2022 was an eventful year and based on what we have seen to date, 2023 promises to be an exciting year full of challenges and opportunities. Here are some of our cybersecurity predictions for the coming year:
1. The expanding digital ecosystem will pose more significant Risks: An ever-expanding digital landscape has increased the attack surface considerably. With every new digital platform, there are new risks involved. India currently leads the world in real-time transactions. A report by the Boston Consulting Group predicts that India’s digital payments market will expand more than threefold from the current 3 trillion dollars to US$10 trillion by 2026. India will increasingly be in the crosshairs of international hacking groups, who will be attracted to its fast-expanding digital population. Companies from the public and private sectors must be highly vigilant and adopt the latest tools, technologies and processes to improve their security posture.
2. Increased attacks on critical infrastructure: Attackers will continue to carry out attacks on critical infrastructure as these have proven to be the most profitable. No country is immune. This year in India, we witnessed attacks on the power grid outage in Mumbai and the flood monitoring system at Goa’s water resource department. As more critical infrastructure gets connected, we can expect attacks on critical infrastructure to grow in scale and number.
3. New regulations will strengthen organisations’ cybersecurity posture: In April this year, India’s Computer Emergency Response Team (CERT-IN) issued a new mandate that requires businesses to report any cybersecurity incidents within six hours of their occurrence. As a result, organisations must continuously re-evaluate their internal and external cybersecurity controls and make sure security processes are in place.
4. Rise of the Metaverse can pose new security challenges: The potential of the Metaverse has encouraged many Indian companies to showcase their products and solutions there. However, the Metaverse is still an emerging and nascent space with no structured best practices or regulations to protect security or privacy. Enterprises must be vigilant in creating a secure ecosystem that guarantees the confidentiality and security of its users.
5. Ransomware as a Service and the professionalisation of cybercrime will grow the scale and volume of ransomware attacks: The availability of ransomware kits today allows less-skilled cybercriminals to carry out ransomware attacks. Would-be attackers can simply browse a marketplace; fill their carts with cheap lists of stolen credentials and cookies or off-the-shelf ransomware, phishing and exploit kits and check out –without any attack legwork required. Some newer attackers have also been using the tools and guidance of more experienced hackers.
In India this year, CERT-In reported that ransomware attacks jumped 51% in the first half of this year. Besides factors such as remote work and digitisation, the report cited ransomware as a service, as a key reason behind these attacks.
Rohan Vaidya, Regional Director, India & SAARC at CyberArk