Experts there weigh in on the right approach toward unravelling the socio-cultural dilemmas and trends impacting businesses’ cyber vigilance and resilience
With India’s super-accelerated and rushed digitalization/cloudification, cyberattacks and related security issues have also imploded.
The Indian Computer Emergency Response Team (CERT-In) recorded 1.92 lakh cybersecurity incidents last year, compared with 48,285 in 2021: a surge of more than 300%. The recent high-profile attack on the All India Institute of Medical Sciences (AIIMS) shows the threat level that India faces in the cybersecurity space. Also implicated are specific cultural and attitudinal mores leading to data protection controversies and underutilization of government grants to help businesses prop up cyber defenses.
Organizations without good visibility of their cloud infrastructure have been part of the casualties in terms of data breaches and ransomware attacks. And, with Gartner forecasts of public cloud spending to reach nearly US$600bn this year, India is bracing for continued surges in cyberattacks, state-sponsored espionage and data protection incidents.
Also, with rising internet penetration, smartphones usage, and the rolling out of 5G in the country, the country will see the usage of cloud applications rise many times in the coming years, opening up even more exposure to cyberattacks. According to Ravindra Katti, Founder and Director, Techpartner Alliance, increasing adoption of remote and hybrid working is leading to more sensitive data being stored in the cloud, “giving rise to data breaches with hackers trying to steal it.”
Proactive, not reactive cyber vigilance
Experts are of the view that endpoint security is the most crucial aspect of thwarting any cyberattacks. Amit Gupta, founder and CEO, Rapyder Cloud Solutions, said: “The work-from-home model and Bring Your Own Device approaches have brought several benefits to both employers and employees across many aspects. But it is giving nightmares to enterprise security experts. As enterprise perimeters are getting blurred, the traditional approach to cloud security is proving to be ineffective. Migration to the cloud has given rise to many gaps such as weak end-point security coupled with direct internet access without VPN. The other challenges are a surge in cloud-based tools and data transfer to the cloud without proper visibility and inadvertent data leakage.”
With the proliferation of cloud computing services in the form of Infrastructure as a Service, Platform-as-a-Service, and Software-as-a-Service and others, the most virulent cyberattacks have been Distributed Denial of Service attacks, according to Gupta. Some of the other common types of cyber threats include compromised credentials; system misconfigurations; insider threats; data breaches; crypto-jacking, and insecure applications. Other top cloud computing threats include malicious insiders, cloud API vulnerabilities, data incidents and shared technology vulnerabilities.
In this cyber risk-heavy landscape, organizations require a proactive approach, Gupta concluded. “It is important to design solutions for cloud security to keep data and applications secure. Other cloud security measures like network security, data security, security information and event management, identity and access management, security management, governance, and compliance with the use of strong authentication are required.”