India third most prone to cyber attacks with 76% firms hit in 2018: study

More than 18% threats discovered in India are on mobile devices, almost twice than the global average

About 76 per cent of Indian businesses were hit by cyber attacks in 2018, the highest after Mexico and France, according to a study.

A report by Sophos, a global leader in network and endpoint security, today announced that the findings of its global survey, 'Seven Uncomfortable Truths of Endpoint Security' revealed that most cybercriminals in India are detected at the server (39 per cent) and on the network (35 per cent). 

Similarly,  eight per cent are found on endpoints. More than 18 per cent threats discovered in India are on mobile devices, almost twice than the global average.

The survey polled more than 3,100 IT (information technology) decision makers from mid-sized businesses in 12 countries, including the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India and South Africa.

“IT security continues to be a major issue across the globe with 68 per cent of organisations surveyed hit by cyber attacks in the last year (76.3 per cent organisations in India). On average, organisations impacted by cyber attacks were struck at least twice,” the survey said.

“Server security stakes are at an all-time high with servers being used to store financial, employee, proprietary, and other sensitive data. Today, IT managers need to focus on protecting business-critical servers to stop cybercriminals from getting on to the network. They can’t ignore endpoints because most cyber attacks start there, yet a higher than expected amount of IT managers still can’t identify how threats are getting into the system and when.” said Sunil Sharma, managing director sales at Sophos India & SAARC. 

Fourteen per cent of IT managers who were victim to one or more cyber attacks last year can’t pinpoint how the attackers gained entry and 17 per cent don’t know how long the threat was in the environment before it was detected, according to the survey. 

To improve this lack of visibility, the survey pinpointed that IT managers need endpoint detection and response (EDR) technology that exposes threat starting points and the digital footprints of attackers moving laterally through a network.

On average, Indian organizations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them.

The survey highlighted that three – fourth of Indian organisations admitted is not being able to take full advantage of implemented EDR solutions while about 67 per cent organisations plan to add EDR capabilities to combat cyber attacks.