Business Standard

State govt web domains 'extremely vulnerable' to cyberattacks: Report

More than 700 credentials with passwords were leaked to the dark web in 2022, says study by cybersecurity firms


Peerzada Abrar Bengaluru

Listen to This Article

Website domains of Indian state governments are "extremely vulnerable" and don’t follow basic security drills, said two cybersecurity firms in a report investigating practices.

Securin Inc. and Ivanti said more than 700 credentials with passwords were leaked to the dark web in 2022, making state internet domains vulnerable to phishing attacks, credential misuse, and impersonation. The companies said their investigation found 537 instances of ransomware risk.

More than 10 per cent of domains used by Indian states do not have Secure Sockets Layer (SSL) encryption, a basic security protocol layer without which hackers and threat groups can mount attacks and intercept sensitive data.

“India saw the highest number of cyberattacks on government agencies in 2022, which highlights that cyber hygiene cannot be ignored,” said Ram Movva, co-founder and chairman of Securin Inc. “The government sector was the third most attacked industry in 2022, and we are seeing a sharp increase in the number of attacks being deployed on Indian organisations and government entities."

“When basic cyber hygiene is not robust, it leaves governments and organisations extremely vulnerable to cyberattacks,” said Srinivas Mukkamala, chief product officer at Ivanti. “All organizations and governments must remain vigilant when shoring up their cyber defences. Together with our partners at Securin, we will continue to highlight areas of improvement for governments and organizations to protect against ransomware attacks.”

The firms' investigation used the Securin Attack Surface Management platform to examine the domains of Indian state governments and union territories.

According to the 2023 Spotlight Report, released last month, global ransomware attacks have increased 503 per cent since 2019. The report said that 76 per cent of vulnerabilities being exploited by ransomware groups were actually discovered before 2020, highlighting that attackers still rely on old tactics.

End-user spending on security and risk management in India is forecast to total $2.65 billion in 2023, an increase of 8.3 per cent from 2022, according to research firm Gartner, Inc.

Jeff Abbott, chief executive officer of Ivanti, said that the firm has 3000 employees of whom 800 are in India. “We have a lot of momentum in India. We're continuing to invest in India,” said Abbott. “That could be engineering product management and support. Some of our operations teams are coming from here. The efficiency that we're getting with the talented people that we have here (helps) us to make easy choices on where to (hire) staff."

Don't miss the most important news and views of the day. Get them on our Telegram channel

First Published: Mar 29 2023 | 4:23 PM IST

Explore News