Subex, the Indian business which is a leader in the supply of risk, assurance, analytics and cybersecurity products, has announced they suffered a cyberattack which forced systems offline and impacted 10 percent of their technology infrastructure. A December 13 stock market filing stated:
…there was an outage of our infrastructure and external facing websites during the course of last week. The Company thereby took immediate action by suspending access to protect its infrastructure and to identify the root cause. It has now been established that there was a targeted cyber-attack and around 10% of the infrastructure and certain data & systems have been impacted. The Company is taking a measured approach in bringing its systems back and minimize any potential impact.
I asked Subex to comment on the incident. This is what Kiran Zachariah, Vice President of Digital Security at Subex, had to say.
With the ‘what’ of the incident already known to everyone, I would want to focus largely on our response to the incident. The attack was isolated rapidly, and all segments of our infrastructure continued in business-as-usual-mode with added security while we attended to our customer commitments. All established cyber-resilience measures were triggered as per our institutional cybersecurity policy. Transparency being the key here, we also made all our stakeholders aware of the incident and kept them updated on the progress on investigation and relevant findings. In light of such attacks increasing in number, we recommend all enterprises to have an SOP to be prepared to meet the challenges posed by the evolving threat landscape and threat actors.
The price of Subex shares has dipped by over 10 percent since the filing was made, but that does not conclusively demonstrate any connection to this news because the shares are currently trading for a price within the range seen over the last four months. The value of Subex’s shares have ridden high this year compared to the previous few years, following a conscious decision to pivot towards new revenue streams including cybersecurity. A recent Subex blog said their market-leading honeypot had identified the highest ever number of cyberattacks in India in connection to a cricket match between India and neighboring Pakistan. In September Subex announced their IoT and OT cybersecurity division had adopted the new brand identity of ‘Sectrio’.
All technology businesses need to be acutely aware of the risk they will be targeted by hackers who will try to disrupt operations or steal secrets. The need for robust defenses is especially acute for companies that also sell cybersecurity products and services. Whilst this attack has not significantly damaged the value of the company, it should come as no surprise that businesses like Subex are on the front line of the battle for network security. They cannot afford any complacency in securing their own assets and data.