Recently, the Supreme Court of India Web site was attacked by a hacker collective known as Anonymous (apparently for issues related to censorship). Similar attacks were repeated on many private enterprises, indicating a huge gap in awareness and response to cyber attacks.
Data theft, hacking, phishing, and intrusions or defacement are the prevalent forms of cyber attacks faced by organisations. These attacks may result in loss of sensitive data such as contact lists, emails, business plans, intellectual property, restricted financial information and client proposals among other things.
While most organisations have data security policies, few have a response plan to address any breach of perimeter security or other technology-centric incidents. An effective cyber-incident response plan contains a set of specific actions to prevent, detect and mitigate cyber attacks. These include assessing current security readiness, establishing clear lines of communication during an attack, identifying potential dangers, event detection and evidence gathering, investigation and problem solving, digital triage forensic and reportage. Of course, equally important is the interaction with peers to help spread the word.
You cannot really expect a typical system/ network administrator in your IT team to respond to the challenge, as the expertise required here is very different (such as preferring a cardiologist over a general physician to treat a heart condition). Cyber-incident response requires an in-depth understanding of perimeter devices, internetworking, DNS, TCP/IP suite of protocols, operating systems, file systems and so on. People responsible for managing the cyber-incident response plan should be technically capable of assessing the situation and authorise quick action so as to secure evidence in time. There must be clear responsibilities for training and educating employees in safeguarding against cybercrime. Lastly, a recovery plan must be in place to ensure that business continues seamlessly on replacement systems even when some machines are affected.
Such practical tips combined with periodic interactions with the Indian arm of the Computer Emergency Response Teams — CERT.IN (CERT was formed globally to prevent cyber incidents) — can ensure successful implementation of cyber-incident response plans.
Reaching for IT renewal deals
Though many large Indian IT players are predicting a sombre year ahead there does seem to be a silver lining. Over the next 2-3 years, IT contracts close to $20 billion are set to expire and the Indian IT industry needs to be prepared to battle it out to win the contracts that are up for renewal. Effectively, this means that companies will need to ensure they are adequately staffed and the resources are trained to take up the inflow of new businesses. In the last four years, Indian tech companies won deals that were up for renewal worth $20-25 billion against multinational rivals and this trend will continue as Indian players become more and more competitive against global peers.
Moreover, the domestic market holds huge potential and is waiting to be tapped. Many companies are aggressively targeting this market, especially in the Government and insurance sectors. Succeeding in this market will require a completely different strategy and teams, and resources should be trained and used accordingly.