Cybersecurity has become a buzzword in today’s ever-expanding digital eco­system, especially since the outbreak of the Covid-19 pandemic. From e-payments to e-shopping to work-from-home setups, the pandemic has led to greater adoption of interconnected devices and hybrid work networks. This vast and rapid expansion of digital assets has increased the surface area for cyberattacks by malici­ous actors and adversaries.

According to India’s Computer Emer­gen­cy Response Team (CERT-In), India faced 11.5 million cyberattack incidents in 2021. This threatens the critical infrastructure in the country such as railways, airlines, power, communications and ban­k­ing systems. Meanwhile, corporate atta­cks are extremely common as many companies have sensitive and proprietary data that can be vulnerable to breaches. Given the rise in cyberattacks on enterprises, it is imperative that companies across verticals strengthen their security systems and make them as impenetrable as possible. They must focus on preventive measures and undertake mo­nitoring at regular intervals.

Emerging trends

As instances of cybercrime increase, a nu­mber of cutting-edge technology solutions are coming to the fore. These technology solutions enable organisations to make their networks as well as infrastructure re­a­dy to combat any kind of cyber-risk. So­me of these are:

Cloud-based cybersecurity

Cloud security is a discipline of cybersecurity dedicated to securing cloud computing systems. This includes keeping data private and safe across online-based infrastructure, applications and platforms. Cloud-based security offers a host of benefits as compared to traditional security strategies. Whi­le traditional methods involve keeping networks secure by installing anti-malware, antivirus and other software locally, cloud adoption includes security measures that protect data privacy, uphold regulatory compliance, provide governance, oversee data retention, and control authentication and access to data.

Endpoint security

With the increased shift to work from home, it makes sense to adopt a cybersecurity approach that focuses on endpoint devices such as laptops, mobile devices, point-of-sale systems and any other devi­ces that connect to the network. Extended detection and response capabilities will become increasingly prevalent and robust while traditional cybersecurity solutions such as security information and event management systems will increasingly use artificial intelligence for security automation and orchestration.

Zero-trust security models

With cybersecurity becoming a growing concern, many organisations will switch to a zero-trust network architecture (ZTNA). ZTNA is a security framework that looks to verify each user, even if it is logged on to a corporate network or local area network. It is ideally suited to remote working as it can secure communication bet­ween users, devices and applications. Under this method, firewalls or barriers are used. They offer a control system to monitor the traffic coming in and out of a device or application. Further, credentials and identities are requested and only after proper verification can the critical assets be accessed.

Cyberthreat landscape across sectors

Manufacturing

As technology evolves, and Industry 4.0 seeps into every corner of the manufacturing industry, manufacturers are forced to utilise connectivity in a broad variety of ways. The industry’s lack of preparation and the range of potential vulnerabilities at various endpoints make manufacturing companies ideal targets for hackers.

While operational technology pro­vides a wealth of benefits for manufacturing companies, it can also create new vulnerabilities for hackers to exploit. Wh­en devices are managed and controlled with the use of connected devices, there is pot­ential for damage from malicious attackers with an intent to make devices behave harmfully.

Telecom

Given the large amount of clients’ personal information that telcos gather, organised cybercriminals view telecom companies as high-value targets. Threats against the telecom sector are a combination of typical internet protocol-based threats on an industry that still has legacy technology. Meanwhile, as 5G technology ad­vances, the threat surface is expected to expand, giving attackers more opportunities. This leaves cybersecurity teams at telecom companies looking for ways to leverage new technology and automation to streamline workflow in order to stay ahead of at­t­ackers in the face of new threats and an increasing amount of alerts.

Banking

Financial services firms fall victim to cybersecurity attacks far more frequently than businesses in other industries. Finan­cial establishments experience threats fr­om a variety of sources led primarily by mobile applications and web portals. Cy­b­er criminals may steal or manipulate valuable user data and or clone banking apps in order to use them for nefarious purposes. A cyberattack on a bank not only affects the bank’s status but also causes loss to its customers’ assets. Data infringement is a crucial problem for banks as it risks the theft of user data. If customer data privacy at a bank is breached, then it becomes hard for customers to regain confidence in the bank. Data breaches generally happen be­cause of weak cybersecurity approaches.

In India, financial institutions still do not acknowledge the importance and implications of cybersecurity. Security breaches, data thefts, compromised passwords are some common forms of cyberattacks that pose a risk to banking, financial services and insurance enterprises in the country.

Healthcare

The healthcare industry is also witnessing an increasing number of cybersecurity-related issues. These issues range from mal­ware that compromises the integrity of systems and privacy of patients to distributed denial of service (DDoS) attacks that disrupt facilities’ ability to provide patient care. For healthcare, cyberattacks can have ramifications beyond financial loss and breach of privacy. Ransomware, for example, is a particularly threatening form of malware for hospitals as the loss of patient data can put lives at risk.

Automotive

The rapidly growing connectivity of vehicles is opening up several opportunities for new functions and attractive business models. With this, the risk of cyberattacks on vehicle networks is also growing. In recent news, Honda was found to have a vulnerability that allows cybersecu­rity hackers to remotely start vehicle engines and unlock them from a nearby distance.

The increased incidences of vehicle cyberattacks and major car recalls by original equipment manufacturers (OEMs) ha­ve raised awareness of automotive cybersecurity among OEMs worldwide. Further­more, increasing government mandates for the incorporation of various safety features, such as a rear-view camera, automatic em­er­gency braking, a lane departure warning system and electronic stability control, have created new opportunities for automotive cybersecurity service providers worldwide. Governments across the globe are exploring ways to establish an intelligent system for cybersecurity solutions as a means to curb the growing incidents of cyberattacks in the automotive sector.

Initiatives by the government

The government has been taking active steps towards cybersecurity. The National Security Council Secretariat has formulated the draft National Cyber Security Stra­tegy 2021 (NCSS 2021), which comprehensively looks at addressing the national cyberspace security issues. The government stri­ves to ensure that the internet in India is open, safe, trusted and accountable for all users. The NCSS 2021 holistically looks at addressing the issues of security in the na­tional cyberspace. However, the go­vern­ment is yet to clarify its intentions to coordinate with other countries to develop a global legal framework on cyberterrorism.

Meanwhile, as per the new guidelines is­sued under Section 70B of the IT Act, the government has mandated all companies and enterprises to report all cyber in­cidents to CERT-In. This move aims to ensure coordinated response activities as well as emergency measures with respect to cybersecurity incidents. Besides, the go­vernment has announced that a new committee would be formed under the union home secretary to devise a strategy to ta­c­kle cyberattacks. The panel of cyber-cri­mes will comprise representatives of all sta­te governments and departments concerned and will prepare a unified strategy to deal with cyberattacks.

India and Japan discussed cybersecurity cooperation during the fourth India-Japan Cyber Dialogue. Further, in Sep­tember 2022, the National e-Governance Division under the Ministry of Electro­nics and Information Technology conducted a five-day deep-dive training programme, in a bid to create awareness ar­ou­nd cybersecurity and develop an em­pow­ered and strong cy­ber ecosystem in government organisations. Also, the Po­wer Grid Corporation of India Limited (Po­wer­grid) has partnered with the In­dian Ins­ti­tute of Science to establish the Po­wergrid Centre of Excellence (CoE) for Cybersecurity in Power Tran­smission and Grid Operation.

The increasing cyberthreat also offers opportunities in the cybersecurity space. Ac­cording to a study by ResearchAnd­Mar­kets, the Indian cybersecurity market was valued at $2,200.23 million in financial year 2021. The market growth is anticipated to continue during the forecast period of financial years 2023-2027, with a compound annual growth rate of 8.05 per cent to achieve a market value of $3,543.37 million by financial year2027.

To sum up, cybersecurity demand is at an all-time high and keeping up to date with the latest trends can ensure that business operations and sensitive information are kept secure.