In November 2021, seven facilities that manufacture hydraulic equipment in Karnataka’s Belagavi—home to the Indian Army’s famed Commando School—were hit by the Agent Tesla spyware, known for exfiltrating data and logs from a system without disrupting it.
The Indian Computer Emergency Response Team (CERT-In), the nodal agency to deal with cybersecurity threats, informed the owners of the facilities about the breaches. The owners then reached out to Swapneel Patnekar, chief executive officer of information security company Shreshta IT Technologies, for help.
Patnekar, who is also a member of the Forum of Incident Response and Security Teams (FIRST), a global forum of cybersecurity experts, rushed to the cybercrime scene, only to find the victims completely nonchalant.
“In all of the places, the managers had called their employees and asked them if their day-to-day operations were impacted by the infection. When they said no, they asked me why there would be a need to fix anything,” Patnekar told The Ken.
Moreover, Patnekar added that the systems at the facilities “had no data to historically identify how the malware came in, no firewall, no logs, nothing to make an incident report”. He debugged the systems, anyway.
Such indifference to serious cybersecurity breaches is more a norm than an oddity among India’s millions of micro, small, and medium-sized enterprises (MSMEs). This is despite over 70% of SMEs in the country suffering a cyber attack in 2021, according to a report report Financial Express 2 in 3 Indian SMBs suffered over Rs 3.5 crore business loss in post-pandemic cyber attacks: Survey Read more by IT firm Cisco. Over 60% of the SMEs suffered a breach that cost them more than Rs 3.5 crore.
In April this year, CERT-In released a set of directives to improve cybersecurity practices and reporting of incidents like the Belagavi breach. The agency gave 60 days to firms of all sizes and shapes to implement the six directives.
Although welcomed by sections of the cybersecurity community, the directives were widely criticised by the industry and privacy advocates over personal data storage and compliance requirements.
Consequently, popular VPN VPN Virtual Private Network A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network providers ExpressVPN, Surfshark, and NordVPN removed removed Indian Express Explained: Why is NordVPN removing its India servers?