Critical infra organisations must upgrade security to avoid AIIMS-like attacks, say experts
The recent cyberattack on the All India Institute of Medical Sciences (AIIMS) has once again put the spotlight on cybersecurity practices at government and critical infrastructure organisations in India.
Even as enterprises have increased their cybersecurity spends, experts said critical infrastructure such as power plants, hospitals and railways still run on older operating systems and have dated security measures.
Even if solutions have been implemented, they are often in silos and there are no standard operating procedures in place, the security experts pointed out.
The Sophos State of Ransomware in Healthcare 2022 report has found a 94% increase in ransomware attacks globally.
“Ransomware in the healthcare space is more nuanced than other industries in terms of both protection and recovery. The need for efficient and widespread access to this type of data – so that healthcare professionals can provide proper care – means that typical two-factor authentication and zero trust defence tactics aren’t always feasible,” said John Shier, senior security expert at Sophos.
“This leaves healthcare organizations particularly vulnerable, and when hit, they may opt to pay a ransom to keep pertinent, often lifesaving, patient data accessible.”
Given the nature of the data, the healthcare sector is likely to continue to fall prey to cyberattacks in India and globally.
In recent months, healthcare providers across Australia, Paris and Colombia have been victims of cyberattacks.
“Cybersecurity weakness within this key sector has been observed here in India as well, where most of the government departments are still on decades-old security controls, using old and outdated versions of security software which makes updating to newer technology difficult,” said Sundar Balasubramanian, managing director, India and SAARC region, Check Point Software Technologies. “Some opt for untested, cheaper versions of firewalls, adequate only for basic infrastructure security, feeling safe that they have implemented some sort of cyber controls but which in reality, cannot withstand the latest, sophisticated cyberattacks.”
As per the Check Point Threat Intelligence Report, the Indian healthcare industry is among those that are most impacted, with 4,805 weekly attacks per organization compared to 1,485 weekly attacks globally over the last six months.
Such attacks including the AIIMS were a part of the nearly 1.9 million cyber-attacks recorded on the Indian healthcare industry this year.
This problem is further compounded by a lack of skilled talent to manage the complex and sophisticated security systems.
“In our discussions with some of the India department chief information security officers here, we discovered that unpatched vulnerabilities, unmanaged IoT devices, mobile endpoints and unauthenticated/use of obsolete protocols pose significant threats to organizations in India. Increase in digitization and adoption of new services have also resulted in increased attack surface,” Balasubramanian said.
At present, most public sector organizations are forced to curate the recovery manually by searching backups, snapshots, and other copies for the latest clean version of an object, said Bakshish Dutta, country manager, India & SAARC, Druva.
“This is often the longest, most difficult part of cyber-recovery. Automated curation reduces the manual effort of determining recovery points and can significantly reduce recovery time,” he said.
When it comes to critical infrastructure, the likelihood of giving in to a ransomware attack is also much higher given the nature of the organisations.
“Indian healthcare sector confronts around 2.78 lakh cyber-attacks each month, ranking second only to the United States. Indian businesses get hacked twice as regularly as the global average. With over 1.4 billion people, the Indian internet sector is a goldmine for attackers, including script kiddies, professionals, and state-sponsored actors,” said Amit Jaju, senior managing director, Ankura Consulting Group (India).
Hybrid warfare, or combined physical and cyber-attacks, is the future of warfare, and several countries have established effective firewalls to secure their data. The Indian government should also think along these lines in order to prevent attacks on important infrastructure, he said.
Experts recommend a more collaborative approach rather than working with multiple vendors which can leave gaps in the security process.
“One must integrate identity security as a critical part of cybersecurity strategy, while leveraging Zero Trust to ensure that all human and machine identities are protected,” said Rohan Vaidya, regional director – India & SAARC at CyberArk. “Whether conducting cyber search operations or broadening the spectrum of countermeasures against cyberattacks, dealing with cyber conflict requires a holistic approach that must aim to insulate us against identity theft, hacking, ransomware, malware and much more.”
Meanwhile, basic steps like using strong passwords, having multi-factor authentication and regularly updating security patches will go a long way in preventing some of these attacks.