According to a survey by Palo Alto Networks, a notable 67 per cent of Indian government and essential service entities reported encountering a surge of over 50 per cent in disruptive attacks. Although India saw a remarkable 75 per cent increase in cybersecurity budget allocation for 2023 compared to the previous year (one of the highest increases in the Asia Pacific region), it experienced the highest number of disruptive cyber attacks. The country faces a substantial risk of cyber attacks targeting its critical infrastructure, public sector, and essential services. Prioritising the cybersecurity of essential service networks is paramount as it safeguards critical infrastructure and ensures seamless delivery of crucial services, thereby maintaining public safety and national stability.
The study finds that 66 per cent of Indian manufacturing firms faced increased risks from unsecured internet of things (IoT) devices connected to the network, far more than other sectors. 83 per cent of transport and logistics organisations perceive their risk level as high or very high. An overwhelming 95 per cent of businesses in India claim they are actively moving to an increasingly automated security stack. 48 per cent of Indian public, transport and logistics organisations and 50 per cent of manufacturing organisations sectors believe 5G adoption will widen security loopholes. A higher than average 34 per cent of Indian banking and financial services say cloud attacks will disrupt business. 69 per cent of Indian telcos have faced newfound risks from increased reliance on cloud-based services and apps.
Further, the survey reveals that 45 per cent of Indian businesses saw more than 50 per cent increase in disruptive attacks – the highest in APAC. 67 per cent of Indian government and essential services experienced more than 50 per cent increase in disruptive attacks. At 35 per cent, Indian organisations are more concerned about social engineering attacks than the APAC average (29 per cent). 60 per cent of Indian organisations are concerned about malware (ransomware, spyware, adware) attacks the most. 57 per cent of Indian telcos are concerned about ransomware the most. 94 per cent of Indian organisations perform regular assessments and forensics for operational technology (OT) related cybersecurity incidents, this is positive news. Likely driven by the fact that 89 per cent of these organisations have IT and OT cybersecurity professionals working under the same/ combined team, higher than the Southeast Asia average of 82 per cent. On the other hand, 24 per cent of these organisations have their OT systems connected with their enterprise IT network (not fully air gapped or protected via a dematerialised sone); a definite cause of concern.
As per the survey, 68 per cent of Indian respondents say ChatGPT will positively impact business tasks like content creation and report generation. India leads APAC in cloud migration, with 80 per cent of businesses already having a large proportion of infrastructure on the cloud. Over 80 per cent of Indian businesses discuss cybersecurity at the board level at least every quarter. 42 per cent of Indian organisations say they are adjusting their cybersecurity strategy to adopt cloud security. 94 per cent of Indian organisations said they have a 5G strategy in place. However, 45 per cent of these organisations said that proper segmentation of 5G networks was of top concern to them (highest in APAC).
Commenting on the survey, Anil Valluri, managing director and regional vice president of India and SAARC, Palo Alto Networks, said, “Securing essential services networks is crucial to protect critical infrastructure and ensure the uninterrupted delivery of essential services, safeguarding public safety and national stability. Our findings show that the transport, manufacturing, and public sectors have borne the brunt of advanced attacks. As India embraces digital transformation, it is mission critical to have a cybersecurity-first approach. While budgets may be expanding, it is essential to utilize these resources diligently. Enterprises, regardless of their size, must proactively adopt a Zero Trust architecture to secure distributed enterprise networks. Automating the security operations centre (SOC) is also essential for improving efficiency, enabling faster detection and response to cyber threats, and allowing analysts to focus on strategic initiatives. The convergence of IT and OT has made lateral threat movement easier than ever and defending against it requires robust security automation and orchestration.”
