The Narendra Modi government's remark that the WannaCry ransomware attack, which crippled computer systems across the globe, didn't have a serious impact in the country has raised many eyebrows.
Following the outbreak of WannaCry ransomware on Friday, various reports said that India was one of the worst-hit nations targeted by the malware. With cyber-security experts saying that the malware infected at least 45,000 computer systems belonging to Indian organisations ranging from banking to IT services to small retail shops, there's enough ground to speculate on a possible under-reporting of related incidents.
"Russia and India were hit particularly hard, largely because Microsoft's Windows XP, one of the operating systems most at risk, is still widely used in the countries," Ankush Johar, director at Human-Firewall.io, a phishing protection company, told Economic Times.
The government, on the other hand, has a different story to narrate.
"There is no major impact in India. We are keeping a close watch. There have been isolated incidents in Kerala and Andhra Pradesh," said Union Electronics and Information Technology Minister Ravi Shankar Prasad, adding that the government has formed a cyber coordination centre which would start operating from June to take precautions against cyber-attacks in future.
Aruna Sundararajan, Secretary, Union Electronics and Information Technology Ministry, also said that the reported ransomware attacks in the country "are like a drop in the ocean." According to her, the government has not received any reports of major cyber-attack linked to the WannaCry ransomware.
Did banks under-report cyberattacks?
Meanwhile, none of the major banks, or the Reserve Bank of India, reported any anomaly, suggesting that the latest cyber-attack had minimal impact on the country's financial system.
However, the fact that Indian banks are widely assumed to be running on less sophisticated systems than their global counterparts, makes it hard to believe.
Although nothing troublesome was reported on India's ATM network, these machines are feared to be the most vulnerable to hacking as they still majorly run on the outdated Windows XP operating system.
Cost-saving with outdated systems?
Clinging on to obsolete operating systems is not just limited to banks as many enterprises and institutions have also been using older versions of Windows. According to a recent report by StatCounter, Windows 7 accounts for nearly 60 percent market share for desktop Windows versions in India, followed by Windows 10 with nearly 20 percent market share.
According to Microsoft, computers running on Windows 10 were not targeted by the WannaCry ransomware. Therefore, it's very likely that the number of victims of the cyber-attack in India is much higher than what has been reported so far as the majority of the computers in the country are still powered by Windows versions that the company no longer supports.
While it's not clear what could have possibly prompted organisations to under-report the impact of WannaCry ransomware, this could well be a cost saving measure, but at the expense of data security.
Pirated software make it even worse
Some experts also believe that a widespread use of bootleg software in India might have forced companies to cover up their losses as they cannot report the same due to licensing issues.
"MNCs, banks, telecom and big IT firms are prepared to deal with such attacks as they have got their cyber policy in place by installing latest updates, anti-virus software and firewall. But a large number of mid and small firms remain exposed to the threat," Mukul Shrivastava, partner of Fraud Investigation and Dispute Service, EY India, told Mail Today.
According to the BSA Global Software Survey, 58 percent of the software tools used in India in 2015 was pirated, with a commercial value of $2.68 billion. The software piracy rate globally in the same year was 39 percent with a commercial value of $52.24 billion.
If the trend continues, using pirated software will be embedded in India's computing culture, putting the country's cybersecurity more at risk. Experts, therefore, believe that a global outbreak like the WannaCry ransomware attack should serve as a wakeup call for those using unlicenced software or outdated systems while not investing enough in security.
"We must evolve three determiners for digital security: how we ensure software authenticity and integrity, how we assess risk in an increasingly interconnected network and how we disseminate software updates," Dr Krishnashree Achuthan, director at the Center for Cybersecurity Systems and Networks, Amrita University, told International Business Times, India.