed the
credentials to execute a
fund transfer, swindling
Union Bank of India of $171
million. Prompt action
helped the bank recover
almost the entire moneyWannaCry
ransomWare
The global ransomware attack
took its toll in India with
several thousand computers
getting locked down by
ransom-seeking hackers. The
attack also impacted systems
belonging to the Andhra
Pradesh police and state
utilities of West Bengaldata tHeft at
Zomato
The food tech company
discovered that data, including
names, email IDs and hashed
passwords, of 17 million users
was stolen by an ‘ethical’
hacker—who demanded the
company must acknowledge its
security vulnerabilities—and put
up for sale on the Dark WebPetya
ransomWare
The ransomware attack
made its impact felt across
the world, including India,
where container handling
functions at a terminal
operated by the Danish firm
AP Moller-Maersk at
Mumbai’s Jawaharlal Nehru
Port Trust got affected“security has very
high mindshare with
customers, but very
poor wallet share.”
Karan Bajwa, managing director,
IBM Indiad
espite employing the best
preventive measures,
all IT systems in the
world remain vulnerable
to a hack. “It is a misconception
for anyone to think that they can’t
be hacked. Hackers are always
one step ahead,” says Mittal.
Werner Vogels, chief technology
officer at Amazon.com, tells Forbes
India that a combination of machine
learning and Artificial Intelligence-
driven automatic pattern recognition
will become increasingly important
to detect and respond to potential
threats. “Without security, youdon’t have a business, but security
these days is so complex that it
is a moving target,” Vogel says.
“There are instances of companies
considering AWS [Amazon’s cloud
service Amazon Web Services] purely
because of the security capabilities
we’re able to offer, with the kind
of investments that they wouldn’t
be able to make themselves.”
There is also no legroom to relax
on frequent proactive scans for
viruses since malware can reside in
an entity’s network for a long time
—months or even years—spying on
users’ cyber behaviour without being
discovered. “There are targeted
malware viruses that don’t steal
anything initially. Over a period of
time, a cybercriminal just patiently
observes while they plan their next
move,” says Amit Jaju, executive
director, Fraud Investigation and
Dispute Services at EY in India.
A paradigm shift is unfolding in the
way that technology product makers
and service providers encourage
users to protect their data. Text and
numeric passwords are progressively
giving way to biometric-led security
measures such as fingerprint and iris
scanners. At a recent panel discussion
on digital transformation organised by
Forbes India, Samit Ghosh, managing
director and CEO of Ujjivan Small
Finance Bank, said one of the benefits
of Aadhaar—the unique identification
initiative for Indian citizens—was that
it relied on biometric authentication,
which is more secure than passwords.Cover Story / CyberSeCurityjoshua navalkar