- In February 2009, local newspapers reported that the Ministry
of External Affairs was examining a security breach on its computer
network, after some computers were found to be infected with
spyware, which was sending copies of information to an external
e-mail address
- In March 2009, Websense Security Labs discovered that the
official website of Rajshri Productions, India, had been
compromised and was infecting the machines of site visitors with
malicious code
- In August 2007, the website of one of India’s leading
banks, Bank of India, was hacked, and was found to be distributing
malware and Trojans to visitors. In the same month, Websense
Security Labs discovered that the official site for Syndicate Bank
was compromised with a malicious script
- In December 2006, Kingfisher Airlines was hit by an online
e-ticket fraud that cost the airline Rs 17 crore
- CERT-In, the Indian Computer Emergency Response Team’s
website, reveals that a total of 4,475 Indian websites were defaced
in the year 2008
What do the above incidents tell us? The fact that even after
following the best security mechanisms, all a hacker has to do is
to find a single open door or a minor exploit for breaching a
network. KK Mookhey, Principal Consultant, Network Intelligence
India, rightly sums this up as an asymmetric warfare: “The
attacker has to find only one loophole, while the defense has to
plug all loopholes.” With multiple threats ranging from Zero
day exploits, website vulnerabilities, unpatched software and an
ever-growing insider threat, enterprises cannot afford to blink
their eyes even for a moment.
Clearly, even as the Internet has leveled the playing field for
Indian enterprises, it has also exposed the vulnerabilities of
Indian enterprises to global hackers who do not differentiate
between boundaries. For example, the Bank of India hacking incident
was traced to an ISP in Russia.