Securing MSMEs: Insights from 2023 Cyber-Attack Stats by SecureClaw with BDSLCCI Framework

India, January 22, 2024: The Micro, Small, and Medium Enterprises (MSMEs) of India contribute around 30% of the country’s GDP, employment to 110 million people, and 45% of exports, according to the latest report. Large or multinational organizations are mostly outsourcing their work to third-party companies or vendors, which are generally MSME companies, and if that entity undergoes a successful cyber-attack, it directly impacts the confidentiality, integrity, and availability of the primary company. Airbus, University of California San Francisco (UCSF), Norton, Colonial Pipeline, and many leading organizations have faced supply chain attacks in 2023. It also increased the demand by the big organizations willing to outsource their work to MSME or similar organizations to make them adopt a cybersecurity framework to build a cybersecure supply chain. Cybersecurity implementation for MSME can bring more trust and confidence to the global market.

SecureClaw Cyber Threat Advisory has reviewed over 4,500 cyber news articles in 2023 from various sources and nations to offer tailored solutions. “We are sharing a few statistics of India’s cyber news that are based on compilations of the news from various channels,” says Dr. Shekhar Pawar, doctorate in cybersecurity from SSBM Geneva, Switzerland, and founder and CEO of SecureClaw Inc., USA, and GrassDew IT Solutions, India. “Geographically, this data may differ from the actual cyber-attack figures of countries like India because many firms never report cyber incidents to authorities or the media. Like the world is overcoming a big pandemic situation, our ignorance towards rising sophisticated cyber-attacks may be responsible for an industrial or digital pandemic where some kind of virus by cybercriminals may spread in all devices and disturb the global economy.”

The Israel-Hamas war has significantly impacted the cyber domain, with potential targeted attacks from state-sponsored threat actors, despite social media abuse and opportunistic hacktivism. Iran attempted to infiltrate Israel’s water system in April 2023, causing water poisoning by increasing chlorine levels in residential water, according to media reports. State-backed cyberattacks on US water systems have prompted federal attention to the digital challenges of 2023. It is just an example showing how state-sponsored cybercriminals can harm another country’s essential services or even be harmful to the lives of the people.  

India is facing alarming cyberattacks

As shown in the graphs, it is not possible to trace the exact gang behind the cybercrimes happening in India; there are still few patterns and evidence points. Most cyberthreats originate in neighbouring countries such as Pakistan and China. Cyber-attacks in India target the public and government domains, along with BSFI, manufacturing, education, information technology, retail, NBFCs, transport and logistics, F&B, electricity supply, brokerage, telco, healthcare, hotel, pharmaceutical, insurance, tech, and legal firms. Most of these attacks were carried out to compromise IT systems, database systems, email servers, the cloud environment, critical infrastructure, payment gateway systems, computer systems, web applications and APIs, software platforms, document systems, mobile apps, financial transactions, Android phones, tech support, social media accounts, emails, websites, and even messaging platforms. Various kinds of malware, remote code execution, ransomware, DDoS, RATs, deepfakes, spam calls, and even financial scams were the most popular techniques in India’s cybercrime world during 2023.

How to be more secured and good cyber resilience?

Here are a few important points on which businesses should focus.

Adopt Structured Cybersecurity Framework: Adoption of structured cybersecurity best practices is essential across various sectors. Small and medium companies can adopt tailored cybersecurity approaches using the Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI) framework, which is cost-effective, easy, and in alignment with the company’s business domain. For FREE SIGN UP TO BDSLCCI FRAMEWORK visit https://BDSLCCI.com/SignUp and for any clarifications, write to customerservice@bdslcci.com or contact our India helpdesk at (+91) 882-821-2157.

Cybersecurity Awareness Training for Employees: Covers phishing precautions, policies, and insider threats. Requires employee testing for effectiveness.

Importance of Regular System Updates: Regular patching and updating of systems to prevent easy entry for hackers. Monitors zero-day attacks and precautions.

Restricting Access to Required Entities: Only provides high privileges or access when necessary.

Regular Monitoring of Network: Regularly checks logs on network devices and computers. Checks business transaction notifications for malicious activities.

Regular Security Audits: Uses vulnerability assessment and penetration testing (VAPT) on critical digital assets.

Incident Tracking: Tracks each security incident until a permanent fix.

Business Continuity Plan: Prepares for unexpected circumstances like natural disasters and cybercrimes.

Consulting Experts: Organizations can contact SecureClaw for external consulting services like virtual CISO, VAPT, or static application security testing (SAST).