• Most common types of cyberattacks are ransomware, cyptojacking, phishing, password targeting attacks and APT attacks.
• Work from home policies by companies exposes vulnerability to data breach and attacks on IoT devices.

Bengaluru: Digital transformation, during Covid-19, has been a double-edged sword for startups and small- and medium-sized enterprises in India.

On the positive side, automation has helped more businesses come online while, on the negative side, it has opened up opportunities for cybercriminals to target weak or non-existent cybersecurity infrastructure.

According to Cyber Peace Foundation’s recent handbook – Cybersecurity for SMEs & Startups – startups and SMEs remain the most vulnerable segment in India when it comes to cyberattacks.

When it comes to the most common challenges faced by organisations, Vineet Kumar, Founder and President of Cyber Peace Foundation, said that one of the most critical ones is the “cybersecurity risks” and they interrupt the functioning of an organisation and compromise the confidentiality, integrity, and availability (CIA) of valuable information assets.

However, he said that the cybersecurity risks themselves stretch across a broad spectrum. 

Digital transformation

With the ongoing digital acceleration for both work and home, he highlighted that there are several occasions that expose user data and company data, through user devices, to third parties that seek confidential personal information of the nature that could benefit them.

“The challenge is exacerbated by SMEs who may not have the knowledge or understanding of cybersecurity. I think startups and SMEs are particularly lax in terms of ensuring cybersecurity, they only take it seriously after the breach has happened, which is very irresponsible,” he said.

Cybercrime is estimated to already cost the world $6 trillion annually.

In the last decade, there have been 300 data breaches involving the theft of 100,000 or more accounts. There has been an 80 per cent increase in the number of people affected by health data breaches between 2017 and 2019.

Additionally, attacks against the health sector have significantly increased post-Covid, as per a report released by Interpol.

As per the Government of India, Dr. Jagdish Bakal, President, The Institution of Electronics and Telecommunication Engineers (IETE), said that India has the third-largest startup ecosystem in the world and it is expected to witness year on year growth of consistent annual growth of 12-15 per cent.

“India has about 50,000 startups in India in 2018; around 8,900–9,300 of these are technology-led startups 1,300 new tech startups were born in 2019 alone implying there are 2-3 tech startups born every day,” he said.

However, he said that the pace of growth in the startup ecosystem has increased to 15% year-on-year in 2018, while the growth of the number of incubators and accelerators has grown to 11 per cent.

Key findings:

• Negligence by employees: The most common forms of employee negligence which lead to cyberattacks including data breaches are accidental loss of the device containing confidential data, leaving the workstation unprotected or unattended, sharing confidential information such as passwords via paper notes and remote working using an unsecured or public network connection.
• Employee Mobility: With Covid-19 prompting startups and SMEs to institute work from home policies, the potential for cyberattacks has increased manifold. Most employees tend to use personal unsecured devices to do work which results in a data breach. IoT devices used by employees are often unsecured which results in the maximum number of data breaches.
• Most common types of cyberattacks: Ransomware, cyptojacking, phishing, password targeting attacks and APT attacks.