Indian firms did well against cyberattacks after chaos amid lockdown: EY

Companies in India have adapted well to respond to increased cyberattacks after witnessing "total chaos" in the first three months of coronavirus-induced lockdown, although it will take time for these firms to upgrade their networks, according to a senior official of consultancy firm EY.

EY in its Global Integrity Report 2020 had found that cybercriminals, trying to exploit the fears and uncertainties around the virus, have stepped up phishing and ransomware attacks, increasing the risks for organisations already struggling to operate during a pandemic.

The rapid shift to employees working remotely also made cybersecurity an even bigger challenge one that organisations had little time to prepare for and such attacks have happened in various sectors, including healthcare organisations.

"But I would say India has adapted well. Today companies have much more handle on what's happening. The first three months (of lockdown) was total chaos. That's when all these ransomware and cyber cases happened quite a lot," Arpinder Singh, India & Emerging Markets Leader EY Forensic & Integrity Services, told PTI.

He further said, "Today, things have opened up and people have started going back to office and also companies have invested to make sure their networks are tighter, infrastructure is tighter. But it will take time upgrading."

Recollecting on what happened when the lockdown was first announced in March, Singh said there was so much disruption "that I don't think any company is fully prepared for. No one is fully prepared, even IT companies, that their employees will have to work from home. Most IT companies have desktop, and employees can't carry desktop to home. Even a basic thing like that was not planned."
 

Giving reasons for the unpreparedness, he said, "In India work from home has never been a very popular (concept). Companies have not really supported it like they do in the US or Europe, where it is quite common to work from home even if there is no pandemic. They are much more used to working from home than we are."

People have taken computers home, it has taken companies a month or two to set up firewalls or additional security. So that has not been easy, he added.

Singh also said with employees working from home, many companies were unable to keep full track of incidents on their network. Besides, there have been cases of companies using outdated servers which exposed the companies to cyber issues.

On the nature of cyberattacks, he said, "A lot of the issues are ransomware, where the complete infrastructure of a company is put on a standstill, where they cannot either produce, manufacture or service customers."

The EY report had stated that it's critical to develop and implement a cyber breach incident response plan, alongside training employees, considering that most ransomware attacks occur when an employee clicks on a fraudulent email link or attachment.

It found that 62 per cent do not have such plans in place, and less than half (49 per cent) were adequately trained.

Moreover, organisations remain concerned with the ever-present threat of cyberattacks and 32 per cent believed that cyberattacks were the greatest risk to their organisation.

The EY Global Integrity Report 2020 was based on 2,948 surveys done in January and February 2020 in local language with board members, senior managers, managers and employees in a sample of the largest organisations and public bodies in 33 countries and territories worldwide.

A further 600 surveys in total were conducted in April 2020 using the same respondent profile across China, Germany, India, Italy, the UK and the US during the COVID-19 pandemic.