McAfee Report Reveals Indian Organizations Unprepared for Cyber Attacks

McAfee and the Center for Strategic and International Studies (CSIS) today revealed the findings from a global report “In the Dark, Crucial Industries Confront Cyber attacks” that reflects the cost and impact of cyber attacks on critical infrastructures. Among the chief findings of the survey, 60% of Indian respondents have been victims of extortion or cyber attack in 2009 and 2010, and India ranked as fourth in terms of lowest levels of security adoption after Brazil, France and Mexico.

The survey comprised 200 IT security executives from global critical electricity infrastructure enterprises in 14 countries, and the findings suggest that the rate of security adoption in enterprises is not commensurate with the rapid growth of threats.

Commenting on the report, Michael Sentonas, VP, CTO, Asia Pacific, McAfee said, Threats to assets in a wide range of core sectors continue to emerge and evolve in complexity with far- reaching ramifications on a nation’s critical infrastructures. Today’s rapidly proliferating threats require enterprises to adopt a comprehensive risk-based approach with stronger network controls.”

  We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker, who led the study on behalf of CSIS.  Industry executives made modest progress over the past year in securing their networks.

 Some key findings from the report include:

 Weak Security adoption: India ranked fourth in terms of lowest levels of security adoption after Brazil, France and Mexico, adopting only half as many security measures as leading countries such as China, Italy and Japan. Concurrently, China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries. Currently, only 60% Indian respondents claimed to deploy a threat monitoring service and use software update and patch management service; 40% revealed having policies prohibiting USB stick usage and policy enforcement on unauthorized software. None of the Indian respondents claimed to adopt any security measures for smart grid controls.

Cyber attacks still prevalent: 80% of global respondents confessed to have faced a large-scale denial of service attack (DDoS), and a quarter reported daily or weekly DDoS attacks and/or were victims of extortion through network attacksHigh frequency of extortion attempts: One in four global survey respondents have been victims of extortion through cyber attacks or threatened cyber attacks.  The number of companies subject to extortion increased by 25% in the past year, and extortion cases were equally distributed among the different sectors of critical infrastructure. In terms of India, 60% of the respondents have been victims of extortion or cyber attack in the past two years.

 To meet the challenges of the changing environment, McAfee advises these companies to adopt true critical infrastructure protection policies focused on:

 Improved authentication measures, moving away from passwords to a higher reliance on tokens and biometric identifiers

– Better hygiene of network systems to include increased use of encryption technologies and the monitoring of network use activities for role and activity anomaly detection

– Increased oversight of access to industrial control systems, including how they access the Internet, through the oversight and active management of Internet connections, mobile devices, and removable media

– Effective partnerships with governments. The nature of these partnerships will vary from country to country and range from encouragement to mandatory action, but the nature of the new threats industry faces requires government involvement

 The report is a follow up to a report released in 2010 called “In the Crossfire: Critical Infrastructure in the Age of Cyberwar” that found that many of the world’s critical infrastructures lacked protection of their computer networks, and revealed the staggering cost and impact of cyber attacks on these networks.


By Team

[email protected]