Cyber attacks worry firms more than terrorism

When it comes to threats, natural or man-made, Indian companies have rated cyber security as a major concern. In the light of increased cyber attacks, over 42 per cent of enterprises perceive cyber crime as a bigger threat than terrorism, crime and natural disasters.

This was one of the findings of ‘2010 State of Enterprise Security Study,’ a global study carried out by Symantec Software Solutions Pvt. Ltd., where Indian companies from sectors such as telecom, hospitality, manufacturing, retail and technology participated.

“Indian enterprises are experiencing frequent cyber attacks and the losses incurred due to them are escalating. In the past 12 months, 66 per cent of the companies experienced cyber intrusions and 51 per cent of them reported repeated attacks, while 34 per cent have experienced high number of malicious hits. On the other hand, 31 per cent said there were internal attacks as well,” said Vishal Dhupar, managing director, Symantec Software Solutions Pvt. Ltd., at a press conference here on Tuesday.

Also, each cyber attack had a financial impact, as organisations reported loss of revenue. “Apart from financial loss, companies will have to put up with damaged brand reputation, loss of customer trust. The average revenue lost by companies due to the virtual attacks was recorded at Rs. 58.59 lakh in 2009.” Interestingly, with IT security becoming a daunting issue for enterprises, the study pointed out that implementation of enterprise security is turning into a difficult task.

“Enterprise security is understaffed and the most affected areas in organisations are network security, web security and data-loss prevention. To tackle the issue, companies need to secure their messaging and web environments and defending critical internal servers. They should also have the ability to back up and recover data and respond to threats rapidly.”

To overcome such threats, companies should develop and enforce IT policies to secure data breach in anyway possible. “By prioritising risks and defining policies, companies will not only be able to identify threats but also come up with remedies. Also, they should know the location of sensitive information and how it’s coming or leaving the organisation. Companies should be able to monitor and report their systems status and be ready for any kind of threat.”