CYBER SECURITY & DATA CHALLENGE encompasses a vast and complex landscape, where the security of our interconnected digital and physical worlds hangs in the balance. Together with its integration with new-age tools like Gen AI, it is seen as a challenge that demands innovative solutions and a collaborative spirit across individuals, businesses, and governments -
In 2024, the realm of cybersecurity is characterized by a convergence of regulatory, economic, and social challenges. Globally, data privacy regulations such as GDPR, CCPA, and CPRA are stirring a complex situation, while heightened worries about critical infrastructure vulnerabilities are prompting governments to consider more stringent cybersecurity protocols. Simultaneously, the undercurrent of social issues, including disinformation, deepfakes, and a shortage of cybersecurity skills, presents additional threats.
“the Progression Of Technology Has Led To An Increase In The Range Of Cyberattacks Due To An Ever-changing Array Of Malware, Ransomware, And Phishing Attacks. With The Increasing Use Of Ai And Ml Technologies In Diverse Systems, There Is A Potential For Adversaries To Exploit These Advancements For Malicious Purposes, Including The Development Of Sophisticated Attacks And The Generation Of Deepfake Content.”
Rahul Arora, Managing Director India & South Asia, Trellix believes that establishing cybersecurity as a strategic imperative demands a holistic approach, encompassing cuttingedge technology, continuous education, and collaborative efforts. “As we get into 2024, the collective responsibility of maintaining a cyberaware culture becomes more pronounced. Continuous adaptation is imperative in this era, where the key to resilience lies in staying ahead. Innovation becomes the cornerstone, fortifying our digital defences against the relentless rise of AI and ransomware,” he says.
“new Age, Ai And Ml Will Play A Significant Role Going Forward. On One Side Cybercriminals May Leverage These To Enhance Their Skills And Make Their Attacks More Lethal, Professionals On The Other Hand Must Continue To Harness The Power Of Ai To Understand The Dynamism Of Attacks And Prepare To Stay A Step Ahead Of The Game While Gearing Up To Combat Attacks.”
“2023 saw some significant challenges in the realm of cybersecurity - Ransomware attacks were on a rampage across all regions and corporates across the globe, with India included,” observes Debasish Mukherjee, Vice President, Regional Sales APJ – SonicWall. “Going into the New Year, while the cybersecurity landscape continues to evolve with substantial new age development and transformations, the mounting complex and dynamic threats and cyber-attack possibilities continue to loom large. While there is an increased acknowledgment for the necessity of sophisticated and integrated security solutions, individuals and organizations alike must gear up for the journey ahead ever so more now,” he says.
Considering the modern cybersecurity scenario being complex, marked by advanced threats like zero-day exploits and disruptive ransomware campaigns across diverse industries, Harshil Doshi, Country Director - India, Securonix suggests collaboration and information sharing to be pivotal. “What is required is international cyber-intelligence networks and ongoing professional upskilling to bridge the talent gap. Through awareness, robust defences, and global collaboration, we can navigate the evolving threat landscape, ensuring the continued growth and innovation of the interconnected digital ecosystem.”
“the Cybersecurity Landscape Is Poised To Grapple With Enduring Challenges, Prominently Marked By A Persistent Skills Shortage, The Rapid Evolution Of Artificial Intelligence (Ai), And The Advent Of Generative Ai (Gen Ai). The Scarcity Of Skilled Cybersecurity Professionals Is Expected To Remain A Pressing Issue, Hindering Organizations' Ability To Fortify Their Defenses Against Evolving Threats.”
“The cybersecurity landscape is in a continual state of evolution, responding to emerging threats and challenges,” opines Amit Patil, Senior Director of Technology Delivery, Engineering, Publicis Sapient. “Organizations spanning various domains have made significant investments to elevate their security measures, leveraging advancements in technology and its widespread adoption. Furthermore, there is an increased focus on strengthening defenses against ransomware and crypto mining attacks through the implementation of a robust Zero Trust Architecture (ZTA) on both cloud and onpremise systems.”
“in The Japac Region, Pig Butchering Scams Will Continue To Be A Threat. These Scams Are A Combination Of Cybercrime And Human Trafficking Where By Gaining The Victim’s Trust, The Scammer Convinces Them To Invest In Fraudulent Schemes. A Un Report From 2023 Claims That This Scam Has Affected Innumerable People Globally And Has Also Led To The Former Victims Becoming The Scammers In Large Numbers.”
Yihao Lim, Mandiant JAPAC Lead Threat Intelligence Advisor, Google Cloud contends that data breaches continue to impact an organization's overall infrastructure in addition o financial, legal, reputational, and competitive aspects. “Cyber attackers are targeting supply chains, exploiting vulnerabilities within thirdparty software and hardware and the importance of security around cloud technologies and IoT devices is escalating. While GenAI is presenting attackers with new ways to threaten victims, defenders are using the same technologies to strengthen detection and response mechanisms in order to speed up analysis while also addressing threats and reducing the skills gap.”
“while It's Acknowledged That Attackers Can Exploit Generative Ai For Crafting Sophisticated Social Engineering Attacks And Developing Malware, Organisations Also Recognise Its Potential For Enhancing Cyber Defense. Generative Ai Can Function As A Cyber Assistant, Offering Valuabl Support To Understaffed Cybersecurity Teams By Facilitating Faster Analysis, Decision-making, And Guidance. This Technology Proves Instrumental In Navigating Complexity And Staying One Step Ahead Of Cyber Attackers.”
“In 2023, over 90% of businesses in the country embraced a multi-cloud approach, resulting in a contemporary attack surface characterised by increased complexity,” points out Kartik Shahani, Country Manager, Tenable India. “This complexity stems from the integration of various components such as virtual machines, containers, Kubernetes, serverless architectures, data, networks, and identities, all distributed across multiple cloud ervice providers. The intricate nature of this modern attack surface has elevated cloud security to a paramount concern for organisations.”
“the Increasing Reliance On Remote And Hybrid Workforce, Cloud-based Applications, Mobile Devices, And The Proliferation Of Iot Devices Is Creating Network Security Challenges And Is Expanding The Attack Surface. Bad Actors Have Innovative And Complex Tools At Their Disposal Including Ai. Attack Methodologies Continue To Evolve, Enabling Ddos Assailants To Elude Defenses. Outbound And Cross-bound Ddos Attacks As Well As Inbound Assaults Will Rise.”
As per NETSCOUT’s latest DDoS Threat Intelligence Report for 1H2023, a total of 7-9 million DDoS attacks were observed, a 31% increase Year-on-Year representing an unbelievable 44,000 DDoS attacks every day. “Ransomware attacks have evolved further and are a major threat to both organizations and individuals. Advanced technologies such as AI and ML are leveraged for cybersecurity as they are integrated into threat-hunting tools. The attack surface is expanding exponentially due to the use of IoT, SaaS, BYOD, 5G, serverless applications, and others. Today businesses are facing higher scrutiny and regulatory requirements as government agencies are working towards further enhancing cybersecurity regulations and compliance standards,” explains Vinay Sharma, Regional Director, India and SAARC, NETSCOUT.
The cybersecurity market in India reached $6 billion in 2023, growing at a CAGR growth of over 30% during 2019-23. The products segment grew by more than 3.5X to touch $3.7 billion in 2023 from $1 billion in 2019. The market is expected to account for 5% of the global market by 2028.
“cybercriminals Are Becoming More Sophisticated And Are Leveraging Advanced Techniques Such As Ransomware, Phishing, And Supply Chain Attacks. The Interconnectedness Of Our Digital Infrastructure, Coupled With The Growing Volume Of Personal Data Being Generated And Stored, Has Created A Fertile Ground For Such Malicious Actors. Striking A Delicate Balance Between Fortifying Defences And Respecting Privacy Rights Is Paramount In This Landscape.”
“This growth is underpinned by the dynamic and evolving challenges characterizing the current cybersecurity landscape. With our increasing reliance on digital technologies, the attack surface for cyber threats has expanded, encompassing both the virtual and physical realms,” says Mitish Chitnavis, CTO, iValue InfoSolutions.
“as We Enter The New Year, Enterprises Should Brace For Heightened Cyber Threats Targeting The Core Of Digital Trust. Ai-related Risks Will Surge As Ai Empowers Human Threat Actors And Enables Autonomous Entities To Conduct Endto-end Cyberattacks. Ai's Impact Will Amplify Existing Threats Like Phishing And Introduce Novel Challenges, Such As Deepfakes. Personalized And Potent Ai-enhanced Tactics May Escalate, Leading To Increased Breaches.”
Giving a more detailed picture of how India fared in terms of cybersecurity measures, Manish Alshi, Head of Channels and Growth Technologies - India & SAARC, Check Point Software Technologies pointed out how cyberattacks on Indian government institutions surged in August and September amid diplomatic tensions over India's stance on Russia's war on Ukraine during its G20 presidency. There were also a series of financial and phishing scams in the country. The Reserve Bank of India (RBI) recorded bank frauds exceeding INR 30,000 crores. QR code scams, part-time job deceptions, and courier scams targeting the youth have further expanded the threat landscape.
“According to Check Point's Threat Intelligence Report 2023, over the last six months, organizations in India faced an average of 2146 weekly cyberattacks, compared to the global average of 1239 attacks per organization. Healthcare followed by Education/ Research became highly targeted sectors. Similar to global organizations, Indian enterprises face a critical shortage of cybersecurity experts, ranking second globally in this workforce deficit, which has surged sevenfold in the past year. This underscores the need for concerted efforts to address the growing challenges posed by cyber threats in the Indian landscape,” he explains.
Security spending rising manifold Cybersecurity undoubtedly is high on the agenda today. Palo Alto Networks’ state of Cybersecurity survey found that 75% of Indian organizations have increased their cybersecurity budgets in 2023 compared to 2022. While this looks promising, what must have forced organizations to take such measures over the past 18 months may be the increase in multiple high-profile attacks.
“ever Since Chatgpt’s Launch In October 2022, Concerns Around Its Potential To Democratize Cybercrime Have Been Rife. We See Attackers Leverage Gen Ai In Two Broad Categories: One, To Increase The Speed, Scale, And Quality Of Their Existing Attack Vectors; And Two, To Leverage Gen Ai In Innovative Ways Or Zero-day Attacks That We
Are Now Starting To See.”
“The vast majority of Indian organizations are moving significant portions of their infrastructure to the cloud – 80% to be exact,” says Ian Lim, Regional CSO - Palo Alto Networks JAPAC. “As such, organizations are adjusting their cybersecurity strategies to adopt cloud security. This is going to be essential going into 2024 as multi- and hybrid-cloud setups become more ubiquitous, calling for a unified approach to cybersecurity.”
“ransomware Will Continue To Be A Threat In 2024. We Will See More Instances Of Ransomware As A Service, And Cloud-based Ransomware. We Will Also See A More Sinister Version Of Ransomware Called Disruptionware, Wherein An Attacker Goes After The OT Instead Of The It. The Number And Scale Of Phishing-based Social Engineering Attacks Will Increase As Attackers Will Make Use Of Gen Ai To Craft Highly Compelling And Convincing Email Scams.”
“This increase also means that businesses will devote more funds to the adoption of cutting-edge security technology, like cloud security solutions, AI-driven threat detection and response systems, and security orchestration and automation,” says Ram Vaidyanathan, cybersecurity specialist, ManageEngine. “In addition, staff awareness and training will receive more attention in order to defend against social engineering scams. The projected increase in security investment is indicative of the rising understanding of the importance of cybersecurity and the necessity of keeping up with the dynamic threat landscape.”
According to the Data Security Council of India, 97% of organizations are investing in AI/ML, and 84% are allocating funds for cloud technology infrastructure. The increasing investment in cybersecurity technologies, particularly AI, is likely to contribute to a more resilient security landscape, enabling organizations to better defend against a variety of cyber threats.
“With the help of public-private engagements and adoption of digitalization, India is making improvements to its operational procedures. However, digitalization is also accompanied by a rising fear and hence, the need for investors to invest more proactively. The increase in investments will ensure installment of advanced technologies and hiring of more cybersecurity experts,” says Yihao Lim of Mandiant.
According to a Gartner report, globally the spending on security and risk management is projected to reach $215 billion in the New Year, which is a 14% year-over-year increase from 2023. Another report shows that the global Managed Services Providers (MSP) market size was valued at USD 224039.0 million in 2021 and is expected to expand at a CAGR of 11.04% during the forecast period, reaching USD 420036.0 million by 2027.
“These trends go to show that many IT teams have turned to managed services for their cybersecurity needs and that the role of a MSP must constantly evolve with the market moving more and more towards service-led business and growth in the coming years,” opines Debasish of SonicWall.
“cybersecurity Teams Certainly Encountered Unprecedented Challenges In 2023 And This Trend Continues To Be Worrisome This Year As Well. Skill Shortage Which Has Intensified Over The Last Year Remains And Working As A Cybersecurity Professional Is Becoming More And More Difficult In An Increasingly Challenging Environment. The Growing Accessibility To The Internet And Interconnectivity Between Various Devices Is Providing More Vulnerabilities For Cybercriminals To Exploit.”
Rajarshi Bhattacharyya, Co-Founder, Chairman and Managing Director, ProcessIT Global also agrees that businesses are increasingly opting to partner with Cybersecurity Managed Service Providers due to the latter’s expertise and their access to the latest technologies in addition to the 24/7 monitoring services. “The investments taking place are for technology modernization with advanced technologies, and automation, in addition to partnering with managed services providers. By investing in the right technologies, organizations can enhance operational efficiencies and save significant costs.
Additionally, business productivity increases and the trust and confidence of customers also get enhanced, leading to better business outcomes for organizations.”
“cyberattacks Increasingly Become Tools Of State Conflict Or Espionage. Navigating The Murky Waters Of Cyber Warfare And Protecting Critical Infrastructure From Nation-state Threats Will Be A Complex Task. Besides, Use Of Genai Will Increase Significantly In The Year 2024 To Create Disruptions In Cloud Space, Impersonation Using Deepfake Technology, Creating Malicious Narratives, Disinformation Campaigns, And Launching Ransomwares.”
Vinod Jayaprakash Vinayagamurthy - Cybersecurity Leader - EY GDS points out that as per market trends, the expected surge of 14% in cybersecurity spending in 2024 from 2023 will have a ripple effect across the security landscape, impacting it in several keyways.
• Advanced tools like zero trust and AI-powered threat detection, previously out of reach for smaller players, will become more accessible due to increased investment in vendor solutions and open-source options.
• Budgets will increasingly shift towards proactive measures like threat intelligence, vulnerability management, incident response planning, etc.
• With larger budgets, organizations can automate routine security tasks like log analysis and response, leveraging human analysts for more complex investigations.
• Increased spending will spur further development in cutting-edge technologies like deepfake detection and AI-powered offencedefence simulations.
• Public-private partnerships and industry wide information sharing are likely to be bolstered by larger budgets, leading to a more united front against cyber crime.
Is Gen AI a boon or a bane?
It goes without a saying that the adoption of AI applications presents both opportunities and challenges for cybersecurity. While AI can enhance threat detection and response capabilities, generative AI, in particular, poses
a potential threat. Advanced AI tools such as Large Language Models (LLMs) like GPT4, Claude, and PaLM2 are capable of diverse capabilities from human-like text generation to problem-solving and coding.
Despite their positive applications, they pose a significant risk, especially in the context of large-scale cyberattacks. Deepfake technology and other AI-driven malicious activities can manipulate data and deceive security systems. Generative AI's ability to create realistic and convincing content could potentially be used to generate fake data or mimic genuine user behaviours like AI-generated voice scams. This makes it challenging for traditional security measures to distinguish between authentic and fake information.
As businesses increasingly rely on AI for various tasks, it is crucial to implement robust safeguards, ethical guidelines, and security measures to ease the risks associated with the misuse of generative AI technologies. CISOS must stay ahead of these developments by integrating AI into defensive strategies. Employing AI for threat hunting, anomaly detection, and behavioural analysis can help mitigate the risks associated with generative AI, ensuring a proactive and adaptive security posture.
AI if used judiciously by organizations can offer various solutions to counter security risks-
• AI algorithms can be developed that can detect and combat activities of GenAI like deepfakes.
• By implementing explainable AI (XAI) techniques, developers can make AI models more transparent and understandable,
allowing for better oversight and mitigation of potential biases.
“In tandem with cybercriminals, cybersecurity defenders are also embracing AI and ML. Noteworthy investments have already been made in AI for cybersecurity, with a continued trend as more companies seek to fortify their defences against advanced threats,”
says Manish Alshi of Check Point Software Technologies. “Europe and the US have taken significant strides in regulating AI usage, and as these initiatives progress, there will be shifts in how these technologies are employed for both offensive and defensive purposes.”
“generative Ai Is Capable Of Creating Content Which Poses A Potential Threat As It Can Be Exploited For Malicious Purposes, Including Deepfake Creation And Ai-driven Phishing Scams. The Technology's Ability To Mimic Voices And Generate Realistic Content Raises Concerns About Misinformation And Social Engineering Attacks. Organizations Must Implement Robust Cybersecurity Measures, Including Ai-driven Threat Detection, Regular Security Audits, And User Awareness Programs.”
“In 2024, good news is that new global regulations will be implemented to instil trust in Generative AI for cybersecurity, emphasizing accountability and reliability in using AI-generated content,” says Harshil of Securonix. “The cybersecurity landscape will witness a shift from traditional passwords to passwordless security methods, leveraging biometrics and advanced technologies for enhanced security and user-friendliness. Additionally, CISOs will play a crucial role in driving cyber-resiliency, focusing on proactive strategies, robust defences, and swift response plans to counter evolving threats, contributing to an overall strengthened security landscape.”
And so…
With our lives increasingly intertwined with the digital world today, and with vast amounts of personal data being collected and stored, we become a prime target for cybercriminals. Data breaches expose sensitive information, leading to financial losses, identity theft, and reputational damage. Striking a balance between robust security measures and individual privacy rights thus remains a critical challenge. Today’s security scenario calls for a proactive, adaptive Defense strategy. As industries beyond finance, including healthcare and energy face heightened risks, it demands for tailored security measures. Against this backdrop, adopting a risk-based approach to cybersecurity is the way to go in 2024 and beyond. This is a marked shift from the traditional attack-based and compliance-based approaches. Putting processes in place for this change will be a challenge for the security team but it will sure be rewarding in the end. While the upward trend in security spending underlines a growing recognition that robust cybersecurity measures play in mitigating risks and safeguarding sensitive information, a significant portion of these funds should also be directed towards talent development and the implementation of cutting-edge strategies. It is likely that governments worldwide, coming under the pressure of protecting critical data, will address emerging challenges from deep fakes, and plan regulatory frameworks to mitigate their societal, privacy, and information authenticity impacts.
Having said that, organizations should also pay equal attention to empowering CISOs, failing which organizations stand exposed to vulnerabilities and leave them extremely susceptible to cyberattacks.
CYBER SECURITY CHALLENGES in 2024
Some of the key security challenges that will continue to prevail in 2024 are -
• Hacktivism to deliver firmer messages - In 2023, there were numerous broadcast events disrupted by activists. The Russo-Ukraine conflict marked a watershed moment in nation-state cyber-warfare, reflecting geopolitical instability. During the G20 Summit in India alone, more than 30 groups of hacktivists from neighboring countries attacked more than 600 government websites through DDoS attacks, defacements, and data leaks. 2024 could see this campaign being taken digital-first with highly anticipated events like the Olympics, the Euros, and regional elections.
• Lack of correlation will lead to worse outcomes: The lack of correlation and levels of noise generated by siloed tools creates immense visibility gaps and hampers threat detection and response. For any business owner, it’s a lot simpler to manage the cybersecurity stack if there is a single POC when a crisis inevitably strikes.
• Ransomware and Phishing attacks - 2024 will see a rise in phishing scams exploiting human vulnerabilities, while sophisticated ransomware will target critical infrastructure. There will be also an increase in AI-directed cyber-attacks with more threat actors leveraging the technology.
• Supply chain attacks - Compromised software updates and third-party vendors will continue to be the entry points for attackers, exposing entire security ecosystems to risk.
• Zero-day vulnerabilities - Leveraging previously unknown software flaws, zero-day vulnerabilities will continue to pose a significant threat in 2024 as well, highlighting the need for rapid patching and proactive threat intelligence.
• Zero-day in Cloud – Cloud security will be one of the biggest challenges. Threat actors are looking for ways to establish persistence on cloud environments and move laterally. We can expect attackers in 2024 to continue exploiting misconfiguration and vulnerability to move laterally across boundaries between cloud environments. With multiple cloud environments to keep track of, it presents a unique challenge — one that requires consolidation of cloud security products and vendors to accelerate throughout 2024.
• Skill gap to persist - Security managers will find it challenging to address the skills gap that exists in security. They will wrestle with finding and retaining the right talent.
• OT security: Industries heavily reliant on Operational Technology (OT) will remain prime targets for cyber-attackers. The vulnerability of
OT systems, which are more fragile than their Information Technology (IT) counterparts and prone to crashes when operating unauthorised software, amplifies the risk.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
