So, I would like to start by assuming that you are running a Company or any Business in India and you were looking for How to secure your data or customer information your google search brought you here.
In the present era of digitalization most of us are known with the cyber threats and Security breach happening to companies and big firm nobody knows who will be the next target of any security breach like Ransomware, WannaCry, EternalBlue(infiltrate target computers and spread malware across networks), Website defacing, Data Breaches (like personal information of patients, students and employees are stolen) for illegal use or to be sold in DARKNET putting a negative impact on your customer base and Business.
Now you might be getting the idea why you should worry about the databases of valuable information about your customers, which is easily available just because of Poorly secured databases that connect directly to the internet.
While companies in India commonly use these databases to store tempting amassing customer and financial data, they often do so with outdated and weak default security configurations. any type of database can be left open or unprotected, a string of breaches over the last few years have all centered around one type in particular: open-source “NoSQL” databases, particularly those using the popular MongoDB database program suffered a lot in past few years. securing exposed databases is a relatively easy and concrete step organization can take to strengthen their data defense.
And if you still think you use these databases and no one can harm you then you must have heard or read about the ransomware which started At the beginning of 2017, a rash of “ransomware” incidents hit exposed MongoDB databases. In these cases, attackers actually just deleted a database’s files but made it seem like paying a Bitcoin ransom worth a few hundred dollars would trigger data restoration.
There have been a number of hack attacks reported in India and around the world in the recent past, hackers get smarter with every hack and so should our security.
You might be familiar with some of the recent Data Breaches if you an online news reader if not below is the list of some of the data breaches on the Government and Private sector because of various issues.
1. Telecom Regulatory Authority of India(TRAI) – The website was brought down by a hacker group. Impact: Website downtime, service made unavailable using a DDOS attack.
2. Indian Army – the website was brought down and defaced with inappropriate advertisements, some sensitive data was inaccessible and was feared to be stolen. Impact: Information inaccessible and officer details may be stolen, website defacement.
3. Jawaharlal Nehru University (JNU) library – the website was compromised to warn the ‘anti-national’ and ‘Traitors’ Impact: Website defacement
4. Orissa University of Agriculture and Technology (OUAT)–The official website was hacked. Impact: Not disclosed.
5. Indian Space Research Organisation (ISRO) – The homepage of ISROS’s commercial Arm Antrix was hacked. Impact: Not disclosed.
6. Kerala Government website – The Official website was defaced and carried a message. Impact: Defacement.
7. Central Bureau of Investigation (CBI) – The website of the investigating agency was hacked, which is supposed to one of the most secure websites. The hackers mocked the country’s cybersecurity by displaying messages. Impact: Website defacement.
8. Indian embassy websites in 7 countries were compromised – Websites in 7 different countries were hacked to show how insecure the websites were. Impact: Personals details of Indian citizens living abroad were leaked by carrying out SQL injection of malicious code into the database.
9. Aadhar website: The website was accessed and records were stolen for financial benefit. It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email. Impact: Data Breach.
10. Indian Registry for Internet Names and Numbers (IRINN) – Some business organizations dealing with enterprise security solutions bring to light a possibility of a major breach in the IRINN system leading to exposure of critical data owned by many organizations, probably around 6000 of India’s ISPs were affected.
1. Zomato – 17Million user’s data stolen and put on the darknet for sale. Zomato has suffered a security breach with over 17 million user records stolen from the food-tech company’s database. The stolen information has email addresses and hashed passwords of customers. Impact: Data Breach.
2. Reliance JIO – The Company’s servers were illegally accessed. Impact: Data breach by unauthorized access.
3. Electra card – Fraudsters stole $45Million from ATM’s worldwide. Impact: Data breach, $45Million stolen.
4. ATM debit card breach of SBI, Axis, Yes, ICICI banks etc.– 3.2 Million Indian debit card details stolen. Impact: Data breach, 3.2 Million debit card details stolen.
According to a survey done by PricewaterhouseCoopers (PwC), the average cost due to security incidents for Indian Companies more than doubled from $194 in 2013 to $414 in 2014. However, at the same time, Indian companies have reduced the average spending to $4 million in 2014 from $4.8 million in the previous year. While the average cost of a data breach in 2017 saw a 10% decline globally compared to 2016, for Indian enterprises, it grew 12.3% from Rs 97.3 million in 2016 to Rs 110 million in 2017, a new study said on Tuesday.
“The per capita cost of the data breach increased significantly from Rs 3,704 in 2016 to Rs 4,210 per compromised record. The number of breached records per incident for Indian organizations surveyed in this year’s report ranged from 4,000 to 98,000 compromised records. The average number of breached records was 33,167 as per the study,” the findings showed.
- Need for a Well Defined Security Strategy – very important to have a strong security plan effectively imposed.
- Eliminate the OWASP Top 10 – consists of a list of vulnerabilities every organization must take care of in order to avoid uninvited risks, TOP 10 RISKS.
- Vulnerability Assessment & Patching – Weekly Vulnerability Assessment & Patch management – This will help minimize the window of exposure.
- Security Awareness and training- To provide the essential education to the employees and the users about the security posture, so that they stay fool-proof.
- Data encryption mechanisms and key exchange techniques – to make data unusable and unreadable by intruders.
- Review and update security policies and standards- To know whether the organization is abiding by the measures taken to protect itself and everything belonging to the it.current location
- Deception technologies – implementation of which will help organizations to understand the behavior of the adversary in order to amplify the security stance adopted.
- Account Management- to rotate, audit and control access to private assets.
- Least Privilege- to limit access to the employees but provide access and resources enough to carry out their tasks with no hindrance.
- Auditing and Monitoring- to keep a track on who and what accessed the system, with time specifications.
- Risk Assessment- to discover and validate risks and threats occurring in the perimeter of the organization.
- Identity and Authentication– to associate with individual users or systems and detect unauthorized access.
- Engage in constant security and protocol education – Train employees on everything from what they can save on personal devices to how they should share files externally and what potential malware might look like. Integrate IT security training into the employee onboarding process, emphasize it in everyday practices and add it to the agenda of yearly company seminars.
The Electra card breach illustrates why building a layered approach to cybersecurity is critical when dealing with sensitive data. In today’s society, data hold financial value. Therefore, until we devise a way to completely guarantee data protection or find forms of identification that can’t be monetized, we will continue to see a rise in breaches. As Equifax battles severe consequences related to its hack, it’s important to learn from the company’s mistakes and implement better security practices and attitudes every day.
To get best practices on how to prevent or mitigate from a Data Breach Contact us.