India is home to over 77,000 startups and 3.36 lakh Small and Medium Enterprises (SMEs). As per the SME Chamber of India, it accounts for a considerable 37.54 percent of GDP. As India is eying to reach the $5 trillion economy mark, startups and SMEs play a crucial role in reaching this target. Having said that, startups and SMEs are also vulnerable to several problems and cyberattacks are the most prominent.
With expedited digitalisation, startups and SMEs are becoming more prone to cyberattacks as their minimal security infrastructure can influence them even through normal emails. Considering the exigency of building a robust cybersecurity framework, CyberPeace Foundation – the world’s first non-profit civil society organization that creates awareness of mitigating cyberattacks has recently revealed a report that states – of all cyberattacks, 43% target small businesses, and SME startups.
Small businesses and startups operate on a very small scale with limited resources. Usually, strengthening their cybersecurity infrastructure is not as prominent as building a business. As per the finding of the report – nearly 46% of SMEs have no clue about managing cyber risks. In addition, about 60% of such small enterprises that turn victims of cybercrime go out of business within six months.
Furthermore, SMEs and startups are at an incredible risk of cyberattacks as compared to giant corporate institutions. The report also highlights that small business enterprises cannot afford to install the highest security measure. The absence of cyber security guards, sophisticated monitoring systems, and technically equipped entry devices tempts cybercriminals as they can attack without fearing detection.
Given the size of teams and other resources, all cybercriminals may not have enough courage to break into the high-security networks of corporate giants. As a result, SMEs and startups become their easier targets. Moreover, small businesses overlook the value of the data they store by believing there are other bigger targets available for cybercriminals or that their data holds little relevance. This becomes a lucrative market for cybercriminals.
Commenting on the relevance of cybersecurity systems, Major Vineet Kumar, founder, and president of CyberPeace Foundation said, “Cyberattacks have become more robust and sophisticated. The most significant cyberattacks happen as the result of negligence in small matters. Hence, it is pivotal to evaluate cybersecurity risks and develop an efficient strategy accordingly. It can go a long way in protecting the organization and its customers’ confidentiality, privacy, and integrity.”
The CyberPeace Foundation report also brings to light the most prominent cyberattacks faced by organizations due to the negligence of employees in storing documents or data, lack of adequate protection, and employee mobility. In addition, the absence of a functioning data backup policy and poorly defined cybersecurity policies also open avenues for cybercriminals to barge into the organization’s networks.
Cybersecurity is paramount whether it is a small business or an SME. The report also highlights the different types of cybercrimes that target these enterprises – Ransomware, Cryptojacking, Phishing, APT Attacks, Insider based Attacks, DDoS, Man in the Middle (MitM), Password targeting attacks, SQL injection attacks, and Zero Day attacks.
In April 2022, CyberPeace Foundation released another to state the dramatic increase in the number of phishing/social engineering attacks on Indian organizations in the petroleum or refinery business. It also drew attention to WhatsApp messages masquerading as an offer from Indian Oil with links luring unsuspecting users with the promise of Indian Oil fuel subsidy presents making the rounds on the app.
Furthermore, the research done by CyberPeace Foundation (CPF), Autobot Infosec Private Limited, along with CyberPeace Center of Excellence (CCoE) also revealed – nearly 2.7 lakhs attack events
have been recorded between April 2022 to September 2022 on Critical Information Infrastructure (CII) threat intelligence sensors network simulating the Petroleum Refinery network simulated by the research group in India. The Mostly attacked protocols were FTP, HTTP, s7comm, Modbus, SNMP, and BACnet.
”The study is a part of CyberPeace Foundation’s e-Kawach program to implement a comprehensive public network and threat intelligence sensors across the country to capture internet traffic and analyze real-time cyberattacks that a location or an organization faces. A credible intelligence on real- time threats empowers organizations or a Country to build cybersecurity policies,” he added.
Similarly, during the crisis of coronavirus, the healthcare sector including vaccine makers and hospitals was targeted by cyber-attacks. The Healthcare based threat intelligence sensors network witnessed a surge in the number of cyberattacks with 1,195,859 hits in the same time span. The vulnerable internet-facing systems having Remote Desktop Protocol (RDP), vulnerable SMB and Database services enabled, and old Windows server platforms were mostly attacked with an attempt to inject the malicious payloads into the network.
Cybercriminals are equipped with resources that have resulted in a global increase in cyberattacks mainly on business organizations. This has enforced SMEs and startups to implement robust cybersecurity solutions and conduct frequent cybersecurity drives. Staying prepared and informed protects an organization’s valuable assets and saves them from heavy financial losses.