With ransomware making headlines around the world and cyber criminals continuing to evolve their methods, 2022 has been quite a rollercoaster ride for the industry. It is believed that 2023 will be no less as the industry braces for yet another year of witnessing a large number of cybercrimes.
Recent years have shown how the major cyber security problems and threat actors are modifying their methods to match a developing global environment. The capacity to react fast and accurately to constantly evolving attacks that can hit anywhere within an organization's IT infrastructure is necessary to defend against modern cyber threat campaigns.
Cyber Security is indeed becoming a severe issue for individuals, enterprises, and governments alike. The top cybersecurity challenges faced in 2022 are going to continue in 2023 and even more intense methods and threats are going to replace the ones that the industry was aware of earlier.
Indian businesses continue to be in two-minds about infrastructure and IT strategies but fail to realize that both need to go hand-in-hand to succeed in the digital era. According to Dell Technologies 2022 Global Data Protection Index, despite the rising incidence of cyber/ransomware attacks, 37% of workers admit they have not substantially improved their security awareness/behaviour after hearing about high profile ransomware attacks. While IT teams are overburdened, business leaders are engrossed in reforming organizational roadmaps, resulting in cybersecurity taking a back seat. In order to successfully make digital transformation a success, leaders must make their employees adept in preventing and managing cyber threats. While the scenario is predicted to change in 2023, there is still a need for organizations to accelerate this change with the right kind of training and awareness drills.
Skill shortage is a challenge faced in every technology-powered industry, and is evident in every sector of the economy. Almost every industry in the post-pandemic age is concerned about the lack of qualified workers, and the cybersecurity sector is no different. The root of the problem is becoming increasingly apparent as fraudsters use the most advanced technologies—than regular users—like IoT, AI, machine and deep learning, cloud encryption, embedded hardware authentication, 5G networks, behavioural analytics, quantum computing, etc.
According to ISACA's State of Cybersecurity report for 2022, in India, 60% of firms have unfilled cybersecurity positions, and 40% of businesses feel that their cybersecurity team is understaffed. These statistics are only expected to increase in 2023. One of the causes of this can be the lack of quality training programmes. This trend will continue if we don’t compensate cybersecurity professionals well. There is the need to hire the right people into the right positions to ensure each employee plays to their strength.
As security continues to top the list of CIO concerns, leading security players list down the top cybersecurity challenges that are going to haunt the industry in 2023.
Indian businesses will be better protected with a data backup strategy
Ripu Bajwa
Director and General Manager, Data Protection Solutions -
Dell Technologies India
“Complexities around cybersecurity, infrastructure costs and limited understanding of gaps in cyber-resiliency stand at the fore as challenges against data protection in 2023. According to Dell Technologies 2022 Global Data Protection Index, 86% of the respondents globally claimed to have experienced a cybersecurity incident in the last 12 months. In the absence of purpose-built security across critical infrastructure, detection and mitigation of threats becomes extremely difficult. It is therefore crucial for a business to work on areas where the organization might be lacking in a strong IT action-plan before the core processes are initiated.
Managing data backup and recovery in the current complex IT landscape is extremely difficult for organizations of any size, without any support. The first step to ensure resilience from cyber threats starts with the understanding of protecting critical data. Loss of critical data after a cyber-attack can cripple a business in no time. With a data backup strategy that is rooted in a prevention-first mindset, Indian businesses will be better protected.
Businesses will also soon be expected to integrate the latest encryption technologies to safeguard consumers’ data and to minimize the hazards associated with data transfers. This is why mature businesses are adopting a single security orchestration, automation and response (SOAR) platform, and working with security service providers to improve their security operations.”
The need for prevention-first security solutions is expected to rise
Manish Alshi
Head of Channels and Growth Technologies - India & SAARC, Check Point Software Technologies
“Over the past two years, with the pandemic outbreak, cyber-attacks have witnessed a significant increase making it a top priority for the boardroom agenda for most organizations. As per Check Point's Threat Intelligence report, cyberattacks across all industries have increased by 28% in the third quarter of 2022 as compared to the previous year. The report also predicts a continued rise of cyber-attacks across the globe mainly driven by an increase in ransomware exploits and in state-mobilized hacktivism driven by international conflicts.
From Check Point's perspective, we have a robust product portfolio to provide our customers with the ability to conduct their business on the internet with the highest level of security. We address organizations' most imminent cyber security needs based on three core principles i.e., Prevention-first approach, Gold Standard Management, and Consolidated Solution. With the largest security technology portfolio in the industry, Check Point Software's single-architecture, integrated, intelligence-driven solutions protect customers from the data center to the cloud and all points in between.
With the expectation of an upcoming recession across the world in 2023, and more stringent regulations for organisations who have been breached, with increased penalty fines, we expect to see the need for prevention-first security solutions to rise; this is because detection solutions means that the organisation has already been breached, with the resulting action of searching how, when, why it has been breached.”
With technology advancement, cybercriminals becoming sophisticated in their attack methods
Piyush Somani
Managing Director and Chairman - ESDS Software Solution Ltd
“Analysts have projected the Cyber Security market in India to grow from $500 Million in FY22 to $5 Billion in FY27. There's a strong reason for it because digital transformation in India is getting into a severe phase, and the bad boys are also getting very serious about getting their share from this growth. Cybercrime will grow at a rapid speed over the next few years. Every day Indian Banks are losing at least ₹200 Crores to Cybercrime. We should also note the latest ruling from the Supreme Court of India. If an account holder loses money to cyber criminals, the bank would be held responsible for the same, not the customer. So those at the top of the large and small organizations need to take cyber security very seriously, or else it can cause massive damage to the business and reputation. As technology advances, cybercriminals are becoming more sophisticated in their attack methods, using advanced malware, ransomware, and AI/ML techniques to evade detection.
Additionally, the increasing use of IoT devices in homes and businesses creates new vulnerabilities that hackers can exploit, making IoT security another major concern. As more businesses move their data and applications to the cloud, the risk of data breaches and cyberattacks increases, particularly for businesses that lack the resources to properly secure their cloud environment. Moreover, Supply chain attacks will continue to be a major concern for businesses as cybercriminals target the supply chain as a way to gain access to sensitive data and systems.”
Addressing cybersecurity skills shortage is a much larger challenge
Kartik Shahani
Country Manager - Tenable India
“With the rollout of 5G in India this year, it is projected that the adoption of IoT and IIoT will accelerate, exposing organizations to more cyber risk than ever. This technology is expected to contribute greatly to the growth of the Indian government’s flagship Make In India initiative, aimed at helping the manufacturing sector grow. This additional cyber risk is especially relevant in industrial environments. If organizations in India utilize devices with poor security configurations, there could be an increase in zero-day attacks due to supply chain vulnerabilities.
Cloud migration among Indian organizations is inevitable, not just for the private sector, but for governments too. The Indian government recently announced its intention towards cloud adoption. This adds more risk if organizations are relying on legacy technologies to secure cloud environments.
In 2023, we anticipate attackers to target cloud-managed service providers. This is because the cloud service provider (CSP) managed service market is projected to grow to $117.65 billion by 2028. While there are numerous benefits to cloud adoption and outsourcing cloud services to an MSP, the opportunities for compromise are also vast. Addressing the cybersecurity skills shortage is a much larger challenge than any single company can resolve. It will require major investments from, and collaboration between, public and private sectors to retrain and retool candidates and a concerted effort on all fronts to attract people into our field.”
Cyber-attacks are going to be bigger, louder, and faster in 2023
Diwakar Dayal
MD and Country Manager for India and SAARC region - SentinelOne
“One of the major challenges in the cybersecurity space is that cyber-attacks are going to be bigger, louder, and faster. More organizations will be breached and more critical infrastructure will be impacted. In 2023, threat actors will target macOS more successfully with cross-platform malware. More supply chain attacks on developers and shared repositories are also likely to feature this year. With social networks, multi-tasking, and the evolution of devices around us, adversaries will keep investing in social engineering and phishing will continue to be a leading factor in compromising identities.
Every CISO is aware that finding skilled cybersecurity staff is not only hard but getting harder and this trend will continue in 2023 as well. CISOs have to take some steps to tackle the skills shortage challenge. They have to move away from ineffective labour-intensive legacy AV security products, toward automated endpoint detection and response solutions.
The cybersecurity skills shortage is related to the complexity of the network. The answer to network complexity is network visibility. Automated AI solutions can help bring visibility to the network so that one can see who is traversing it and what they are doing. However, the next-gen AV product chosen should have the ability to inspect encrypted traffic, as bad actors are increasingly operating with SSL certificates and communicating via https. This is still a blind spot for many next-gen security products.”
Modern-day cyber-attacks are going to pose a significant threat to the business continuity
Vinay Sharma
Regional Director, India and SAARC, NETSCOUT
“The constant evolution of the internet and global network topology has forced adversaries and defenders to adapt and this trend will continue in 2023 as well. As DDoS defenses become more precise and effective, attackers will continue to find ways to bypass those defenses with new DDoS attack vectors and methodologies.
We will continue to see innovation utilizing botnets groups of malware-infected computing systems known as bots. Modern-day cyber-attacks are dangerous and a significant threat to business continuity and growth. There is a need for global, intelligently automated protection from cyber-attacks.
Deep Packet Inspection (DPI) tools provide the most meaningful content in Threat Detection and Response. It helps organizations create an indelible line of defenses for the network.
Network Detection & Response (NDR) is a form of cybersecurity methodology designed to protect the complex requirements of on-premises, public and private clouds, and hybrid environments as efficiently as possible.
Businesses are demanding new technologies that can also open organizations up to new threats. New security tools are constantly emerging. Employee training is the most important tool for keeping the organization safe in the days to come. With a skills shortage causing problems for businesses at every level, reskilling and upskilling the existing workforce is essential.”
Attracting and retaining the right cybersecurity talent will continue to be a roadblock
Maheswaran Shamugasundaram
Country Manager - India, Varonis
“In today’s data-driven era, safeguarding sensitive data from critical malicious software and cyberattacks should not be taken lightly. 2022 witnessed some very serious attacks which made organisations, and Govt. departments seriously think about their security portfolio and investment. In 2023, there will be more malicious attacks than before. The global workforce continues to work in an ultra-hybrid mode and the adoption of cloud migration for the data has increased. However, the ability of cloud servers to allow users to access company applications, files, and resources from anywhere in the world is one of the biggest vulnerabilities.
Insider threats continue to be one of the biggest threats organisations need to watch out for. While insiders are leveraging cloud apps to access data through personal email and sharing platforms, the pandemic and hybrid work mode have rapidly increased data sharing and storage, which has become a target for cybercriminals. The sense of alarm is growing amongst policymakers throughout the world, not to forget that private netizens and citizen's data are out in the open too which are easily accessible.
Unfortunately, the way the world has witnessed the rapid increase in cyberattacks and the advancement in technology to tackle the same has not quite been favourable when it comes to cybersecurity professionals addressing the problem. Attracting and retaining the right talent has been a challenge in the past and seems to be one of the roadblocks in the future as well.”
Threat of USB-borne malware continues to be a serious concern
KAP Prabhakaran
VP Engineering - Honeywell Connected Enterprise India
“Cybersecurity has become an increasingly important concern in India in recent years, as the country has seen a significant increase in cyber threats and incidents. In 2022, we issued Honeywell Industrial Cybersecurity USB Threat Report, where through extensive research and analytics we concluded that the threat of USB-borne malware continues to be a serious concern. Data from 2022 indicated that 52% of threats were specifically designed to utilize removable media, up from 32% the previous year and more than double the 19% reported in the 2020 study, clearly indicating that the threats designed to use removable media have reached a dangerously high level. As industrial enterprises digitally transform by connecting operational technology (OT) assets and enabling remote capabilities, securing critical infrastructures is fundamental in protecting business continuity.
To address these challenges, the Indian government has implemented a number of measures, including the creation of a national cybersecurity policy and the establishment of a dedicated cybersecurity agency, the National Critical Information Infrastructure Protection Centre (NCIIPC).
With the increasing use of digital technologies and the growing threat of cyber-attacks, there is a high demand for cybersecurity professionals in India and around the world. The government of India has also recognized the importance of cybersecurity and has established the Indian Cyber Crime Coordination Centre (I4C) to strengthen the country's cyber defence capabilities while also launching initiatives such as the Cyber Swachhta Kendra and the National Cyber Security Policy.”
Some of the most innovative cyberattacks will likely occur in 2023
Sonit Jain
CEO - GajShield Infotech
“In this era, it is essential to safeguard sensitive data from malicious software, and we should not take dangerous third parties for granted. Given how swiftly data security threats are evolving, some of the most innovative cyberattacks will likely occur in 2023. Dos and IoT/OT attack vectors were crucial targets in 2022. Businesses are at significant risk from phishing since it's easy for unsuspecting employees to click on phoney emails and transmit the virus. As production and supply chains become increasingly interdependent, supply networks are stretched across greater distances and are more vulnerable to interruption. In addition, the pandemic's effects have impacted the manufacturing sector, making it a tempting target for hackers.
The pandemic has spotlighted organisations’ data protection and privacy security. However, there exists a severe shortage of skilled cybersecurity professionals in India. According to ISACA’s State of Cybersecurity report in 2022, 40% of enterprises proclaim their cybersecurity team is understaffed, while 60% of companies have open cybersecurity positions in India.
India has always been a technology hub for the world. We have been doing a lot of cutting-edge cybersecurity workshops to raise awareness amongst enterprises. Opportunities for cybersecurity are always available since the latest technologies like IoT, AI, machine and deep learning, cloud encryption, embedded hardware authentication, 5G networks, behavioural analytics and quantum computing are growing exponentially. The government’s investment and contribution to technology have also added to the various opportunities in the cybersecurity world.”
Solutions like Multi-Factor Authentication can help safeguard businesses against vulnerabilities
Joyjeet Bose
Senior Vice President - Tata Teleservices
“Businesses are undergoing massive digital transformation to adjust to contemporary market situations. Hybrid working has taken precedence, further increasing flexibility and accessibility of company data anywhere and on any device. However, as employees work outside the secured perimeter, this makes potential cybersecurity vulnerabilities more common especially due to an ever-changing threat environment. A classic example of this would be phishing practices with employees where confidential data is breached. Thus, to safeguard businesses, it is important to turn to fast and easy solutions like Multi-Factor Authentication that help create an additional layer of user verification and reduce e-risks. Also, enhancing employees' knowledge and awareness of safe and secure cybersecurity practices is now imperative and companies need to spend more on employee upskilling.
However, for many enterprises especially SMBs, limited knowledge and lack of resources remain a crucial problem when it comes to taking care of their ICT and security needs. Therefore, they always look for a cost effective all in one solution that is nimble, capex and asset light and easy to install on ‘pay as you go’ model. We believe that the SMBs in India are poised for phenomenal growth and the onus lies with technology providers like us to develop relevant solutions at the right price point to support SMBs in their transformation journey. To this effect, we have introduced innovative smart tech solutions like ‘Smart Internet’ that enables SMBs to get robust connectivity, security, manageability, and clear visibility of their users and network.”
With the services market maturing, MSSP offerings are becoming more dynamic
Steve Ledzian
CTO, APJ, Mandiant - Google Cloud
“Cyber security has become an increasing concern amongst organizations, especially with the growing adoption of digitization. Mandiant recently released its annual Cyber Security Forecast 2023 Report where experts have collaborated to examine the past year's threat data and trends to create a forecast report for what’s anticipated in 2023.
Uncertainty is common in the cyber security space. With the rapid adoption of digital mediums, there is a rise in risks pertaining to security. Attackers regularly change their tactics, techniques and procedures to evade detection, leaving organisations struggling to keep up. The ability to find and retain the expertise and experience across cyber security functions continues to impact an organization’s ability to implement effective cyber defenses. There is a prevalent human factor to the success of cyber security; behind the technology lies a team of professionals with a range of technical skills used to implement defensive and proactive hunting strategies. While technology has a big part to play in against cyberattacks, it is the human element which is both the catalyst for attack and defence. Businesses of all sizes can take steps to mitigate their risk including training, changing recruitment processes, machine learning (ML) or outsourcing specialized roles. One possible way to resolve the skill gap is for organizations to develop an in-depth cyber security program in conjunction with experts and combine real-world exercises with actionable threat intelligence. As the services market for cyber security matures, Managed security service providers (MSSPs) offerings are becoming more dynamic.”
Ransomware attacks will continue to grow by taking advantage of the expanding attack surface
Harshil Doshi
Country Director, Securonix
“The year 2022 was tumultuous with sustained economic volatility, global unrest, and increased cyber threats to information, operations, and controls.
Numerous attacks will continue to successfully bypass fundamental security technologies and defenses - Malicious actors will successfully target and reveal the flaws of different security solutions, such as MFA and zero trust, on a much larger scale by building upon their work like LAPSU$$ and other high-profile assaults. In 2023 and beyond, attackers with historically low capacity will be able to operate with advanced resources due to increased cloud migration, the simplicity of using cloud infrastructure, and wider availability of compromised credentials.
Rates of accidental insider risk will grow - Financial stressors, fatigue and burnout will lead to emotional imbalance and prevent employees from maintaining their usual level of attention and care. This will increase instances of human error, such as clicking on malicious links or failing to adhere to security policies and exacerbate the rate of accidental insider risk.
Increase in numbers of ransomware attacks - Ransomware attacks will continue to grow in volume and take advantage of the expanding attack surface.
Threat actors will continue to target their victims over the course of the upcoming year by utilizing micro- and macro-level trends. New advanced campaigns should be launched globally to oppose the same by combining tried-and-true methods with novel, as-yet-undiscovered strategies. In recent years, CIOs have stepped forward and assisted in advancing their organizations, and in 2023, this trend will continue.”
The need for bigger cyber budgets and having the right people in place is critical
Dipesh Kaura
General Manager, Kaspersky (South Asia)
“Cybersecurity incidents were plentiful in 2022, causing many problems for industrial infrastructure owners and operators. In 2023, we will witness the formation of a more diverse behaviour-tracking market due to local law enforcement.
Ransomware attacks on critical infrastructure will become more likely – under the auspices of hostile countries or in countries unable to respond effectively to attacks.
We face a growing risk of politically motivated insiders and insiders working with criminals (primarily ransomware) and APT groups – both at enterprises and among technology developers and vendors.
There has been a large-scale shift to working from home around the world. It has led to a convergence between personal and work device usage, raising online privacy and security issues. The most crucial aspect of online privacy is ensuring that your data does not fall into the wrong hands.
We expect cyber threats to rise in 2023 as unrest in the world contributes to increased cybercrimes. IT teams should be prepared to deal with evolving threats posed by emerging technologies becoming widespread, such as geo-targeted phishing or attacks related to Cloud Security, IoT and AI. Employees should be educated and equipped to fight these mature attacks. End-users can prepare themselves with an easy-to-use security solution for upcoming challenges, whether phishing attacks or threats related to multiple layers of security.”
Criminals developing new ways to abuse internet-connected products
Milind Kulkarni
SVP- Digital & IT, STT GDC India
“As our world is becoming increasingly digital, cybersecurity challenges are mounting. Data security threats evolve at a staggering pace, and 2023's future cyber-attacks are bound to be as inventive as they have ever been. Cloud attacks are definitely a topic of discussion in 2023, with enterprises and individual cloud users. While adoption of cloud is going to grow in the next few years, companies will invest significant money to safeguard data from breaches.
Internet of Things (IoT) devices represent one of the most flexible and pliable attack vectors for malicious third parties. In 2022, Dos and IoT/OT attack vectors were essential targets. The actual contents of the network and the degree of device vulnerability are still a mystery to organisations. Thus, at an unprecedented rate.
Other significant challenges will be blockchain and cybersecurity attacks. The reason why malicious actors would target blockchain tech is rather obvious: the availability of digital currencies. As enterprise-grade users and individuals discover new ways of leveraging the blockchain and making good use of crypto, so do malicious third parties become more interested in breaching their respective defences. There are ongoing challenges with phishing scams, malware, etc. Mobility, web, HW infrastructure, Network & wi-fi which will continue to remain vulnerable from a cyber security threat perspective. New advanced security tools / products, automated AI based SOC, strong threat intelligence, quick / proactive actions through SIRT etc are also becoming focus areas to prevent cyber threat & reduce risk.”
Organizations should be aware of the risks associated with the use of IoT devices
Pramod Sharda
CEO - IceWarp India & Middle East
“The most common cybersecurity challenges for 2023 include business email attacks, phishing, malware and ransomware threats, crypto scams, cloud vulnerabilities, double-extortion tactics, trusted insider threats, crime as-a-service, smart device hacking targets, and lack of investment in security solutions. Additionally, organizations should be aware of the risks associated with the growing use of Internet of Things (IoT) devices, as well as the threat of internal employees who may attempt to sabotage networks or steal sensitive data. To raise the protection level of our organization while also ensuring business growth, we continue to implement comprehensive security protocols and procedures that address both physical and latest digital security threats.
The global cybersecurity workforce shortage is projected to reach upwards of 1.8 million unfilled positions by 2022, and the (IC) ² 2022 Cybersecurity Workforce Study found that the global security workforce gap increased by 26 percent, with 3.4 million additional workers needed to effectively secure businesses. These numbers are expected to increase in 2023, with the average cost of a US data breach at $9.44 million and cybercrime surging to meteoric heights in 2020 and 2021. Organizations need to pre-emptively address these risks by immediately hiring and onboarding new cyber talent and introducing new tools and resources that comply with global data protection and security norms to help simplify operations for SMBs and other thinly-stretched teams.”
CXO VIEWPOINTS
Enterprises may face challenges like IoT security, AI, Ransomware, Supply chain attacks, Phishing etc.
Ajay Yadav
Head- IT & SAP, SBL
New technologies like Cloud adoption, Smart Factory Industry 4.0, AI/ML that are being adopted bring their own vulnerabilities to address, and constant issues make to the "top challenges" lists this year. IoT security, AI, Ransomware, Supply chain attacks, budgets and staffing issues, and phishing are the only cyber security challenges that enterprises will face in 2023.
While security is often viewed as benign from budget and staff cuts due to its significance, it is not insusceptible to them. Moreover, security has historically been viewed as a cost centre because its ROI is not easily calculated. CISOs and security teams facing budget cuts and spending reductions as increase in inflation, interest rates and gross domestic product have many predicting an inevitable recession in 2023. An approaching recession could spell disaster for organizations of any shape, size and industry -- must plan carefully to maintain the security of their company and colleagues, while getting more done with less -- and without burning themselves out.
Hiring employees with the necessary skills and retaining those employees -- continues to be a challenge. CIO/CISO must have a robust strategy for retaining employees, not just hiring them, supply and demand is the play here, and the shortage of cybersecurity talent is definitely driving higher salaries, if we do not have salary bands in line with their expectations, then there will be an issue. Opportunities for long-term growth, regular training and a clear career development path will help to retain skilled professionals.
IoT devices need to have in-built protection
Vivekananda Naskar,
Director -IT, India, Protegrity
Apart from traditional threats, with the expansion of IoT, we have made a large surface open to cyber threats. Data poisoning is a way to corrupt the AI Systems that influences the AI outcome.
Traditionally, IoT Vendors take very little precaution to protect the devices from cyber-attacks. The protection needs to be built in the code itself as it is not always possible to add an overhead to make the IoT devices secure given the very small size of it. In addition to general Cyber Security measures, we need to monitor AI results continuously to make sure that the system is not poisoned.
With the availability of different tools and services that educate and make employees aware of most of the Cyber-Security threats, I hope we can make everyone a stakeholder in the Cyber security space. While we have an Information Security Team in most of the organizations, it is important to make general awareness mandatory. Periodic testing of cyber security knowledge of the employees is a great way to mitigate cyber security threats.
WFA, AI, Supply chain, Data Breaches & Data Privacy etc. - Key trends of 2023
Ashton D'Cruz
Director - CAO, CGO, CISO & Head - CC&S Governance, NatWest Markets
The top challenges and/or trends that we will observe in 2023 & beyond include:
Work from anywhere becomes permanent: Given the expanding enterprise attack surfaces, brought about by more remote (WFH/WFA) workers, as well as increase in number of network-connected devices, along with a much broader ecosystem of third-party partners and vendors. All this brings with it the challenge of securing and protecting your infrastructure and ecosystem, with the lines becoming blurred by the moment
Shortage of Skilled Resources: Developing cyber security talent becomes essential, as it will be expensive and difficult for companies to hire the cyber security experts they desperately require.
Role of AI: Today, AI and machine learning algorithms can be used to automate tasks, crunch data, and make decisions far faster than a human ever could. This in turn acts as a double-edged sword as it inherently creates cyber security risks that can be exploited and become a major target for hackers.
Recognize the risks from supply chains: We typically trust what our vendors and service providers give us. What's most important at this time is for organizations to recognize and acknowledge the risks from our supply chains and to demand that we all do better.
Data Breaches & Data Privacy: Again, something that will not go away, but needs to be recognised and managed.
Other trends and challenges include, Legacy Technology, which will continue to be an issue, or even Cyber-warfare threats and Organised Industry (State sponsored) attacks and finally the rapidly changing and evolving regulatory environment and landscape, and the need to be compliant to the same.
The capacity to react fast and accurately to evolving attacks is important to defend threats
Bhaskar Rao
CISO, Bharat Co-op Bank
The CISO has to deal with various challenges like -
· Security of Remote and Hybrid workforce
· Phishing and Spear-Phishing Attacks
· Software vulnerables
· Ransomeware Evolution
· Network Access Control
· Emerging 5G Technology
· Regular Patching
· Data Leak Protection
· Protection from Ever increasing Mobile Malwares
· API Security
· Outdated Hardwares
· Social Engineering etc.
Skilled cyber-security force is one of the major concerns and this is going to be continued in the coming years, the ever rising cyber threats and much sophisticated attacks by the hackers are some of the major concerns. It is always advisable to outsource certain products instead of doing in-house.
The CISO always has to think on the safe-guarding the interest of the organization, recent years have shown how the major cyber security problems and threat actors are modifying their methods to match the ever changing global environment. The capacity to react fast and accurately to constantly evolving attacks that can hit anywhere within an organization's IT infrastructure is necessary to defend against all threats. The CISO needs to do various things to protect the organization like (a) multi-factor-authentication, (b) zero trust, (c) micro-segmentation, (d) protect the data from an unknown actor, (e) protection of data leakages, (f) safe and secured connectivity, (g) needs-based access and (h) creation of the user awareness.
AI and Automation - To solve business challenges
Dinesh Kaushik
Group IT Head, Sharda Motor Industries
With the advent of the digital revolution, all businesses-large or small-corporates, and even governments now rely on computerised systems to manage their daily operations. As a result, cyber security has become a top priority to protect data from various online attacks or ransomware. Here are some of the trends that we will expect to see in the coming future to resolve all the challenges businesses are witnessing in cyber security.
Potential of Artificial Intelligence (AI)
Cybersecurity has seen significant modifications due to AI’s introduction into all market areas and its association with machine learning. Hence, the development of autonomous threat detection, face recognition, natural language processing, and security systems has all significantly benefited from artificial intelligence.
Automation and integration
Since the data is increasing daily, automation must be incorporated to provide more sophisticated control over the information. It is more useful than ever because of the pressure engineers and professionals face in the modern and chaotic workplace. As a result, the agile development methods include security metrics to produce safe software.
Cyber security is the process of defending against malicious intrusions on networks, computers, servers, mobile devices, electronic systems, and data. It is also referred to as information technology security or electronic information security.
The ways to raise the protection level:
· Adapting To A Remote Workforce
· Emerging 5G Applications
· Blockchain And Cryptocurrency Attack
· Ransomware Evolution
· IoT Attacks
· Cloud Attacks
· Phishing And Spear-Phishing Attacks
· Software Vulnerabilities
· Machine learning And AI Attacks
· BYOD Policies
· Insider Attacks
· Outdated Hardware
· Serverless Apps Vulnerability
Cloud Security, AI/ML, IoMT, Supply chain security – Top cyber security challenges
Bohitesh Misra
Co-Founder & CTO, Avexa Systems
In the process of developing connected Healthcare Analytics platform, I believe that the top cyber security challenges that are likely to haunt the healthcare industry in the future includes:
i. Cloud Security: As more healthcare organizations adopt cloud-based systems, the risk of data breaches and unauthorized access to sensitive information increases.
ii. Artificial intelligence and machine learning: As these technologies become more prevalent in healthcare, there is a risk of malicious actors using them to launch attacks or gain unauthorized access to sensitive information.
iii. Internet of Medical Things (IoMT) security: As more medical devices become connected to the internet, there is an increased risk of hacking and unauthorized access to sensitive patient data.
iv. Supply chain security: As healthcare organizations rely on third-party vendors for various services, there is a risk of attacks targeting these vendors and subsequently compromising the healthcare organization.
v. Cyber-physical systems: As more healthcare systems become integrated with physical devices, there is a risk of hackers causing disruptions to critical infrastructure such as power and ventilation systems.
vi. Remote working security: With the increase of remote working, there is a risk of cyber-attacks targeting remote workers and their devices, putting sensitive information at risk.
vii. Advanced persistent threats, in which hackers gain access to a network and remain undetected for an extended period of time in order to steal sensitive information.
It is likely that the lack of cyber security skilled workforce will continue to be a major concern in the future. The demand for cyber security professionals is expected to grow as the threat of cyber-attacks continues to increase.
RPA – The next trending technology of 2023
Meetali Sharma
Corporate Head - Risk, Compliance & Information Security, SDG Software
Almost all sectors including education, SME, healthcare as well as public sectors have moved towards cloud adoption in a big way. Digitization and cloud adoption has been seen majorly in finance and accounting, supply chain and logistics and IT management. With the increase in cloud adoption in the coming years as well, it will be a priority for compliance leaders to secure application data and infrastructure within the cloud environment.
Integration of AI, ML, automation, data analytics and RPA has transformed the way business is performed in nearly every sector of the economy. Since it can analyse a huge volume of information and has the ability to automate entire processes or workflows, it will be the next trend to watch for in 2023.
Blockchain and bitcoins have seen a lot of traction since 2016 and will continue to dominate the IT economy in the coming years. In addition to this, organizations would look at partners, tools and platforms who can help automate the compliance activities for the organization and enable a mechanism for continuous monitoring of the environment. This would ensure that the threats and risks to the environment are reported well in advance and threat vectors are actioned upon before they expose any vulnerabilities in the environment.
Lack of cyber security skilled force will continue to be a major concern for organizations in 2023 as well. However, compliance leaders within the organizations are now coming up with new methods to bridge this skill gap by cross training internal teams, providing flexible working hours to employees or better work-life balance, attracting more women to restart their careers after break and retaining key staff.
By taking platform approach than deploying products may raise the security level of an organization
Dr. Sashank Dara,
CTO, CISO & Cofounder, Seconize
The top cyber security challenges are:
· Products and Services Fatigue: Number of IT products and services being used (to conduct business) are staggeringly high.
· Tools Fatigue: Number of Security Products being used/needed to identify vulnerabilities and threats are high.
· Alerts Fatigue: Number of low fidelity alerts that lack any context, being generated by these tools are high.
The ways to raise protection level are:
· Take a platform approach than deploying point products
· Invest time, energy and resources in automation of vulnerability and threat response
· Upskill, train and increase security quotient of all the stakeholders (employees, executives, partners, vendors)
There are a variety of initiatives by the public and private sectors that are addressing the cyber security skill gap problem but the shortage may continue for some more time even in 2023.
Mobile will be the new target for scammers
Zakir Hussain, CEO - BD Software Distribution
“With the digital transformation around all businesses, small and mid-size, corporates, governments are trusting on computerized systems to manage their day-to-day activities and thus making cybersecurity a primary goal to safeguard data from various online attacks and cyber threats. As per the cybersecurity trends, Mobile will be the new target as it will witness considerable increase in mobile banking attacks. With more and more organizations now established on clouds, security measures need to be continuously monitored and updated to safeguard the data. With the beginning of 5G networks, a new era of inter-connectivity between multiple devices will open to vulnerabilities for outside attacks.
Another important cybersecurity trend that we can't seem to ignore is targeted ransomware. Threats are unfortunately going to increase; we need to ensure that cybersecurity should be our priority to deal with the risk ahead.
The role of modern CIO has become a balancing act between handling IT operations and driving strategic initiatives. Digital interference and increasing customer expectations are the driving force behind much of it. But despite the new opportunities and innovative technologies, there will still be many hurdles. Managing Data Protection to guarantee compliances by updating digital policies. Developing a thorough understanding of how information is stored, deployed, and accessed. Bridging the skill gap by providing in-house digital skills training to develop the required capabilities. The need to improve cybersecurity to deal with the latest attacks is a persistent CIO focus.”
The cost of launching attacks is going down drastically year after year
Ashish Tandon, Founder & CEO - Indusface
“DDoS attacks will continue to rise. In our analysis, we saw a 74% increase in the number of websites that experienced DDoS attacks from Q3 to Q4 of calendar year 2022. I see this as a big concern as one doesn’t need superior tech/coding skills in order to hack websites and command ransom. There are so many DDoS as service providers. In fact, with $20 you can now launch an attack for up to an hour. The cost of launching attacks is going down drastically year after year. This is one urgent concern that all technology leaders have to address in the current year.
Business growth is now just a function of how well you accelerate digital transformation. Most CIOs don’t have visibility into the API inventory or the integrations. When there is no inventory, APIs are as susceptible as any other applications to vulnerability and DDoS attacks. Securing APIs is a sure shot way of ensuring business growth.
In my conversations with Infra and security leaders, one common theme is the lack of skilled workforce that is preventing them from utilizing the full capabilities of advanced software such as a WAF or WAAP solution. In our experience, we have seen customers rely on 48 custom rules (virtual patches for vulnerabilities on the WAF) on average and the majority of these are being written by our managed services team. I would hazard a guess that had these skills been more available, this number would have been much higher.”
Growing concern for cybersecurity will create a demand for cybersecurity solutions
Subbu Iyer, Regional Director for India and SAARC, Forescout
“In 2023 we will witness an increased number of cyberthreats, which will largely be a result of a greater penetration of internet services enabled by the emergence of 5G. It will impact the number of unregulated entry points hackers have access to, thus opening the potential for increased risk of data breaches. The Russian invasion of Ukraine will also add to the occurrence of cyberattacks. In healthcare market segments, we expect to see an increase in the overall cost of security failures, which will draw the attention of BODs. Furthermore, the enhancement and expansion in the offerings by communications service providers (CSPs), combined with the increase in connected assets, will also expose an increased number of people to cyberthreats.
The growing concern for cybersecurity is expected to create an increased demand for cybersecurity solutions across the globe. As an OEM, our goal is to provide our customers with the best-in-class solutions that safeguard them from malicious entities. Our products minimize the attack surface and exposure with automated security controls by discovering, assessing and governing compliance of all connected assets – IT, OT, IoT, IoMT – over heterogeneous networks. We are investing extensively in R&D to ensure that our products are able to thwart new emerging threats along with the already identified ones.
The shortage in skilled cybersecurity personnel is certainly a matter of concern. Several sectors lag behind in terms of adopting robust cybersecurity measures due to an acute shortage of trained professionals to man the deployed cybersecurity solutions. In 2023, we expect to see a push from enterprises, especially those from healthcare space, to outsource the security efforts to external experienced companies, starting with Tier-I SOC and incident response teams, which are the first lines of defense.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
