As India celebrates its Independence Day this year, our country is working on multiple fronts to address national priorities such as inclusive growth, leveraging the democratic dividend, providing nutrition and food security for the masses, and progressively delivering universal access to basic services, employment, and sustainable livelihoods.
While the government is doing its bit to address these issues on priority, cybersecurity is an area that deserves more attention, collaboration, and intervention.
Our research into the State of IoT security in the country brought out some worrying facts. In the last quarter (April-June, 2019), the number of inbound cyberattacks on deployments involving Internet of Things (IoT) grew by a whopping 22 percent.
Hackers are now targeting smart cities, financial services, and transportation with persistent and high-grade malware, some of which has been developed exclusively to target IoT deployments here.
In fact, IoT projects are being targeted at the proof of concept stage itself. Many malware samples, isolated from various cyberattacks, showed a tendency to lay dormant for extended periods of time while listening to network traffic.
Our threat researchers also identified over 2,550 unique malware samples connected with these attacks, which is the highest reported so far. Some of the complex attacks had a clear geopolitical imprint - as seen in the codes they bear.
Modular and military-grade malware reported from key cities points to groups that have budgets and access to research and development facilities that develop and sell sophisticated malware.
Understanding the context
The rising attacks indicate high levels of interest among various groups working towards creating disruption, monetising cybercrime, and impacting specific projects. They are acting in tandem with forces that are sponsored by States that share a similar agenda.
IoT projects are being targeted as these groups are clearly aware of their potential to power our digital ambitions and take the nation forward. Little wonder that projects around smart cities, Industry 4.0, connected healthcare, defence, space tech, and others are prominently on the radar of hackers.
The need for action
These trends clearly point to the need for intervention at various levels. There is an emerging need to secure IoT deployments and to improve our cybersecurity posture. At the national level, there are four areas where we need to take urgent action.
These are: strengthening our cyber defence mechanisms, improving our threat research capabilities, improving cyber hygiene, and standardising security requirements (and linking it with the threat environment we face as a nation).
With malware and hacking tactics getting more complex and sophisticated, our response strategies and approaches have to evolve and counter these aggressive moves. With critical infrastructure sitting prominently on the radar of groups with disruptive intent, the issue should attract high levels of attention and intervention from all stakeholders through collaboration.
Projects such as smart cities, surface, sea, and air transport infrastructure, data centres and defence facilities are key to India’s economic well-being. Unless we scale up and meet the challenges head-on, the full potential of IoT and other allied technologies will not be realised. This Independence Day, let's resolve to work even harder to cyber secure our country at all levels.
(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)
(Edited by Saheli Sen Gupta)