Cybersecurity has become a buzzword in today’s ever-expanding digital eco­system, especially since the outbreak of the Covid-19 pandemic. The giant leap in connectivity and growing digitalisation post the pandemic exacerbated the problem of cyberattacks as threat ac­tors and cybercriminals started changing their tactics to take advantage of the new remote wo­r­king scenario. As a result, the world wit­nessed a spike in cyber­attacks against or­­­ganisations with new remote working ca­pabilities, phishing attacks targeting home workers and consumers to steal their per­so­nal details, ransomware exploits and so­phis­ticated hacking attempts targeting hospitals, healthcare organisations, and even companies involved in ma­king and shipping Covid-19 vaccines.

In this scenario, industry stakeholders have become more cautious and have st­ar­ted working towards protecting networks and systems from cyberattacks that cause so much disruption. The threat has beco­me even larger owing to the high level of interconnectedness of business systems in today’s digital era, which makes it difficult to limit the impact of cyberattacks. This can have a domino effect on the functioning of organisations.

A look at the key trends in the cybersecurity space and the way forward for the segment…

Prioritising cybersecurity

A number of factors are responsible for driving investments in the cybersecurity space. As per the National Association of Software and Services Companies, India is one of the most vulnerable countries with regard to cyberattacks. As per data collected during 2021, there has been a 39 per cent increase in ransomware attacks in the world and India ranks second in the list of most affected countries. Further, industry estimates suggest that Indian enterprises alone might have suffered losses of more than Rs 1.25 trillion in 2020 due to ransomware, malware and other security breaches.

The primary factors responsible for the increased risk to critical digital infrastructure in India are wider adoption of the in­ternet, smartphones and other connected devices, growing digital interconnectivity across sectors and lack of awareness about th­ese attacks. The use of internet of things (IoT) platforms and devices that generate and store data also creates vulnerability. Fu­r­ther, the growing sophistication of cyberattacks and the intensity of cyber scams have compelled both individuals and enterprises to take cybersecurity seriously.

Emerging trends

As instances of cybercrime increase, a number of cutting-edge technology solutions have come to the fore. These technology solutions enable organisations to make their networks as well as infrastructure ready to combat any kind of cyberrisk. Some of these are:

Cloud-based cybersecurity

Cloud-based security offers a host of benefits as compared to traditional security stra­tegies. While traditional methods in­vol­ve keeping networks secure by installing anti-malware, antivirus and other software lo­ca­lly, cloud adoption includes security measures that protect data privacy, uphold re­gu­­latory compliance, provide governance, ov­ersee data retention, and control authentication and access to data. As cyberattacks become more sophisticated, cloud security is emerging as a preferred method to protect data.

Zero trust methods

“Zero trust”, as the name suggests, urges users not to trust anybody or anything by de­fault, not even the network. Under this me­thod, firewalls or barriers that offer a co­n­t­rol system to monitor traffic coming in and out are used. Further, credentials and id­en­tities are requested and only after proper verification can the critical assets be acce­ss­ed.

SASE

Secure access service edge (SASE) is an enterprise security architectural model for networking that is designed to support faster application access. Under this model, networking and cloud-delivered security converge in a high performance, single-pass architecture with unified management. As people have started to work remotely following the Covid-19 out­break, the need to deploy the SASE model has become more urgent in securing networks and enterprises are rushing to this solution.

Rise of SOC

The security operations centre (SOC) is a centralised unit that deals with IT security operations that are of very high quality. Highly trained engineers and very experienced cybersecurity analysts make up the team for the unit. The SOC team remains vigilant and thwarts any deceitful moves by unwanted sources. Further, they are res­ponsible for an organisation’s data security by monitoring and analysing it on an ongoing basis.

AI-enabled cybersecurity

It is manually not possible to keep up with the speed and volume of cyberattacks. In this scenario, technologies such as artificial intelligence (AI) are used to beef up security measures and considerably im­prove the speed of response. With ongoing advances being made in AI and ma­chine learning (ML) technologies, devices would soon be able to self-secure and self-heal to as much as 80 per cent accuracy. This will make it easier for IT departments to frame policies and keep their data safe. Further, AI and ML play a crucial role in averting phishing attacks. As per industry reports, AI technology has identified close to 100,000 active phishing sources.

Use of analytics tools

Big data analytics can be one of the most effective tools for predicting and preventing cyberattacks. It can identify anomalies re­lated to user behaviour, activities within the network, etc. Moreover, the condition of the machine can be eva­lua­ted periodically.

Issues and challenges

Even as several organisations are stepping up their game in the cybersecurity space, there are several challenges that hamper the deployment of cybersecurity solutions. A major problem is the lack of a skilled workforce as organisations from relatively well-resourced sectors also struggle to recruit the right talent. The demand for talented and skilled labour far exceeds supply. Further, critical infrastructure in India is owned both by the public and private sectors, which operate under their own norms and protocols for protecting digital infrastructure from cyberattacks. The ar­med forces too have their own agencies. However, there is no national security ar­chi­tecture that unifies the efforts made by both sectors so as to assess the nature of threats and tackle them effectively in a coordinated manner.

Another issue is the lack of awareness about cyber laws and regulations both at the corporate and the individual level. In­ternet users as well as organisations can be protected from cyberattacks only if there is a guided and supervised legal framework in place. There is also a lack of awareness about security solutions. More­over, new technologies such as IoT and cloud have made consumers highly susceptible to cy­berattacks due to increased interconnectivity between devices. There have been a few instances of data leaks on the cloud, which continues to pose a challenge as it is a centralised service.

Emerging opportunities

Amidst rising cybersecurity concerns ac­ross the globe, Indian companies operating in the cybersecurity space have the potential to emerge big on the global stage and tap opportunities with their wide-ran­ging solutions. According to the Data Se­cu­rity Council of India (DSCI), Indian companies generated $10.82 billion in revenues from cybersecurity during 2020, with about 230 players in the space. Fur­ther, the Indian market is growing at a rate of around 27 per cent as opposed to the global cybersecurity market, which is gro­w­ing at just 12-13 per cent.

Given that Indian companies are growing at almost double the rate of the global market, Indian start-ups that can innovate and offer cutting-edge solutions in this space have a good chance of capturing a larger share of opportunities in the global market and help India emerge as a global powerhouse in this space. Further, Indian companies have another advantage owing to the very price-sensitive nature of the domestic market which can enable them to be highly competitive at the global stage. Moreover, big IT vendors in the Indian market could look at building collaborations with start-ups in the cybersecurity space and offer bundled solutions along with system integration services to global customers. This would help place India as the cybersecurity solutions leader in the global market.

Going forward, a joint study by PwC India and the DSCI predicts that the cy­ber­security market in India will grow substantially to be valued at $3.05 billion by 2022. Further, the CAGR will be 15.6 per cent, 1.5 times higher than the global se­curity market rate.

Future outlook

Net, net, cybersecurity seems to be a profitable avenue for stakeholders offering solutions in this domain. The government too has been taking initiatives to promote deve­lopment in this space. These include a first-of-its-kind cybersecurity challenge that was launched in 2020 to promote innovation and entrepreneurship in this field. Under this initiative, cybersecurity start-ups from India were incentivised to innovate and build solutions that can be adopted in India and taken to global markets as well. While such initiatives are a welcome move, they need to be supported by a clear roadmap that includes a strong cybersecurity framework as well as regulation that focuses on capacity building both at the government and private stakeholder levels.

By Kuhu Singh Abbhi