[Startup Bharat] With more Indians going online, Tier II and III areas become 'sweet spot' for cybercriminals
The internet may have changed the world for the better, but it also gave rise to a new kind of criminals. According to the 2017 National Crimes Record Bureau (NCRB) data, cybercrime cases almost doubled, putting the spotlight on internet security.
While users in metro cities may be aware of cybercrimes and cybercriminals, India has a whole new set of users going online for the first time from Tier II and Tier III locations.
A report by K7 Computing, an IT services and solutions company, stated that cybersecurity awareness among companies and users in Tier II and III cities is low and these regions are becoming a ‘sweet spot’ for cybercriminals across the world.
Its data claims that Patna has the highest percentile of cyberattacks, with close to 47 percent users facing some form of breach or attack.
This is followed by 45 percent users in Guwahati, 44 percent in Lucknow, 43 percent in Bhubaneswar, and 40 percent users in Jaipur.
An area of concern
With over 530 million internet users, India has the second-largest internet user base in the world today – a good and a bad thing.
J Kesavardhanan, Founder and CTO of K7 Computing, says, “The positive trend of fast-growing Indian towns and smaller cities on the global landscape is certainly attracting the attention of cybercriminals becoming more sophisticated. It is not only a major threat to enterprises in these areas but also to consumers who are becoming heavy cyber users because of low Internet data cost, and easy and affordable availability of devices which can be exploited.”
He adds that three out of every 10 Indian internet users have encountered one or more cyberattacks. This, however, has shifted to more users in Tier II and Tier III cities since 2016 after Reliance Jio came into the picture.
Thanks to Jio, data costs across India dropped by a whopping 93 percent, which allowed an average of 65 million new users to go online every year since then.
“Every company and platform is looking at these regions closely. They are first-time internet users and have easy access. But they do not understand much about the implications of what data and internet could do. In fact, many users in metro cities too are yet to understand, and these are first time users; reaching them becomes easier,” says a professional hacker, on the condition of anonymity.
Another hacker explains there are simple nuances like the passwords you use, your screen time, access, and the operating systems (OS) you use.
“Few are aware of how easily their banking details and everything can be hacked. The passwords they keep and everything one does online can be easily replicated. We are creatures of habit; the idea is to crack into that. Now, if the underlying systems themselves are weak, the process becomes easier,” they added.
Working around vulnerabilities
The key vulnerabilities include the exploitation of loopholes in both Windows and iOS systems. The K7 Computing report states that while iOS vulnerabilities were found in the iMessage service in iPhones and Siri components, Remote Desktop Protocol (RDP) based attacks remained the dominant type of cyber threat in Windows.
It added that the unpatched Virtual Private Networks (VPNs) continued to be an easy target for cybercriminals.
In Windows, which is the most used OS in Tier II and III cities, USB storage device-based threats remain the top malware risk for different users.
“In mobile devices, adware continued to dominate as it remained a growing ‘sweet spot’ for cybercriminals. While many of the notorious Trojans and adware have strengthened their presence, a few new Android malware families were used as well,” says the report.
According to a top analyst, few users in Tier II and III India understand the importance of a good antivirus for their phones.
“Few opt for it or add it, and that can make them all the more susceptible,” they explained.
Data privacy experts explain that the data languishing in the servers is the most vulnerable of its kind. Now, however, it is becoming clearer that the more users come online, there is more need to create awareness and strong systems.
“As we get set to enter a new year, I think it is important that companies, across sizes and geographies, start shifting from awareness to implementation in their approach towards cybersecurity," says Kesavardhanan.
"And this is not just applicable to enterprises but also to each and every cyber user in the country, including those in government departments. Awareness, implementation and keeping it all up-to-date are very critical to remaining cyber safe in this fast growing and sophisticated cyber threat infused world," he adds.
(Edited by Saheli Sen Gupta)