Fending off cyber attacks – Why so many continue to fall prey?

The Twitter account of the Ministry of Information and Broadcasting was compromised recently. The hackers renamed the account as ‘Elon Musk’ and started tweeting “great job”. The Ministry, however, regained control of the account in some time, restored the profile picture and deleted the tweets posted by the hackers.

Last month, the personal Twitter handle of Prime Minister Narendra Modi was also briefly hacked. While the account was restored shortly after, a tweet promoting cryptocurrency had already been shared from the handle.

The Twitter accounts of the Indian Council of World Affairs (ICWA), Indian Medical Association (IMA), Zee Studios and Mann Deshi Mahila Bank were also hacked and in those cases, too, the hackers had renamed the handle as ‘Elon Musk’.

Looks like #ZeeStudios Twitter handle is hacked. @ZEECorporate @shraddhaa9 @poonam_shroff Please get it secured asap! pic.twitter.com/9dRxGenpfO

— Ravi Kapoor (@RaviKapoor) January 8, 2022

As the transformation to digital gets accelerated due to the pandemic, with digital commerce and payments happening with greater frequency, the concerns about safety and privacy have also increased manifold.

Speaking about this, an industry expert explained, “The problem is two-fold: first, there are a lot of brands that do not take security seriously and still haven’t enabled a two-factor authentication. So, for brands who haven’t done the needful, it’s high time they do so.  The second set of problems is social media platform centric. Social media platforms need to look beyond two-factor authentication. There are so many top-of-the-line accounts, including top brands like Zee Studios and top government profiles and bodies recently that were hacked despite all security protocols in place. Social media platforms need to come up with more robust security measures.”

Not only the government bodies, celebrities, too, face similar problems. Celebrities like Esha Deol, Tabu, Ameesha Patel, Asha Bhosle, Urmila Matondkar and Vikrant Massey were some of the big names that got hacked in recent times.

Elaborating on the reason behind the hackings, Nitin V. Gangal, Vice President, AAWI & Advocate Bombay High Court, said, “Most of the time, celebrities get hacked in the same ways that anyone else does. They use weak passwords, fall for social engineering tricks, or suffer from data leaks when larger organisations holding their data are breached. It’s common for celebrities to have a set of contact information that is filtered by assistants, agents, and managers. This helps to put a layer of privacy between them and people trying to find out where they live, such as paparazzi or overly dedicated fans.”

As per the government data presented in the Parliament, nearly 1.16 million cases of cyber-attacks in India were reported in 2020, marking an average of 3,137 cyber security issues reported every day of the year. NASSCOM reports that despite having the largest IT talent pool in the world, India simply lacks skilled cyber security professionals. In fact, the need for experienced professionals is so high that companies are willing to pay a premium salary of over Rs 1.5 crore to Rs 4 crore to top talent. In a report released after the joint study of the PwC India and The DSCI or the Data Security Council of India, it was mentioned that the cyber security market in India would grow substantially and in 2022, would register $3.05 billion.

“India ranks 2^nd in the list of most affected countries. The scope of Cyber Security Analyst in India is tremendous as almost every organization has their data in the cloud and they want to protect it from hackers and any kind of cyber threats and in this scenario – no one can prove themselves better than a Cyber Security professional,” said Advocate Nitin Gangal.

The National Cybercrime Threat Analytics Unit is an Indian Government initiative/ platform to analyse cyber crimes, and produce cyber threat intelligence reports which are then used to drive intelligence-led, coordinated action against the targets and identified criminals. As cybercriminals can be located in any jurisdiction, identification and multi-jurisdictional action is being taken against cyber criminals with the support of law enforcement agencies across the world.

Speaking about how users can have a safe cyber ride, Advocate Aazmeen Kasad said, “Safety is not only the government’s responsibility. Safety should be practised by any digital platform user too, specifically with regard to one’s passwords, logging out of accounts when not in use, using strong passwords, not sharing one's  passwords with anyone, using and activating screensavers if one’s system is not in use or the user needs to step away from their machine even for a short duration, using firewalls and investing in anti-virus softwares and keeping  them updated to protect one's systems from cyber attacks.”