Cybersecurity? India, almost bottom of the class: McAfee report

A global security study finds that India ranked fourth in terms of lowest levels of security adoption after Brazil, France and Mexico, adopting only half as many security measures as leading countries such as China, Italy and Japan.  

Only 60% Indian respondents claimed to deploy a threat monitoring service and use software update and patch management service; 40% revealed having policies prohibiting USB stick usage and policy enforcement on unauthorized software. None of the Indian respondents claimed to adopt any security measures for smart grid controls.60% of Indian respondents have been victims of extortion or cyber attack in the past two years.
Security technology company McAfee joined the Washington -based Center for Strategic and International Studies (CSIS) to craft a global report ‘In the Dark, Crucial Industries Confront Cyberattacks’ that reflects the cost and impact of cyber attacks on critical infrastructures.
On an international plane, 80% of global respondents confessed to have faced a large-scale denial of service attack (DDoS), and a quarter reported daily or weekly DDoS attacks and/or were victims of extortion through network attacks.One in four global survey respondents have been victims of extortion through cyber attacks or threatened cyber attacks. The number of companies subject to extortion increased by 25 percent in the past year, and extortion cases were equally distributed among the different sectors of critical infrastructure.

Michael Sentonas, VP, Chief Technology Officer, Asia Pacific, McAfee says, “Threats to assets in a wide range of core sectors continue to emerge and evolve in complexity with far- reaching ramifications on a nation’s critical infrastructures. Today’s rapidly proliferating threats require enterprises to adopt a comprehensive risk-based approach with stronger network controls.”

To meet the challenges of the changing environment, McAfee advises these companies to adopt true critical infrastructure protection policies focused on: Improved authentication measures, moving away from passwords to a higher reliance on tokens and biometric identifiers; better hygiene of network systems to include increased use of encryption technologies and the monitoring of network use activities for role and activity anomaly detection; increased oversight of access to industrial control systems, including how they access the Internet, through the oversight and active management of Internet connections, mobile devices, and removable media -- and ffective partnerships with governments. The nature of these partnerships will vary from country to country and range from encouragement to mandatory action, but the nature of the new threats industry faces requires government involvement.

The survey comprised 200 IT security executives from global critical electricity infrastructure enterprises in 14 countries, including India and the findings suggest that the rate of security adoption in enterprises is not commensurate with the rapid growth of threats.McAfee is an Intel subsidiary.  
April 21 2011