In an era dominated by digital advancements and technological reliance, cybersecurity has become increasingly crucial for nations across the globe. For India, a nation with a rapidly growing digital footprint, the question of cybersecurity readiness takes center stage. Recent reports indicate a concerning trend, with approximately 83 percent of Indian organizations experiencing cybersecurity incidents in 2023. These incidents, ranging from web attacks and phishing attempts to supply chain infiltrations, have not only posed significant threats but have also led to substantial financial losses, with 48 percent of organizations reporting 10 or more incidents resulting in million-dollar damages.
As businesses in India grapple with the relentless onslaught of cyber threats, the need for a robust cybersecurity infrastructure is more apparent than ever. According to the CISCO Cybersecurity Readiness Index, as of 2022, a mere 24 percent of firms and organizations in India have the necessary resources and capabilities to effectively address their cybersecurity issues. Meanwhile, more than 30 percent were still in the first stage of preparedness.
Current Cybersecurity Landscape in India
There has been a considerable disregard for cybersecurity in India, leading to challenges in fulfilling the growing needs of the nation. Malicious software such as Stuxnet, Flame, and Black Shades exacerbate India’s inadequate cybersecurity capabilities. India has a lower number of cybersecurity initiatives compared to other prosperous nations.
In India, many government projects remain simply hypothetical. The National Critical Information Infrastructure Protection Centre (NCIPC) and the National Cyber Coordination Centre (NCCC), while authorized, have not been fully implemented. Furthermore, India’s 2013 National Cyber Security Policy has failed to be effectively executed, leading to infringements on privacy and violations of human rights.
In India, cybercrime encompasses a wide range of activities, including the dissemination of viruses, unauthorized access to computer systems, stealing personal identities, sending unsolicited emails, overwhelming email servers with excessive messages, sabotaging websites, and engaging in cyberdefamation. The country’s global ranking for internet access is 85th, but its ranking for cyber attacks is third. India also accounts for 8 percent of global detections of ransomware, the fourth-largest share in the world.
The increasing reliance on digital technologies, along with the constantly changing threat environment, presents unique challenges for organizations in their efforts to protect sensitive information and maintain the confidence of their consumers. The growing complexity of cyber assaults presents a significant obstacle. The latest statistics from the Indian Computer Emergency Response Team (CERT-In) reveal that India had a significant number of cybersecurity events in 2022, with a total of 1.391 million recorded instances.
In India, the demand for cybersecurity personnel surpasses the worldwide average by 9 percent, and almost half (49 percent) of organizations seeking to hire such expertise face challenges in doing so. According to reports, the process of hiring someone for a job in this particular industry might be as long as six months. India was expected to have a deficit of around 3 million cybersecurity experts by the conclusion of 2023. The scarcity is a significant obstacle for organizations in efficiently monitoring their cybersecurity position and swiftly addressing new threats.
In recent times, there has been a significant increase in cybersecurity problems in major economies, including India. This has resulted in a stronger focus on the significance of cybersecurity capabilities. Regrettably, both organizations and consumers in India are failing to acknowledge the expenses associated with ongoing cybersecurity efforts, resulting in a diminished focus on skill development and a scarcity of expertise in this field.
Indian technological infrastructure is susceptible to cybersecurity risks and zero day attacks, much like that of influential Western nations, owing to its geopolitical significance.
Recorded Future, a U.S. company specializing in global cyber threat intelligence, provided a comprehensive report on RedEcho’s assault on India’s electrical grid. Starting in mid-2020, a total of 10 power sector organizations and two Indian seaports were selected as intended targets. A recent analysis shows a significant surge of 278 percent in state-sponsored cyber assaults against India from 2021 to September 2023. Among the targeted sectors, services organizations, such as information technology (IT) and business process outsourcing (BPO) enterprises, have seen the biggest proportion of these attacks. During this era, there was a significant surge in cyber assaults specifically aimed at government institutions, with an increase of 460 percent. Similarly, startups and small and medium companies (SMEs) saw a substantial spike of 508 percent in targeted cyber attacks.
As to the 2023 India Threat Landscape Report published by Cyfirma, a cybersecurity firm located in Singapore, India is the primary target of cyber assaults worldwide, accounting for 13.7 percent of all such incidents. India is now facing a greater percentage of cyber assaults inspired by foreign states in comparison to the worldwide average. The origin of these cyber threats has changed in recent years. The majority of cyber assaults against India in 2015-16, around 59 percent, were carried out by threat actors from Pakistan or operators from the Middle East. Currently, Pakistani actors or their associates account for just 6.4 percent of the total threats, while a significant majority of 79 percent originates from China.
Vulnerabilities in India’s Cybersecurity Infrastructure
The fast progression of the digital transformation in India has sometimes led to the implementation of intricate technical infrastructures with inherent susceptibilities. Vulnerabilities in these systems might make them appealing targets for cyber attacks. The fast adoption of technology in India has led to a significant digital footprint and weaknesses in its technical infrastructure, which is why there has been a rise in cyber attacks in recent years.
Due to the government’s efforts to promote a cashless economy, there has been a significant increase in digital payment transactions. This has garnered the interest of hackers who want to capitalize on weaknesses in payment systems and pilfer confidential financial data. The manufacturing, government, and financial sectors saw the most severe impact in the nation, as they faced substantial dangers from malware families such as COIMINER, MIMIKATZ, and POWLOAD. Cybersecurity experts claim that the growing use of big data and artificial intelligence (AI) has resulted in the accumulation of data with the intention of future monetization, hence causing a surge in cyber attacks in India.
Accessible AI Tools
In recent times, the escalating threat to data security, particularly with the compromise of approximately 100,000 ChatGPT accounts, highlights the growing risks associated with AI tools. The increased accessibility and affordability of AI contribute to a surge in cyber threats, exemplified by an 18 percent rise in weekly attacks on Indian organizations during the first quarter of 2023. Notably, the number of bot attacks surged by 48 percent in the second quarter, affecting nine out of 10 websites. Despite the industry’s efforts to develop solutions for testing software quality, attackers find ways to exploit technologies like Metasploit, a tool popular among hackers for providing information on security vulnerabilities.
However, cybersecurity capabilities have also strengthened, as evidenced by the successful thwarting of more than 947 million cyber attacks in India during the second quarter of 2023 out of a global total of 1.1 billion.
2023 saw a 40 percent surge in sophisticated cyber attacks targeting government infrastructure, organizations, and individuals, compared to the previous year. In India, there has been a notable increase in reported ransomware attacks across businesses and organizations of various sizes, driven by the sophisticated use of AI in cyber attacks. According to cybersecurity solutions firm McAfee’s predictions for 2024, the rise of artificial intelligence-generated frauds, such as deepfake media, poses an increased risk of identity theft, phishing scams, and cyberbullying, especially among children. As we enter 2024, McAfee warns that AI will enable cybercriminals to manipulate social media and shape public opinion more effectively using deepfakes — realistic fake videos, images, and audios created through deep learning technology, along with other deceptive tactics.
Opportunities for India
Despite the looming specter of cyber attacks in India, there exists untapped potential and opportunities that the nation can harness to bolster cybersecurity. Collaborative initiatives encompassing capacity-building exercises and confidence-building measures, expanding EU-India cyber interactions, forging new standards for data governance and sharing, judiciously leveraging and regulating AI tools for maximal benefit and heightened security, and utilizing international mechanisms for promoting cybersecurity are avenues that can be explored.
In 2023, India and Japan engaged in pivotal talks, presenting a strategic opportunity for enhanced collaboration in the cyber domain. Assessing progress in cybersecurity and advanced technologies like 5G, the dialogue opens avenues for mutual growth. Strengthening ties in Information and Communication Technologies (ICT) showcases a promising opportunity for India to leverage shared expertise and advancements. Moreover, India’s strides in technological advancements, especially in AI, telecommunications, and emerging technologies, position it as a global leader.
Collaborating with the United States in the Joint Indo-US Quantum Coordination Mechanism offers a unique opportunity. By leveraging shared expertise, India can enhance its cybersecurity capabilities through joint research on quantum, AI, and advanced wireless technologies. The signed implanting arrangement facilitates not only research but also commercialization, fostering public-private collaborations. This collaboration presents India with a valuable chance to fortify its cybersecurity infrastructure by integrating cutting-edge technologies and insights from the partnership.
Finally, in a landmark move, the United States, India, and Taiwan have forged critical ties in the domain of cybersecurity, marking a pivotal workshop under the Global Cooperation and Training Framework (GCTF) in December 2023. Hosted jointly by U.S. Ambassador to India Eric Garcetti, Taiwan’s Representative Baushuan Ger, and former National Cyber Security Coordinator of India Lt. Gen. Rajesh Pant, this event underscored a significant commitment to international collaboration in addressing cybersecurity challenges. Garcetti emphasized the importance of leveraging technology to enhance cybersecurity and protect shared interests in the digital space, highlighting the transformative potential of collaborative efforts.
The workshop, a first-of-its-kind in India, signifies a strategic move toward bolstering the nation’s cybersecurity capabilities. Pant emphasized the critical role of cybersecurity in India’s national security, given its substantial internet user base and smartphone penetration. The collaboration, facilitated by GCTF, becomes an essential platform for India to tap into global expertise and address shared challenges, emphasizing the need for continued partnerships with like-minded nations. This collaboration not only enhances India’s cybersecurity posture but also signifies a collective effort in confronting the evolving challenges of the digital era.
India faces a pressing need to fortify its cybersecurity infrastructure amid a surge in cyber threats and a deficit of skilled experts. Despite strides in technological advancements, vulnerabilities persist, exacerbated by geopolitical significance and the growing influence of AI tools.
While McAfee’s predictions for 2024 highlight the escalating risks, collaborative initiatives with Japan, the United States, and Taiwan provide strategic opportunities. The Global Cooperation and Training Framework (GCTF) workshop and the Joint Indo-U.S. Quantum Coordination Mechanism underscore India’s commitment to international collaboration. To harness these opportunities, India must prioritize skill development, implement effective policies, and leverage partnerships to navigate the evolving cyber landscape effectively.