Cyber state: Indian organizations expect to suffer much from identity-related compromise in 2023

Indian organizations have suffered so many cyberattacks that they totally expect more attacks in 2023.

According to the CyberArk 2023 Identity Security Threat Landscape Report, 91% of Indian organizations surveyed experienced ransomware attacks in the past year with 100% of them expecting to suffer identity-related compromise in 2023. Moreover, 61% anticipate AI-enabled attacks, and 80% expect layoffs and workforce churn to create new cybersecurity issues.

Read more: Beware the ChatGPT imposter: Android malware pretending to be ChatGPT

92% of Indian organizations feel code/ malware injection into their software supply chain is one of the biggest security threats their organizations face. Expanded Identity-Centric Attack Surface Identities, both human and machine, are at the heart of all, or nearly all, attacks. Three-fourths of identities in Indian organizations require sensitive access to perform their roles and are a favored attack vector as a result. The report found that critical areas of the IT environment are inadequately protected and identifies the identity types that represent significant risk.

75% say the highest-sensitivity employee access is not adequately secured and India ranks higher in numbers of machines that have sensitive access than humans as compared to global findings (42% vs. 38%). 

This calls for companies to be on alert when it comes to cybersecurity. Lt Gen (Retd.) Dr. Rajesh Pant, AVSM, VSM National Cyber Security Coordinator, National Security Council Secretariat of India, Government of India, said as much at the 17th India Digital Summit, organised by the Internet and Mobile Association of India (IAMAI), in association with Google and MessageBird, on February 20-21, 2023.

In the future, once 5G comes, we expect the 5 billion internet users to reach 25 billion by the end of this year and therefore, companies must invest in security. Never compromise on the security part

. Lt Gen (Retd.) Dr. Rajesh Pant, AVSM, VSM National Cyber Security Coordinator, National Security Council Secretariat of India, Government of India

“Companies should invest more than 10% of information technology assets in cybersecurity. In the future, once 5G comes, we expect the 5 billion internet users to reach 25 billion by the end of this year and therefore, companies must invest in security. Never compromise on the security part,” he said.

Speaking of the ‘splinternet’ concept, Dr. Pant pointed out, “Because of this splinternet and lack of cooperation between nations, the criminals are taking advantage as there are no international laws and regulations which help the agencies for solving cybercrimes.”

It’s no wonder that cybersecurity has become priority for tech companies, especially after the Western Digital breach in April.

Read more: Atomic Wallet crypto breach, ‘a testament to the risk associated with single point failure system’

Following such incidents, a push for zero trust in the market. In May, Cloudflare, Inc. (NYSE: NET), tied up with Kyndryl Holdings, Inc. (NYSE: KD), an IT infrastructure services provider, to help enterprises modernize and scale their corporate networks with managed WAN-as-a-Service and Cloudflare Zero Trust.

“We have witnessed how enterprises are grappling with legacy hardware while introducing more and more cloud-based applications. As time goes on, this is only holding back business, limiting innovation potential, and increasing network security risk,” said Matthew Prince, co-founder and CEO of Cloudflare.