Majority of Indian IT Security Professionals See Nation-State Sponsored Attacks As Cause of Concern
India at 97 per cent comes much higher than the global average for experiencing a sense of risk from nation-state threats, a CrowdStrike survey shows
In the last few decades, cybersecurity and data have become the new weapons of supremacy. Countries across the world now spend millions of dollars to tighten online security, notwithstanding naysayers who believe no data on the internet is truly secure.
And so it was not a surprise when a recent study by US cyber technology firm CrowdStrike found that 83 per cent of all respondents to their survey believe attacks sponsored by nation-states pose clear danger to organizations in their country.
India at 97 per cent and Singapore at 92 per cent come much higher than the global average for experiencing a sense of risk from nation-state threats.
The survey had responses from 1900 senior information technology (IT) decision-makers and IT security professionals in 11 countries including the US and Singapore. Of the total number, 300 were from India.
Are Companies Doing Enough?
Among the most recent of online security breaches was the menace of spyware Pegasus which attacked 1,400 WhatsApp users across the world, targeting journalists and activists.
The Facebook-owned messaging platform confirmed that 121 users in India were affected by the software, made by Israeli-based firm NSO, with 20 of them having their phones breached.
The CrowdStrike survey respondents said that it took them 162 hours or about seven days on average to detect, investigate and contain a cybersecurity incident It takes 31 hours on average to contain an attack once detected and investigated.
95 per cent of the respondents believe more needs to be done to stop an intruder once they were in the network.
CrowdStrike recommends organizations to use the 1-10-60 rule where the threat is detected in one minute, investigated in ten minutes and contained in an hour.
The survey found that only 11 per cent of respondent organizations can detect in under one minute, 9 per cent can investigate in ten minutes, while 33 per cent can contain in 60 minutes. Only 5 per cent could do all three.
“Organizations are challenged to achieve the kind of speed required to match sophisticated nation-state and eCrime adversaries known to be targeting organizations,” said Thomas Etheridge, vice-president of CrowdStrike Services.
Among other things, organizations need to employ teams that have threat-hunting capabilities and employ next-generation tech in order to keep themselves safe, Crowdstrike said.