In anticipation of the cybersecurity landscape in 2024, organisations are gearing up to face new challenges and regulations. Earlier this year, Gartner anticipated that end-user spending on security and risk management in India would reach $2.65 billion in 2023, reflecting an 8.3% increase from 2022. This upswing is attributed to the growing adoption of digitalisation and cloud infrastructure, coupled with mounting apprehensions about the escalating number of ransomware attacks.
Threats continue to rise
Whether facing ransomware or state-sponsored attacks, India emerged as the primary target for cybercriminals in 2023. According to CYFIRMA’s India Threat Landscape Report 2023, it stands as the most targeted country, accounting for 13.7% of all attacks, followed by the US at 9.6%, and Indonesia and China at 9.3% and 4.5%, respectively.
Stringent government measures on digital data protection and security breach reporting are compelling Chief Information Security Officers (CISOs) to augment their spending on security and risk management in 2023. Despite these efforts, cyberattacks in India are on the rise. In what could potentially be the most extensive data breach in the country, the data of approximately 81.5 million Indian citizens from the Indian Council of Medical Research (ICMR) was reportedly compromised.
AI will take centrestage
No matter if an organisation loves or loathes the growth of Artificial Intelligence, it will become a part of cybersecurity – both in terms of defense and threat activity alike. Threat actors will continue to utilise generative AI systems to enhance their ability to create realistic and difficult to detect phishing, scam texts, and potentially even voice interactions. Anti-malware and other defensive platforms have been utilising AI to create better predictive and analytic algorithms to detect malicious activities as they occur. Both areas of advancement look to be likely to continue and accelerate in the year to come.
Legal landscape will be key
Countries worldwide are projected to introduce their security and exchange regulations to tighten their cybersecurity frameworks, enforcing strict notification schedules and comprehensive annual reports. The Securities and Exchange Board of India (SEBI) has established a cybersecurity mechanism to prevent cyber threats and attacks at stock exchanges and clearing corporations. These measures aim to enhance the resilience of the market infrastructure.
In 2024, senior leadership and board-level discussions around cybersecurity will gain unprecedented momentum. Boards play a crucial role in fostering and cultivating a culture of cybersecurity excellence, particularly within the leadership team they interact with directly. When engaging in discussions about cybersecurity at the board level, it is inevitable to involve the CISO or the senior executive overseeing cybersecurity within the organisation.
Forty percent of Indian cybersecurity teams are understaffed, according to the State of Cybersecurity 2023 report by ISACA with 54% of organisations having job openings for non-entry level roles, compared to 20% with job openings for entry-level positions. This underlines that Indian companies will focus on bridging the talent gap zeroing in on soft skills, cloud computing and security controls.
However, rather than concentrating solely on the cybersecurity program, it is essential to broaden the conversation to highlight how cybersecurity contributes to supporting other crucial components of the organisation.
Before delving into the future, it’s crucial to reflect on the accuracy of predictions made for 2023 and Cymulate’s foresight last year:
Operating systems as prime targets
Prediction: Operating systems would be prime targets in 2023, with attackers exploiting fundamental issues and legacy components.
Results: In 2024, attackers are likely to exploit fundamental issues and legacy components in operating systems due to two key reasons: outdated security measures and widespread system dependencies. Legacy components, often present in long-standing operating systems, may harbor known vulnerabilities that haven’t been adequately addressed through updates or patches.
Rise in abuse of accounts management
Prediction: Successful attacks exploiting flaws in secrets and elevated accounts management would surge in 2023.
Results: Almost every day, a new headline surfaces, revealing yet another significant data breach. However, many such incidents go unnoticed, mainly because organisations lack the expertise to detect them. The recent validation of Cymulate’s prediction came through phishing attacks, specifically targeting Microsoft Teams. Threat actors capitalised on vulnerabilities in collaboration tools, contributing to a rise in cyber threats. In an Indian context, these incidents underscore the need for heightened cybersecurity awareness and robust measures to protect against evolving threats in the digital landscape.
Improved omnichannel phishing
Prediction: Phishing attacks would evolve with improved omnichannel techniques in 2023.
Results: A recent report from Acronis highlights ransomware as the foremost threat confronting small and medium-sized businesses in India. Although there has been a decline in the creation of new ransomware variants, the gravity of ransomware attacks remains a substantial concern.
Moreover, the emergence of data stealers presents a troubling threat, as these malicious actors leverage pilfered credentials to gain unauthorised access to sensitive information. Non-email-based phishing techniques have seen a notable increase, with attacks targeting popular social media platforms, aligning with the earlier predictions.
As we navigate the intricate landscape of cybersecurity, these insights provide a roadmap for organisations to fortify their defences against emerging threats in 2024.
(Shailendra Shyam Sahasrabudhe, Country Manager, India, UAE and South East Asia, Cymulate Ltd)