With a population surpassing 1.4 billion and a rapidly expanding economy, India’s digital footprint has made it an alluring target for cybercriminals seeking to exploit vulnerabilities.
According to a new study from Cloudflare, Inc. 83% of Indian organizations experienced a cybersecurity incident in the past year, with 48% revealing they experienced 10 or more. The incidents were mostly attributed to web attacks, phishing, and supply chain attacks, with respondents ranking financial gain as the primary goal of cybercriminals, followed by planting spyware and data exfiltration.
Despite the frequency of cybersecurity incidents in India, only 52% of respondents consider themselves highly prepared, and the lack of preparedness is costing millions. 47% indicated that the financial impact of such incidents exceeded US $1 million in the past 12 months, while 27% experienced financial setbacks of no less than US $2 million.
Read more: India most targeted country in 2022 as cyberattacks on govt. agencies more than doubled
The aftermath of cybersecurity incidents extends to organizational operations, with 46% of respondents reporting that their organizations reduced or restricted hybrid work, were forced to lay off employees, and postponed expansion plans. Talent shortage was also identified by 57% of Indian business leaders as the biggest challenge they’re facing when it comes to cybersecurity preparedness, while 44% indicated a lack of funding is hindering their ability to protect their businesses.
“Preparedness is key, as organizations continue to grapple with a cybersecurity landscape that has unprecedented complexities. With India’s growing digital prowess and continued business reliance on technology, it is critical for organizations to foster a security culture that empowers their leaders to approach cybersecurity as a strategic business imperative. This will facilitate organizations in not just reducing expenditure but also ensuring a sturdier, more streamlined cybersecurity framework,” said Jonathon Dixon, Vice-President and Managing Director, Asia Pacific, Japan and China at Cloudflare.
With India’s growing digital prowess and continued business reliance on technology, it is critical for organizations to foster a security culture that empowers their leaders to approach cybersecurity as a strategic business imperative
Jonathon Dixon, Vice-President and Managing Director, Asia Pacific, Japan and China at Cloudflare
Rohan Vaidya, Regional Director, India & SAARC, CyberArk, says that data breaches expected to skyrocket this year.
“In 2023, India experienced a surge in these cyberattacks, leaving a trail of compromised personal information, disrupted operations, and eroded public trust. In 2024, we expect a sharp uptick in data breaches as the digital landscape expands, primarily because of the scale and diversity of attacks, which have impacted almost every sector, from government to healthcare to startups.”
In 2024, we expect a sharp uptick in data breaches as the digital landscape expands, primarily because of the scale and diversity of attacks, which have impacted almost every sector, from government to healthcare to startups
Rohan Vaidya, Regional Director, India & SAARC, CyberArk
ESET Research recently observed the sudden demise of one of the most prolific Internet of Things (IoT) botnets, named Mozi, infamous for exploiting vulnerabilities in hundreds of thousands of IoT devices each year. User Datagram Protocol (UDP) observed an unanticipated drop in activity that began in India and was also observed in China a week later. The change was caused by an update to Mozi bots that stripped them of their functionality. A few weeks following these events, ESET researchers were able to identify and analyze the kill switch that caused Mozi’s demise.
ESET previously highlighted that Mozi was the most active botnet in India back in 2021. India had the second highest number of enslaved devices globally, after China.
Organisations should gear up for an intensified wave, implementing robust backup and recovery strategies, and enhancing threat detection capabilities
Rohan Vaidya, Regional Director, India & SAARC, CyberArk
Vaidya also foresees continued acceleration in ransomware activities, surpassing the alarming 91% reported in 2022. “As India’s digital landscape expands and digital dependencies increase, we believe that organisations will pay significantly more to enable recovery. Organisations should gear up for an intensified wave, implementing robust backup and recovery strategies, and enhancing threat detection capabilities.”
He further predicts that the rise in cloud adoption could lead to a surge of identity based attacks. The overall India public cloud services market is expected to gallop to $17.8 billion by 2027, exhibiting a formidable CAGR of 23.4% for the period spanning 2022-2027 (IDC). However, as organisations migrate their data, applications, and workloads to the cloud, the attack surface widens, providing a broader canvas for threat actors to exploit.
“Cloud environments, which are inherently dynamic and distributed, introduce identity and access management complexities. Organisations may also have less visibility and control over cloud resource access than in on-premises environments. This can make it difficult to detect and prevent unauthorised access. Cloud environments often rely on shared credentials, such as passwords or API keys, to access resources. This can be a security risk if these credentials are compromised.”
The dark side of AI can manifest in sophisticated cyber threats and malicious activities fuelled by the same technologies that are designed to enhance efficiency, automation, and decision-making. As AI becomes more pervasive, adversaries will quickly capitalise on its capabilities, crafting new attack vectors that exploit vulnerabilities in novel ways
Rohan Vaidya, Regional Director, India & SAARC, CyberArk
We are also warned to prepare for new AI-based attacks. “An equally potent threat emerges for every positive stride made in the realm of AI. The dark side of AI can manifest in sophisticated cyber threats and malicious activities fuelled by the same technologies that are designed to enhance efficiency, automation, and decision-making. As AI becomes more pervasive, adversaries will quickly capitalise on its capabilities, crafting new attack vectors that exploit vulnerabilities in novel ways.”
In addition, he says that deepfakes will pose a looming threat to India’s cybersecurity in 2024.As the sophistication of deepfake technology continues to advance, India is anticipated to witness a surge in deepfake-related cyberattacks in 2024. These attacks will target individuals, businesses, and even government institutions, aiming to spread misinformation, manipulate public opinion, and disrupt critical infrastructure. The financial repercussions of these attacks could be severe, potentially leading to reputational damage, loss of investor confidence, and even economic instability.
“To combat this growing threat, Indian organisations must invest in deepfake detection and mitigation technologies, raise awareness among their employees about the dangers of deepfakes, and develop robust cybersecurity strategies that can withstand these sophisticated attacks.”
Read more: Establishing a unified defense strategy for converging IT & OT environments
In India’s vast and dynamic digital landscape, the stakes for cybersecurity have never been higher. As we gaze into the future, the trajectory appears promising and perilous. The surge in data breaches, a continued acceleration in ransomware activities, the rise in cloud adoption, and the ominous spectre of AI-based attacks and deepfakes collectively paint a complex canvas. CISOs will find themselves not merely as guardians of technical fortresses but as stewards of personal and professional accountability, navigating the delicate balance between protocols and reputation in an unforgiving digital realm.
These predictions for 2024 underline the urgency for organisations to invest in cutting-edge technologies, raise awareness, and craft robust strategies that can withstand the onslaught of evolving cyber threats. The future demands a proactive, adaptive, and comprehensive approach to cybersecurity. This can help us safeguard the digital future of a nation on the rise.