Healthcare most affected followed by Finance and Manufacturing

Cyber security firm, Fortinet in a recent report pointed out that the Indian Healthcare industry is the most affected by botnets (up from 6th last year), followed by Finance and Manufacturing.

Speaking to ET, Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet pointed out that many organizations experienced the same botnet infections multiple times which is an alarming data point. “Either the organizations did not thoroughly understand the total scope of the breach and the botnet went dormant only to return again after business operations went back to normal, or the root cause was never found and the organization was re-infected with the same malware.”

The threat landscape from Fortinet pointed out that 518 daily botnet attacks have happened per firm, 245 unique botnets have been detected, 3.5 infections days per firm, 1.9 active botnets per firm. Maurya points out that majority of organizations which rely on firewalls, intrusion prevention systems, and antimalware software to protect their networks ignore the real weak link in the security chain which are users. Even large organizations with strong security measures have been brought down by unwitting users who fell for sophisticated social engineering and disclosed login credentials or introduced malware onto the network.

He points out that the midsize firms generally saw higher prevalence rates across the board as smaller firms are likely to have less protection but also have non critical data. Larger firms certainly have the data, but also greater resources with which to protect it. “Midsize firms typically have a large enough digital footprint to attract attention, enough valuable data to make them a worthwhile target, and yet not nearly the resources of their larger counterparts.”

According to the survey when asked about what they would have done differently over their career in security, 51% of IT decision makers responded that they would have invested more in employee security awareness training to prevent a security breach and better position their organization to deal with the current IT security threat. “This year, only 57% of organizations have invested in employee security awareness training. On a positive note, 87% are planning programs to educate employees about IT security in 2018.The market for security education has matured rapidly in response to emerging and intensifying cybersecurity threats with strong differentiated offerings from a variety of sources. “