ARTICLE
21 May 2025

CERT-In Issues Advisory For All Industries To Safeguard Business Operations Against Cyber Security Threats: Mandates Log Analytics And Role-Based Access As Default

L
Lexplosion Solutions Private Limited

Contributor

Lexplosion Solutions Private Limited logo

Headquartered in Kolkata, Lexplosion was founded by a team of four ex-GE lawyers with a view to help the corporate legal & compliance fraternity reduce their effort and cost overhead. From its inception in December 2007, Lexplosion has focused on creating new markets by identifying the needs of corporate counsels and compliance officers and re-defining solutions. We have helped a number of Indian organizations lower the total cost of legal and compliance operations by making their processes more efficient and benchmarking them to global best practices. A number of our pioneering initiatives have been borne out of our endeavor to bridge the gap between the long term needs of the customer and the existing solutions in the market.

Explore Firm Details
The Indian Computer Emergency Response Team has issued a high-severity Advisory titled "Essential Measures for Industry for Safeguarding Business Operations against Cyber Security Threats" for industries to safeguard business operations and sensitive data.
India Privacy
Lexplosion Solutions Private Limited

The Indian Computer Emergency Response Team ("CERT-In") has issued a high-severity Advisory titled "Essential Measures for Industry for Safeguarding Business Operations against Cyber Security Threats" for industries to safeguard business operations and sensitive data. The Advisory underscores the increasing frequency and sophistication of cyberattacks including ransomware, DDoS incidents, website defacements, data breaches and malware infections that threaten the confidentiality, integrity and availability of business systems and services.

Key Highlights:

Accordingly, the industries need to implement the following safeguarding measures:

  1. Strengthen Authentication & Access Control
    1. Enforce strong password policies with long, complex, and unique credentials for each service.
    2. Implement Multi-Factor Authentication (MFA) to secure accounts.
    3. Apply role-based access control (RBAC) to restrict employee permissions based on their responsibilities.
  2. Web Server & Infrastructure Protection
    1. Scan all web servers and infrastructure for open ports and known vulnerabilities.
    2. Remove or isolate unmaintained old or unused web applications and systems,
    3. Deploy web application firewall.
  3. Implement robust Data Protection Plan
    1. Maintain regular offline backups to mitigate ransomware risks.
    2. Regularly test backup restoration procedures to ensure data recovery remains reliable.
  4. Develop an incident response plan
    1. Establish a structured response plan to effectively address breaches and cyber incidents
    2. Continuously analyse log files and network activity for failed login attempts, configuration behaviour.
  5. Conduct employee awareness and training
    1. Conduct regular cybersecurity training to educate employees about phishing, social engineering, and best practices. Simulate phishing attack exercises to improve user awareness.
    2. Organise routine cyber drills to simulate attacks and response measures.
  6. Supply chain monitoring
    1. Establish continuous monitoring of vendor and supplier activities.
  7. Zero trust architecture
    1. Implement a zero trust security model where no entity, whether inside or outside the organisation, is trusted by default.
    2. Enforce strict identity verification and authorisation for every network activity for failed login attempts, configuration changes, new device connections or other suspicious behaviour.

All suspicious cyber activity must be reported to CERT-In at incident@cert-in.org.in. Logs should be preserved in accordance with CERT-In's 28th April, 2022 Directive and submitted with the incident report.

Source: CERT-IN

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Lexplosion Solutions Private Limited
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More