/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsMore than 72 percent of Indian companies faced a cyber-attack in 2015, according to KPMG’s, Cyber Crime Survey Report 2015 but still don’t have any effective strategy to react to it. Consultancy firm EY conducted cyber-war games for executives at Indian companies earlier this year and found that several of them lacked processes and systems to cope with a breach.
The immense amount of information coming out of various social and mobile platforms continues to add to organizations’ vulnerabilities, making them engaging points for complex cyber crimes, leaving no single new age enterprise immune to cyber threats.
In 2015, the database of many companies including the likes of Gaana.com and Ola cabs were hacked and an alarm was sent to the entire enterprise community. But despite the warnings, the CEOs in India are yet to formulate a proper response strategy to a cyber-threat.
EY worked on a cyber-attack simulation asking the 79 CEOs present in the room whom would they call first if their firm’s database was hacked. And there seemed to be little consensus among the participants.
The virtual model asked top executives how they would react to a message from someone saying their customer database had been hacked and put on the Internet. The simulation went through several steps and tabulated responses.
Burgess Cooper, partner-information security at EY told ET, "We had CEOs who said they would call their chief information security officers to check if they had truly been hacked, others said they would call their chief marketing officer; some said they would call their corporate communications officer. And there was the realization that there was no agreement."
Cooper said that the purpose of war games was to give executives a first-hand understanding of the situation because people learn more from a practical experience than from a standard operating procedure.
He added that several executives did not even know that certain things a hacker might ask them to do to save their data was illegal. "One scenario was that the hacker tries to ransom your data. Some didn't realize that paying such a ransom was illegal. Then there were questions of how to buy bitcoins, because such ransoms aren't paid in cash," Cooper said. "They realized they had no strategy. They are now looking at putting that in place."
Though lot of discussions and investments are being put in for cyber security initiatives, the need is for a well-thought out cyber threat response strategy which most companies are ignoring. So more than the threat event itself, the inability of enterprises to fight back in the case of such an event and to eliminate the chances of a re-occurrence in the future is now becoming a matter of serious concern.