New Delhi, Dec 15 (UiTV/IANS) – India is among the top 3 countries originating Internet of Things (IoT) malware infection in 2022, a Microsoft report said on Wednesday.
IoT devices offer significant value to organisations in the country looking to modernise workspaces, become more data-driven and ease demands on staff through shifts like remote management and automation.
“Therefore, the cyber-threat landscape is real and security is the need of the hour. Microsoft aims to help incident responders and security specialists better understand their environments and prevent potential incidents,” said the tech giant.
The International Data Corporation (IDC) estimates there will be 41.6 billion connected IoT devices by 2025, a growth rate higher than traditional IT equipment.
With increasing connectivity across converging IT, Operational Technology (OT) and IoT, organisations and individuals need to rethink cyber risk impact and consequences, said the report.
Microsoft observed a spike in threats across traditional IT equipment, OT controllers and IoT devices like routers and cameras fueled by the interconnectivity many organisations have adopted over the past few years.
It identified unpatched, high-severity vulnerabilities in 75 per cent of the most common industrial controllers in customer OT networks.
“As OT systems underpinning energy, transportation, and other infrastructures become increasingly connected to IT systems, the risk of disruption and damage grows as boundaries blur between these formerly separated worlds,” said Vasu Jakkal, corporate vice president, security, compliance, identity, and management at Microsoft.
For businesses and infrastructure operators across industries, the defensive imperatives are gaining total visibility over connected systems and weighing evolving risks and dependencies, Jakkal added.
Modern threats like sophisticated malware, targeted attacks, and malicious insiders are difficult for traditional security measures to contain.
Microsoft also observed over 1 million connected devices publicly visible on the Internet running Boa, an outdated and unsupported software still widely used in IoT devices and software development kits (SDKs).
Number of cyber attacks steadily rising
The number of cyber attacks in India has recorded a steady growth over the past few years, and the total number as reported to and tracked by the Indian Computer Emergency Response Team (CERT-In) in the current year stands at 12,67,564 (till November), the Parliament was told on Wednesday.
The corresponding number of such incidents in 2018 was 2,08,456 which increased to 3,94,499 in 2019, to 11,58,208 in 2020 and 14,02,809 in 2021, Minister of State for Electronics and IT Rajeev Chandrasekhar told the Lok Sabha in a written reply.
He said that with the borderless cyberspace coupled with anonymity, along with rapid growth of Internet, rise in cyber attacks and cyber security incidents is a global phenomenon and the government is fully cognisant and aware of various cyber security threats. The Indian Computer Emergency Response Team (CERT-In) is mandated to track and monitor cyber security incidents in India. In the recently notified cyber security direction, CERT-In has now made it mandatory for all incidents to be mandatorily reported to it.
The minister said that CERT-In operates an automated cyber threat exchange platform for proactively collecting, analysing and sharing tailored alerts with organisations across sectors for proactive threat mitigation actions by them. According to the analysis by CERT-In, the Internet Protocol (IP) addresses of the computers from where the attacks appear to have originated from a number of countries.
The reply further said that government has published National Cyber Security Policy 2013 with the vision of building a secure and resilient cyberspace for citizens, businesses, and government, and the mission of protecting information and information infrastructure in cyberspace, building capabilities to prevent and respond to cyber threats, reducing vulnerabilities and minimising damage from cyber incidents, through a combination of institutional structures, people, processes, technology and cooperation.
Further, the Ministry of Home Affairs has issued National Information Security Policy and Guidelines to the Central Ministries as well as state governments and Union Territories with the aim of preventing information security breaches and cyber intrusions in the information and communication technology infrastructure.