While earlier reports pointed out stating that the Indian Railway Catering and Tourism Corporation’s (IRCTC) website was hacked, turns out, it was not. The IRCTC themselves have come out stating that their website was not hacked, but that some data in the name of IRCTC is in circulation.
Breach or no breach, this sort of an attack is highly probable and can have far-reaching effects. Speaking on the matter to Tech2, Sanchit Vir Gogia, Chief Analyst and CEO at Greyhound Research says,
“Things like security breaches are already happening all year round. It’s not something new. The sad part is that companies, be it public or private, are not prepared to handle anomalies like this and it’s just a matter of what gets reported when. In case of IRCTC, there is a serious gap in planning that needs to be plugged. They cannot afford to get complacent about matters of security.”
“IRCTC keeps talking about improving experience, but there is hardly any mention of the security aspect of the website. Security attacks are ever-changing – it’s a moving goal post. The only way to address it is regular auditing of product, people and processes. Companies cannot afford to let go once they have set up a website, new technology and defence systems need to be put in place regularly. This holds especially true for IRCTC where the scale of impact is so huge,” shares Gogia.
Source: Tech2