Why Air India Breach is an Eye-Opener for Every CISO

Why Air India Breach is an Eye-Opener for Every CISO

Posted May 25, 2021

Why Air India Breach is an Eye-Opener for Every CISO

  • The cybersecurity vulnerability within the Indian tech ecosystem is growing wider and more apparent by the day. Three months after air transport data major SITA reported a data breach, Air India said last week that personal data of about 4.5 million passengers had been compromised following the incident at SITA.
  • Air India said that CVV data of credit cards were not held by SITA, as it urged passengers to change passwords “wherever applicable to ensure safety of their personal data.”
  • The struggling airline, which is surviving on taxpayer money, claimed that it had investigated the security incident, secured the compromised servers, engaged with unnamed external specialists, notified the credit card issuers, and had reset passwords of its frequent flyer program.
  • The lesson from such breaches as Sonit Jain, CEO of GajShield Infotech observed, “While organization spend a lot of effort securing their enterprise network, risk assessment of partner networks is rarely done, leaving a big gap open to be compromised. As attackers start mapping supply chain providers of an organization, we will see an increase in the number of such attacks. Lack of visibility and control will leave a blind spot ready to be used.” “Cyber defenses now need to be extended beyond an organization’s network and cover their partner network, processes, and employees too,” he said.
  • When the world went into lockdown in March 2020, the total number of bruteforce attacks against remote desktop protocol (RDP) jumped from 93.1 million worldwide in February 2020 to 277.4 million 2020 in March—a 197 per cent increase.
  • “It obviously becomes essential for enterprises to regularly train their non-IT staff and create an awareness in order to protect their consumer’s data from being exposed in a data breach incident due to threats like phishing, malware and brute force attacks. Regular system updates and proactive disclosure of such incidents also help businesses in creating a stronger strategy to fight against data breaches,” he said.

– Sohini Bagchi | May 25, 2021