India is now world's spam capital

INDIA has sealed the dubious distinction of being the world's top destination for spam, at a time when cyber criminals are again resorting to mediums such as adware and email spam for hacking, according to a study by American tech giant Cisco.

Eighty five per cent of emails in India are spam, the annual cyber security report said. Brazil comes in at the second spot with 57 per cent, followed by Mexico with 54 per cent spam.

Global spam volume has also surged to levels not seen since 2010. Spam accounts for 65 per cent of email, with eight to 10 per cent cited as malicious, the report said.

Adware or software that downloads advertising without user permission infected 75 per cent of business organisations that were investigated. The Cisco report assumes significance as it highlights vulnerabilities at a time when India is going in for a big push to digital transactions.

In October 2016, 32 lakh ATM cards in India belonging to major banks such as ICICI Bank and SBI were suspected to be hacked and had to be recalled.

Several victims reported unauthorised usage from China. Reports said the breach could have been because of a malware generated in Hitachi Payment Services, one of the largest providers of Point of Sale services, ATM machines and mobile transactions in India.

Highlighting the potential financial impact of attacks on businesses, the global report said, "After a security breach, over 50 per cent of organisations faced public scrutiny. Operations and finance systems were the most affected, followed by brand reputation and customer retention."

Over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of over 20 per cent. In 2016, hacking became more "corporate", with digitisation creating opportunities for cybercriminals.

"Though attackers continue to leverage time-tested techniques, they also employ new approaches that mirror the "middle management" structure of their corporate targets. Certain malvertising campaigns employed brokers (or gates) that act as middle managers, masking malicious activity," it said.

Adversaries can then move with greater speed, maintain their operational space, and evade detection. Among employee introduced, thirdparty cloud applications, intended to open up new business opportunities and increase efficiencies, 27 per cent were identified as high risk and created significant security concerns.

The report said just 56 per cent of security alerts are investigated and less than half of legitimate alerts remediated. The Cisco report surveyed nearly 3,000 chief security officers and security operations leaders from 13 countries as part of the study. 

They attributed budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures.

Leaders also reveal that their security departments are increasingly complex environments with 65 percent of organizations using from six to more than 50 security products, increasing the potential for security effectiveness gaps.

The shortcomings leave gaps of time and space for attackers to utilise to their advantage, the report said. A bright spot was the drop in the use of large exploit kits or malware such as Angler, Nuclear and Neutrino, whose owners were brought down in 2016. But smaller players rushed in to fill the gap, it said.