Businesses must take proactive measures to ramp up cybersecurity ahead of the holiday season, the most challenging peak period for cybercrimes, according to a report by McAfee Enterprise and FireEye.
The report, ‘Cybercrime in a Pandemic World: The Impact of Covid-19’, states that 77 per cent of organisations in India experienced downtime due to cybersecurity risk during the peak festive season in the last 18 months.
During the same period, 81 per cent of global organisations experienced increased cyber threats.
Between September and October 2021, the study — conducted by market research specialist MSI-ACI — interviewed 1,451 IT and line-of-business decision-makers across India, the US, UK, Australia, France, Germany, Singapore, South Africa and UAE.
Cybersecurity for ‘new India’
According to IT professionals in India, holidays have been the most challenging peak periods for cybercrimes. While 52 per cent of professionals flagged festive holidays such as Diwali, Ramadan and Christmas as the peak period, 32 per cent listed bank holidays, and 12 per cent pointed to summer vacations in schools and colleges.
During these peak periods, 91 per cent find maintaining a fully staffed security team even more challenging under the hybrid work model. Furthermore, 59 per cent of IT professionals expect half or more of their colleagues to work remotely in some capacity.
In terms of cyber risks, the top three were malware attacks (47 per cent), data breaches (43 per cent), and ransomware and cloud jacking (33 per cent each); over 30 per cent of the IT professionals experienced vulnerabilities in their ‘Internet of things’ devices.
“It is imperative that all business of scale evaluate and prioritise security technology to keep them protected, especially during peak seasons like the holidays,” said Bryan Palma, CEO of the newly combined company.
Despite sharp increase in cyber attacks, majority of firms are not well prepared
“Traditional approaches are no longer enough — 94 per cent want their organisation to improve its overall cyber readiness — and businesses need an integrated security architecture and an always-on approach to prevent, protect and react to the threats of today,” added Palma.
With the festive season in India having commenced with Diwali, 91 per cent of the IT professionals anticipate a moderate or substantial impact with an increased demand for their products and services, the report said.
Most organisations have invested in cloud security (82 per cent), advanced threat protection (66 per cent), security operations centre (54 per cent), mobile security (48 per cent), and endpoint security (48 per cent).
For additional security, 69 per cent of the organisations are implementing new software solutions, 68 per cent are strengthening internal IT-related communications, 62 per cent are increasing their software updates, and 61 per cent are offering more employee training.
“Cyberattacks tend to skyrocket in India during the holiday season as we tend to spend more time online and often let our guard down. Taking advantage of this, bad actors adopt newer techniques and sophisticated means to target businesses when they’re most vulnerable,” said Venkat Krishnapur, vice-president of engineering and managing director, McAfee Enterprise, India.
“The problem is exacerbated with employees using the same devices for personal and office work, exposing critical networks and, thus, to stay ahead of criminals, organisations need to ramp up their cybersecurity readiness,” added Krishnapur.
Cybersecurity in 2022
Malware attacks (54 per cent), data breaches (50 per cent) and cloud jacking (35 per cent) will continue to be the top three cyber risks impacting businesses in 2022.
“However, there are ways for organisations to be proactive against cybercrime, such as implementing security measures, providing cybersecurity awareness training for employees, and developing prevention and response plans,” the report said.
The decision-making on cyber security is with IT directors (58 per cent) and IT managers (56 per cent).
In terms of investment, the areas in focus among businesses in India are cloud security (57 per cent), security operations centre (57 per cent), advanced threat protection (55 per cent) and endpoint security (47 per cent).
As much as 99 per cent of the IT professionals indicated that their organisation could place more emphasis on its overall cyber readiness; 53 per cent highlighted the importance of employee training to prevent cybersecurity issues.