Cyberattack Affects 10% of Subex Systems

Subex, the Indian business which is a leader in the supply of risk, assurance, analytics and cybersecurity products, has announced they suffered a cyberattack which forced systems offline and impacted 10 percent of their technology infrastructure. A December 13 stock market filing stated:

…there was an outage of our infrastructure and external facing websites during the course of last week. The Company thereby took immediate action by suspending access to protect its infrastructure and to identify the root cause. It has now been established that there was a targeted cyber-attack and around 10% of the infrastructure and certain data & systems have been impacted. The Company is taking a measured approach in bringing its systems back and minimize any potential impact.

I asked Subex to comment on the incident. This is what Kiran Zachariah, Vice President of Digital Security at Subex, had to say.

With the ‘what’ of the incident already known to everyone, I would want to focus largely on our response to the incident. The attack was isolated rapidly, and all segments of our infrastructure continued in business-as-usual-mode with added security while we attended to our customer commitments. All established cyber-resilience measures were triggered as per our institutional cybersecurity policy. Transparency being the key here, we also made all our stakeholders aware of the incident and kept them updated on the progress on investigation and relevant findings. In light of such attacks increasing in number, we recommend all enterprises to have an SOP to be prepared to meet the challenges posed by the evolving threat landscape and threat actors.

The price of Subex shares has dipped by over 10 percent since the filing was made, but that does not conclusively demonstrate any connection to this news because the shares are currently trading for a price within the range seen over the last four months. The value of Subex’s shares have ridden high this year compared to the previous few years, following a conscious decision to pivot towards new revenue streams including cybersecurity. A recent Subex blog said their market-leading honeypot had identified the highest ever number of cyberattacks in India in connection to a cricket match between India and neighboring Pakistan. In September Subex announced their IoT and OT cybersecurity division had adopted the new brand identity of ‘Sectrio’.

All technology businesses need to be acutely aware of the risk they will be targeted by hackers who will try to disrupt operations or steal secrets. The need for robust defenses is especially acute for companies that also sell cybersecurity products and services. Whilst this attack has not significantly damaged the value of the company, it should come as no surprise that businesses like Subex are on the front line of the battle for network security. They cannot afford any complacency in securing their own assets and data.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.