Indian startups, SMEs most vulnerable to cyberattacks: Report

New Delhi: While digital transformation has been a great boon for SMEs and startups in 2020 as more businesses come online, it has also opened up opportunities for cybercriminals to target weak or non-existent cybersecurity infrastructure which smaller businesses tend to generally have in India.

As per findings in the recent handbook titled “Cybersecurity for SMEs & Startups” by CyberPeace Foundation (CPF), startups and SMEs remain the most vulnerable segment in India when it comes to cyberattacks.

The eBook is being launched in joint collaboration with the United Nations Global Compact Network (UNGCNI), Autobot Infosec and The Institution of Electronics and Telecommunication Engineers (IETE). It reveals key findings of cybersecurity vulnerabilities in the Indian startup & SME ecosystem and also recommends best practices to avoid the same.

When it comes to the most common challenges faced by organizations, one of the most critical ones is the cybersecurity risks. They interrupt the functioning of an organization and compromise the confidentiality, integrity, and availability (CIA) of valuable information assets. However, the cybersecurity risks themselves stretch across a broad spectrum.

As per the findings, the most common forms of cybersecurity challenges faced by startups are:

Negligence by employees: The most common forms of employee negligence which lead to cyberattacks including data breaches are accidental loss of the device containing confidential data, leaving the workstation unprotected or unattended, sharing confidential information such as passwords via paper notes and remote working using an unsecured or public network connection.

Employee Mobility: With COVID19 prompting startups & SMEs to institute work from home policies, the potential for cyberattacks has increased manifold. Most employees tend to use personal unsecured devices to do work which results in data breach. IoT devices used by employees are often unsecured which results in the maximum number of data breaches.

Most common types of cyberattacks faced by startups & SME’s are Ransomware, Cyptojacking, Phishing, Password targeting attacks & APT attacks.

Talking about the findings and report, Vineet Kumar, Founder and President, CyberPeace Foundations, said: “On one hand India is the third largest startup nation in the world while on the other hand majority of Indian startups and SMEs routinely disregard cybersecurity.

The challenge is exacerbated by SMEs who may not have the knowledge or understanding of cybersecurity. I think startups and SMEs are particularly lax in terms of ensuring #cybersecurity, they only take it seriously after the breach has happened, which is very irresponsible. With the launch of the eBook, we hope to address the problem and create more awareness for budding startups and SMEs who are building businesses online.”

Launching the eBook on CyberSecurity for SMEs and Start-ups, Lt. General (Dr.) Rajesh Pant, PVSM, AVSM, VSM, National Cyber Security Coordinator (NCSC), Prime Minister’s Office mentioned: “To know how to defend yourselves or your organization, it is important to understand how the attacks happen and what methodology do cyber predators use to harm organizations. October is considered as ‘CyberSecurity Month’ and seeing that everyone across the nation is taking initiative and coming up with this eBook is very relevant and I compliment everyone for this.”