Indian firms must invest more in security to tackle cyber attacks: FireEye

While governments the world over are concerned about how to tackle growing cyber crimes, Indian firms are more vulnerable to data breach because poor investments in adopting and implementing top-of-the-line security solutions, a top executive of US-based network security company FireEye has said.

"If we had to compare countries, the Australian Strategic Policy Institute ranks India lower in cyber security maturity than Singapore, Australia, New Zealand, Malaysia, China and Vietnam," said Vishak Raman, Senior Regional Director for India and SAARC, FireEye.

"It is important to see the bigger picture and not see vulnerability as a horse race between regions. The US cyber security far outpaces India's and yet, the US is routinely plagued by massive cyber challenges," Ramn told IANS as FireEye released its first "Mandiant M-Trends Asia Pacific" report on Thursday.

"In some ways, India is more vulnerable to advanced attacks and in some, we are less vulnerable because cyber security is increasingly becoming a priority for our leaders," he noted.

The report highlighted that the Asia-Pacific organisations were breached for a median period of 520 days before discovering it, trailing European and US counterparts.

"We can all agree that 520 days is far too long for attackers to be lurking inside organisations," Raman said.

The report shared statistics and insights from Mandiant - a subsidiary of FireEye — investigations in the region in 2015 and examined the latest cyber trends and tactics threat actors used to compromise businesses and steal data.

Most breaches in the Asia Pacific region never became public.

Unlike in markets with greater security maturity such as the US, most governments and industry-governing bodies lack effective breach disclosure laws.

According to the findings, the Asia-Pacific organisations are often unprepared to identify and respond to breaches.

They cannot defend their networks from attackers because they frequently lack basic response processes and plans, threat intelligence, technology and expertise.

"Determined attackers can do significant damage. It is imperative that organisations bring together the threat intelligence, technology and expertise necessary to effectively combat these threats," Raman noted.

"While the RBI's cybersecurity framework, released in June this year, has emphasised the need for banks to develop a cyber-crisis management plan and prepare for zero-day attacks, remote access threats and targeted attacks, other industry sectors in India do not have similar guidelines," the FireEye executive commented.

FireEye's earlier research showed that about 24 per cent of Indian organisations were exposed to advanced threats, compared to 15 per cent globally.