Ransomware in India

Ransomware has been increasing significantly. India is now amongst the top five targeted countries in the APAC region. 49% of organizations in India suffered multiple ransomware attacks in the past year. In this vlog, Siddharth Gandhi, our COO-APAC, discusses these attacks. He explains why they occur and what can be done to prevent them.

Michael Cichon:
All right. Well welcome. I’m Michael Cichon, Chief Marketing Officer at one 1Kosmos. I’m here today with Sid Gandhi, our Chief Operating Officer of Asia Pacific. Sid you’re joining us from Mumbai, welcome to the 1Kosmos vlog.

Siddharth Gandhi:
Thank you, Michael. I’ve been looking forward to doing this for some time, so great to be here today.

Michael Cichon:
Excellent. Well, me as well, because I want to talk to you about ransomware. We’ve read a lot about ransomware last year, through about September there were all over 500 million ransomware attacks globally. Can you talk a little bit about India and how ransomware has affected you all in India?

Siddharth Gandhi:
Absolutely. I think the ransomware globally has been increasing significantly. And as for India it’s now amongst the top five targeted countries in the APAC region. Almost 49% of the companies in India suffered multiple ransomware attacks while close to about 76% were hit by at least one ransomware in the past 12 months according to our report from CrowdStrike. So I would certainly say, I think the problem is pretty significant here.

Michael Cichon:
Are they quite disruptive? What about the financial impact?

Siddharth Gandhi:
So I think it’s important to understand that there are both direct and indirect financial impacts in such cases. I think that the direct are more immediate ones like financial frauds or disruption of services which lead to loss of revenue. On the other side, additionally, there are issues with ransom payment. So India accounted for the highest average extortion fee payment over and about the ransomware payment as well. So the average ransom amount paid by an Indian company was close to about three million dollars.

Siddharth Gandhi:
Additionally, the extortion fee that is paid by an Indian organization is anywhere between 500,000 to a million dollars, all right. And in fact, in certain cases, the amount also is in excess of five million dollars, which is pretty significant for the company in India. The indirect financial impacts are loss of reputation, which could eventually lead to loss of business as well as secondary impact of data loss or cost restoration.

Siddharth Gandhi:
One of the most important things that is likely to come in the near future is the data protection bill. It’s been in works for a few years now but like any other data protection bill, like the GDPR, it mandates Indian companies to report the breach within a stipulated time failing which there would be financial penalties. And I think the GDPR calls out for close to about 4% of revenues of the company. So it’s going to be pretty significant.

Michael Cichon:
Wow. Those losses are stunning. So we’ve seen an upward trend of ransomware over the last few years, but in the last two years we’ve all been affected by the pandemic. Has this given ransomware, the attackers, the opportunity they need or how has remote work and people working out of their homes and remote offices affected this trend?

Siddharth Gandhi:
Sure. I think all of us know that India is the hub for exporting IT services to the world. And just last week, the global research firm Gartner has predicted that Indian companies will spend in excess of a hundred billion dollars on IT infrastructure. That’s a pretty huge amount of spend. Also, security researchers have indicated that the shift to remote or hybrid work has expanded the attack surface and it makes companies an easy target for ransomware attacks.

Siddharth Gandhi:
And COVID basically has created a fertile ground for the threat actors to capitalize on the security vulnerabilities. But we are now in the second year of the pandemic and as the data is indicating that ransomware is only on the rise. So eventually I think the threat actors are evolving the tactics, the techniques, but because the organizations still rely on the legacy security solutions and they’re just not fit for the time that we are in today. So it’s about time that the organizations start looking to upgrade their infrastructure or their solutions.

Michael Cichon:
Well that’s a perfect transition to the next question I had, which is, besides relying on legacy systems which don’t seem to be very good at protecting against this, what are organizations starting to do about this?

Siddharth Gandhi:
That’s a great question, Michael. I think what we need to understand is that security is not an afterthought or nice to have anymore. I think we’ve been reading a lot of articles in the last two years about how security has taken a central position in the board as well. So I think the companies need to embrace and build an effective compliance strategy by focusing on the right investments and also aligning people, processes and technology in a time bound manner.

Siddharth Gandhi:
It really needs to start off with the basics, all right, which is creating awareness amongst the end user, training within the organization on appropriate processes. Technology eventually follows, so I think these are some of the critical components that we completely need to look out for.

Michael Cichon:
Well, hopefully the reaction brings security and preventive measures to the front and center, not as an afterthought. So 1Kosmos, we obviously have some solutions that will address ransomware. How are you seeing these deployed in India?

Siddharth Gandhi:
So it depends on what or which of the five pillars of risk an organization is going to focus on. And I mean, whether it’s identification of risk, protecting it, detecting it or responding or recovering. So accordingly the right solution can be implemented. I think it eventually, according to me, boils down to prevention versus detection. I would like to think that prevention is always a better option, right? So companies should focus on addressing the potential attack surfaces or point of entry.

Siddharth Gandhi:
And I think that’s where the strong protection against account takeovers or securing identities comes into play. An interesting part for data protection actually has been mentioned in India’s national blockchain strategy recommended by the ministry of electronics and information technology on data localization, where they ask for the considering companies to use blockchain infrastructure with the use of smart contracts. As we all know, block ID platform already has that capability and offers an identity based authentication on a blockchain platform, which is ready for deployment today across the board for employees and consumers. And we today are already supporting millions of transaction and securing those digital identities for employees or consumers.

Michael Cichon:
Yeah, that’s very true. So I’ve read that most of these attacks do come from the front door with the compromised credentials versus any kind of a back door. So I appreciate your insights this morning. Thank you very much for joining us. You have a great rest of your day.

Siddharth Gandhi:
Thank you, Michael.

FIDO2 Authentication with 1Kosmos

Read More