IT TAKES INDIAN ORGANISATIONS nearly 228 hours, or nine-and-a-half days, on average to detect a cybersecurity breach, nearly double the global average of 117 hours, according to a survey by US cybersecurity firm CrowdStrike last year. Couple that with the fact that about 75 per cent of Indians — the highest among all countries — surveyed admitted their organisation suffered a ransomware attack in the last year, and it paints a dismal picture of the state of digital security in Indian companies.

It’s not too surprising then that nearly every other day there is news about a cyber incursion. This year’s list alone includes confectioner Haldiram’s, hyperlocal concierge service Dunzo, Air India, and e-grocer BigBasket.

One of the easiest ways to infiltrate an enterprise’s computer network is through an employee’s account. Or more specifically, through password phishing. IBM’s Security X-Force survey showed that 82 per cent of the 22,000 global respondents reuse their email and password combinations. While this makes it convenient for one to access multiple accounts, it is a bane for enterprises when the practice spills over into the workplace. And rather than