From the Centre to state government and other local authorities, no one is left unharmed as cyber attacks reach alarming levels. If you thought tech and private companies, and individual users like you and me, are the ones most targeted by cyber attackers, think again. Increasingly in the crosshairs have been the Centre and state governments, as well as other local authorities.
According to the ministry of electronics and IT, 373 Central and state government websites were hacked between 2018 and 2023. According to another study, the number of cyber attacks against Indian entities, both public and private, was nearly 600 in just the first six months of the current year.
Worse, patterns indicate the attacks target periods of heightened national activity, like this year’s summer when a good chunk of the government and bureaucracy were busy with the general elections. Cyber attacks particularly against government bodies peaked in May 2024, at the height of the elections, before tapering off next month.
The increasing number of attacks has worried authorities so much that the Parliamentary committee on communications and IT called on the government a few months ago to urgently increase the security of government websites and networks.
ALSO READ: Ex-NRI loses Rs 6 crore to fake share market apps
According to a study by FalconFeeds, data breach is one of the most common forms of cyber attacks targeted at corporates and the government. “The thriving underground market for unauthorised access to corporate and government networks underscores the importance of strong access control measures, regular monitoring, and swift response to unauthorised access attempts,” the report said.
It suggested mitigative measures like educating government (and other) employees on phishing, the importance of having regular data backup, multi-factor authentication, limiting access to sensitive data and network segmentation.
The lure for cyber attacks like ransomware is the sensitive data that particularly government departments and those in sectors like healthcare, banking and insurance deal with. A typical ransomware attack at a big entity, by 2024 industry estimates, could cost an average of Rs 24 crore to mitigate. The situation is worse with government bodies often not having the latest software or operating systems, nor having enough cybersecurity budgets to stay up to date. For example, the parliamentary committee report earlier this year noted with aghast how many bureaucrats were using outdated Windows operating systems on their official devices.
“Replacing or updating legacy infrastructure is essential, as is implementing zero-trust architecture to limit unauthorised access and mitigate the spread of ransomware. Proactive threat detection systems and AI-based monitoring tools, provide critical real-time insights into network activities and can significantly improve response times to threats,” said Ruchin Kumar, vice president (South Asia) of Futurex.
“Govt staff must be equipped to identify phishing attempts and follow secure data handling practices since human error often contributes to breaches. Centralising incident response capabilities and fostering partnerships with private-sector cybersecurity firms can also offer smaller government bodies access to specialised expertise and technology, enhancing their defences,” he added.
Major government bodies hit by cyber attacks this year include Telangana Police, Tamil Nadu labour department and the National Disaster Management Authority. Last year, the All India Institute of Medical Sciences (AIIMS), India’s largest hospital, was hit not once, but twice, by cyber attacks.