As the Narendra Modi-led BJP government is preparing for the July 1 rollout of the Goods and Services Tax (GST), multiple security loopholes have been found in the newly-implemented information technology (IT) infrastructure for India's biggest-ever tax reform.
PwC's cyber security team has reportedly discovered security vulnerabilities in the IT systems of many companies, leaving them at risk of a devastating cyberattack like the recent WannaCry ransomware attack, which affected over 300,000 computers worldwide. According to security observers, these companies are overlooking these loopholes in a rush to meet the GST rollout deadline.
"Everyone is now rushing to meet the deadline of implementation; however, we've noticed that in this hurry, businesses miss out on a number of key security elements," Sivarama Krishnan, leader-Cyber Security at PwC India, told Economic Times.
Krishnan also raised concerns over the critical financial information that would hit the internet once GST is implemented. According to him, many organisations are still unaware of the potential business risks that could be unfolding after such information is shared online.
In a recent security breach incident, cyber-security experts reportedly discovered several bugs in the systems of a public sector insurance company, which was hit by the WannaCry ransomware attack. The experts said that the vulnerabilities, if not patched, could pave way for future cyberattacks on the company's newly implemented GST IT infrastructure.
"Many companies conducted an audit on their IT systems after the WannaCry attack to see if there were more vulnerabilities and it was discovered that there were several loopholes," Altaf Halde, Managing Director South Asia, Kaspersky Lab, told ET. "Also with the introduction of GST and new involvement of infrastructure being involved, we foresee that more businesses in India would face new challenges with cyber security."
Since newer variants of the exploit used in WannaCry are already in the making, the lack of awareness among companies in the country significantly amplify the risk of data leakage and duplication.
What makes it even worse for India is that the fact that many users in the country are still clinging on to obsolete operating systems. According to some recent data, nearly 60 percent market share for desktop Windows versions in India is occupied by Windows 7, which was used by almost all of the WannaCry victims.
"India is quite vulnerable especially as we push ourselves towards digitisation. However, India is well equipped with the know-how and capacity to protect itself as well. Sound practices and early warning are important. The awareness of potential attacks should increase and that is the only way to reduce their impact," Dr. Krishnashree Achuthan, CEO of Amrita University's Center for Cybersecurity Systems and Networks, told International Business Times, India.
Following the outbreak of WannaCry ransomware earlier this month, various reports said that India was one of the worst-hit nations targeted by the malware. Some cyber-security experts also said that the worm infected at least 45,000 computer systems belonging to Indian organisations, ranging from banking to IT services to small retail shops.
However, no major corporate or bank reported any WannaCry-related disruptions, triggering doubts whether the impact of the cyberattack was properly reported.