The news of IRCTC or the Indian Railway Catering and Tourism Corporation website being hacked or not has become the new agenda of debate on twitter and is spreading across the internet like wildfire. Being, the largest E-commerce website in India, with millions of transactions happening every day, the data from IRCTC is a gold mine for the cyber black market and could easily prove risky for half the nation!
Thousand of transactions are handled by the website everyday and people put in their personal details such as PAN number, Aadhar Card details, etc along with their bank account details while booking the tickets. According to the Economic Times, personal data of about one crore customers could be at risk, if the news is indeed true. This has raised fears of security and an increasing concern on cyber crime.
Even though IRCTC officials have currently denied that the website is hacked, and the enquiry is being made, we cannot ignore the consequences, in case this attempt happens in the future!
Now, we know, that there are companies which have developed solutions to apply analytics in security systems. We got in touch with one of these cyber security companies, RSA, to know how analytics can be used in this situation. Commenting on the matter, Sudeep Das, SE Manager (India and SAARC), RSA told Analytics India Magazine, “It’s very difficult to keep pace with an individual fraud attempts targeting an organization’s website. Since, the new and increasingly sophisticated ways to perpetrate fraud are constantly being developed and deployed.”
He further elucidates that the hackers use business logic abuse mechanisms to hide within legitimate traffic but in a manner unintended by the site owner. Such sophisticated attacks often go unnoticed by either Web Application Firewalls or Log Analysis tools.
Considering the seriousness of the matter, even for the future, it is advisable that the traditional Web Application Firewall technologies should be augmented with Behavioral Intelligence to hunt these attacks in real time and respond to them quickly. Need of the hour is to detect quickly and respond even quicker before there is a major damage to the business. Thus, it has become more important than ever for enterprises to manage their security with analytics. In fact, experts from Blue Ocean Marketing have had an discussion with Analytics India Magazine on how companies can follow a data centric security.
Since, data is such a valuable asset, it could be misused in a number of ways, it could be used by the fraudsters to get fake profiles, fake documents, sell the data to corporations for marketing activities, worst of all, carry out any bank transactions. We really hope the cyber cell will take this matter very seriously and sort out the mess.
With an increase in crimes in India, there is an urgent need to analyse the increasing crime rate and take control of the situation. However, regardless of whether or not the website is hacked, and considering the worst scenario, we recommend you should take appropriate precautions and reset your password of your IRCTC account as well as any details in your travel apps such as Yatra or Make my Trip to be on the safer side.