After infiltrating your bank account and email, the next big high for a rogue hacker is combing your credit history — data that capture your earnings, defaults, loans, and some of the well-kept financial secrets.
Early August one of the credit score management companies in India, Creditseva, was alerted by a European cyber security firm that credit history of close to 40,000 borrowers stored in Creditseva server has been leaked. The overseas firm assured that given a chance it would fix the problem.
The hassled two-year old Hyderabad-based company looked around for gaps in the system, but did not find — or so it claims — any chinks or any evidence that the confidential information has landed on wrong hands.
But before the company could brush it off, a London-based blogger ran a piece talking about the breach and a large data loss. Soon some of the bankers and ethical hackers in India were whispering about it despite the company denying it.
When contacted, Creditseva Chief Executive Officer Satya Vishnubhotla said, “There has been no data breach”.
He explained how the company had ordered an internal audit of all its database after receiving the mail and even looked into Amazon Cloud where they have their data stored and found all folders secured.
Indian companies or banks, even those listed abroad, have rarely admitted they have been hacked. Nonetheless, another question, which hints at a different kind of threat, has cropped up: Besides actual attacks and real cyber threats, are Indian businesses exposed to bullying by shady security professionals who scare them — with the capability of even hacking into a system — to generate business?
In a blog post on a social media site, Steven Tong, Managing Director of Startup Bootcamp Asia, an investor in Creditseva-—said, “Running a start-up is hard but it gets harder when so called security ‘consultants’ contact you about engaging their services because they ‘found’ a security breach in your system and then ‘leak’ news of it to ‘journalists’ when you refuse to pay up and engage their services. This happened to one of our portfolio companies and it can happen to you too. Beware!”
It’s a message that start-ups may make a mental note of: While security is an important aspect of business in the fintech space and there have been incidents of cyber heists, start-ups have to balance expense between security measures and expansion of business.
“As a part of our continuous internal checking mechanisms over the last year, we have got ISO audit done, even had on-boarded security specialists NII Consultants last year,” said Satya. “Post this incident, we are planning to get another security auditor to check our systems.”
The company had just raised $360,000 in April. The 10-member strong organisation has around 1 lakh customers who have used its services.
The dilemma for a company would be to distinguish between a hoax call and a genuine alert. Cyber attacks can take multiple forms and malwares can be stealthy. There have been incidents where cyber worms, after penetrating a company’s system, lie dormant for six months before crawling from terminal to terminal to wreak havoc.
Most companies, particularly small businesses, may be clueless about the enormity of a problem or assess the seriousness of a threat.
“Some companies are quick to act…after spotting a breach they work almost round the clock to plug it. Once the problem is resolved, they are free to assure clients and investors that there have been no attacks or leak. Only banks have to follow mandatory reporting of breaches to RBI. But such reports are never in public domain,” said a local security firm.
Source: The Economic Times