Cybersecurity has become a buzzword in today’s ever-expanding digital ecosystem, especially since the outbreak of the Covid-19 pandemic. From e-payments to e-shopping to work-from-home setups, the pandemic has led to greater adoption of interconnected devices and hybrid work networks. This vast and rapid expansion of digital assets has increased the surface area for cyberattacks by malicious actors and adversaries.
According to India’s Computer Emergency Response Team (CERT-In), India faced 11.5 million cyberattack incidents in 2021. This threatens the critical infrastructure in the country such as railways, airlines, power, communications and banking systems. Meanwhile, corporate attacks are extremely common as many companies have sensitive and proprietary data that can be vulnerable to breaches. Given the rise in cyberattacks on enterprises, it is imperative that companies across verticals strengthen their security systems and make them as impenetrable as possible. They must focus on preventive measures and undertake monitoring at regular intervals.
Emerging trends
As instances of cybercrime increase, a number of cutting-edge technology solutions are coming to the fore. These technology solutions enable organisations to make their networks as well as infrastructure ready to combat any kind of cyber-risk. Some of these are:
Cloud-based cybersecurity
Cloud security is a discipline of cybersecurity dedicated to securing cloud computing systems. This includes keeping data private and safe across online-based infrastructure, applications and platforms. Cloud-based security offers a host of benefits as compared to traditional security strategies. While traditional methods involve keeping networks secure by installing anti-malware, antivirus and other software locally, cloud adoption includes security measures that protect data privacy, uphold regulatory compliance, provide governance, oversee data retention, and control authentication and access to data.
Endpoint security
With the increased shift to work from home, it makes sense to adopt a cybersecurity approach that focuses on endpoint devices such as laptops, mobile devices, point-of-sale systems and any other devices that connect to the network. Extended detection and response capabilities will become increasingly prevalent and robust while traditional cybersecurity solutions such as security information and event management systems will increasingly use artificial intelligence for security automation and orchestration.
Zero-trust security models
With cybersecurity becoming a growing concern, many organisations will switch to a zero-trust network architecture (ZTNA). ZTNA is a security framework that looks to verify each user, even if it is logged on to a corporate network or local area network. It is ideally suited to remote working as it can secure communication between users, devices and applications. Under this method, firewalls or barriers are used. They offer a control system to monitor the traffic coming in and out of a device or application. Further, credentials and identities are requested and only after proper verification can the critical assets be accessed.
Cyberthreat landscape across sectors
Manufacturing
As technology evolves, and Industry 4.0 seeps into every corner of the manufacturing industry, manufacturers are forced to utilise connectivity in a broad variety of ways. The industry’s lack of preparation and the range of potential vulnerabilities at various endpoints make manufacturing companies ideal targets for hackers.
While operational technology provides a wealth of benefits for manufacturing companies, it can also create new vulnerabilities for hackers to exploit. When devices are managed and controlled with the use of connected devices, there is potential for damage from malicious attackers with an intent to make devices behave harmfully.
Telecom
Given the large amount of clients’ personal information that telcos gather, organised cybercriminals view telecom companies as high-value targets. Threats against the telecom sector are a combination of typical internet protocol-based threats on an industry that still has legacy technology. Meanwhile, as 5G technology advances, the threat surface is expected to expand, giving attackers more opportunities. This leaves cybersecurity teams at telecom companies looking for ways to leverage new technology and automation to streamline workflow in order to stay ahead of attackers in the face of new threats and an increasing amount of alerts.
Banking
Financial services firms fall victim to cybersecurity attacks far more frequently than businesses in other industries. Financial establishments experience threats from a variety of sources led primarily by mobile applications and web portals. Cyber criminals may steal or manipulate valuable user data and or clone banking apps in order to use them for nefarious purposes. A cyberattack on a bank not only affects the bank’s status but also causes loss to its customers’ assets. Data infringement is a crucial problem for banks as it risks the theft of user data. If customer data privacy at a bank is breached, then it becomes hard for customers to regain confidence in the bank. Data breaches generally happen because of weak cybersecurity approaches.
In India, financial institutions still do not acknowledge the importance and implications of cybersecurity. Security breaches, data thefts, compromised passwords are some common forms of cyberattacks that pose a risk to banking, financial services and insurance enterprises in the country.
Healthcare
The healthcare industry is also witnessing an increasing number of cybersecurity-related issues. These issues range from malware that compromises the integrity of systems and privacy of patients to distributed denial of service (DDoS) attacks that disrupt facilities’ ability to provide patient care. For healthcare, cyberattacks can have ramifications beyond financial loss and breach of privacy. Ransomware, for example, is a particularly threatening form of malware for hospitals as the loss of patient data can put lives at risk.
Automotive
The rapidly growing connectivity of vehicles is opening up several opportunities for new functions and attractive business models. With this, the risk of cyberattacks on vehicle networks is also growing. In recent news, Honda was found to have a vulnerability that allows cybersecurity hackers to remotely start vehicle engines and unlock them from a nearby distance.
The increased incidences of vehicle cyberattacks and major car recalls by original equipment manufacturers (OEMs) have raised awareness of automotive cybersecurity among OEMs worldwide. Furthermore, increasing government mandates for the incorporation of various safety features, such as a rear-view camera, automatic emergency braking, a lane departure warning system and electronic stability control, have created new opportunities for automotive cybersecurity service providers worldwide. Governments across the globe are exploring ways to establish an intelligent system for cybersecurity solutions as a means to curb the growing incidents of cyberattacks in the automotive sector.
Initiatives by the government
The government has been taking active steps towards cybersecurity. The National Security Council Secretariat has formulated the draft National Cyber Security Strategy 2021 (NCSS 2021), which comprehensively looks at addressing the national cyberspace security issues. The government strives to ensure that the internet in India is open, safe, trusted and accountable for all users. The NCSS 2021 holistically looks at addressing the issues of security in the national cyberspace. However, the government is yet to clarify its intentions to coordinate with other countries to develop a global legal framework on cyberterrorism.
Meanwhile, as per the new guidelines issued under Section 70B of the IT Act, the government has mandated all companies and enterprises to report all cyber incidents to CERT-In. This move aims to ensure coordinated response activities as well as emergency measures with respect to cybersecurity incidents. Besides, the government has announced that a new committee would be formed under the union home secretary to devise a strategy to tackle cyberattacks. The panel of cyber-crimes will comprise representatives of all state governments and departments concerned and will prepare a unified strategy to deal with cyberattacks.
India and Japan discussed cybersecurity cooperation during the fourth India-Japan Cyber Dialogue. Further, in September 2022, the National e-Governance Division under the Ministry of Electronics and Information Technology conducted a five-day deep-dive training programme, in a bid to create awareness around cybersecurity and develop an empowered and strong cyber ecosystem in government organisations. Also, the Power Grid Corporation of India Limited (Powergrid) has partnered with the Indian Institute of Science to establish the Powergrid Centre of Excellence (CoE) for Cybersecurity in Power Transmission and Grid Operation.
The increasing cyberthreat also offers opportunities in the cybersecurity space. According to a study by ResearchAndMarkets, the Indian cybersecurity market was valued at $2,200.23 million in financial year 2021. The market growth is anticipated to continue during the forecast period of financial years 2023-2027, with a compound annual growth rate of 8.05 per cent to achieve a market value of $3,543.37 million by financial year2027.
To sum up, cybersecurity demand is at an all-time high and keeping up to date with the latest trends can ensure that business operations and sensitive information are kept secure.
