Fortifying fault lines: Investing in vulnerability research to strengthen cybersecurity

Read the Full Press Release at Times of India

In 2021, India recorded over 3000 cyber attack victims – the fourth-highest count globally after the US, the UK, and Canada – and a 120% increase in ransomware attacks. This was also the year that the recovery cost after ransomware attacks went up to $3.38 million from $1.1 million in 2021. Earlier, in 2020, Juspay suffered a data breach that impacted 35 million customer records, including credit card information and fingerprint scan. And earlier this year, in February, Air India reported a major attack that compromised over 4.5 million customer records.

Overall, data from a recent University of Surrey report shows that cyber attacks on Indian businesses and other industries have doubled over the last three years. Perhaps evident, the chief contributing factor to these attacks is the proliferation of remote work and the IoT revolution. Working from home increases the endpoints across geographies, many of which are unsecured as people use personal networks or public WiFi systems to log in. Remedial measures like two-factor authentication offer some protection, but not enough – today’s cybercriminals are highly sophisticated in their attacks. Through phishing scams, for instance, they can convince employees to part with critical company information while posing as a company manager or spokesperson. Concerning IoT, the interconnectedness of systems and networks greatly enhances agility – the downside, however, is that a cyber breach at one point can quickly spread to the rest of the chain. Distributed DoS attacks, for instance, employ a system’s standard communication protocols to overwhelm the system and take control.

Clearly, when it comes to corporate cybersecurity, the mere application of firewalls is no longer enough. It is essential to delve deep into the nature and location of vulnerabilities so that companies can erect suitable defenses.

What is a vulnerability in Cyber Security?

Essentially, a vulnerability is a weak spot in a company’s security measures that a cybercriminal could potentially exploit. It could involve weakness in the firewalls that protect internal networks or simply a user endpoint without proper security. Vulnerabilities could occur due to poorly secured hardware or software, bugs in a specific operating system, backdoor programs, inadequate password protection or human error due to poor security awareness.

Why vulnerability research matters

The average cost of data breaches was $4.24 billion in 2021 – up 10% from 2020. And as more and more businesses opt for remote work and switch to the cloud, this will only go up. Data breaches and other cyber attacks have far-reaching consequences for any company, including intellectual property theft, compromised networks, and invasion of consumer data privacy (especially personal information). Cleaning these up won’t just cost money, but effort – which means a deviation from core business activity and often-lengthy disruptions. Moreover, cybersecurity vulnerabilities can considerably impact a company’s reputation – even the potential for a data breach could erode trust. This hurts the company’s bottom line and creates public resistance to the benefits of an interconnected digital ecosystem.

It is understandable, therefore, that companies are looking to increase their cybersecurity budget for more research and defense measures. And several brands are offering security governance solutions to identify and sort vulnerabilities, particularly in legacy data infrastructures that are less protected against modern attacks. There are several steps to this. First, the cybersecurity tester conducts profound research on current and potential system vulnerabilities. They also analyze existing security measures for strengths and weaknesses. Response measures will typically include a  pre-emptive securing of endpoints across all apps and infrastructures and setting up a damage control system that kicks in if an attack occurs. It is also important to note here that not all vulnerabilities need immediate action – it is still vital to know where they are and classify them as low-risk or high-risk. When choosing a vendor for vulnerability testing, care should be taken to validate their expertise across application, mobile, infrastructure, and IoT security – which includes ensuring that they use the most relevant tools for each use case.

The way forward for Indian cybersecurity

As an emerging digital economy, India is conscious of cybersecurity risks and is taking steps in the right direction. In 2019, the Indian government’s Department of Science and Technology announced a cybersecurity research initiative to develop future-proof technologies that can safeguard information systems against cybercrime. The cybersecurity workforce grew from 110,000 in 2019 to 218,000 in 2021, while cybersecurity services increased from $4.3 billion to $8.48 billion during the same time. And for the financial year 2023, the Indian government allocated INR 515 crore to cybersecurity and stated that the Indian Computer Emergency Response Team would closely monitor all cyber threats and attacks. In a dynamic and digital-first world like ours, ongoing research ensures continued safety. Several brands are already investing in vulnerability research in a big way, and firms that work with them to safeguard their data will stay ahead of the curve and retain consumer trust.

– By Swapnil Naik- AFour Technologies