Latest Technology News Today – Get Latest Information Technology Updates and Services Latest Technology News Today – Get Latest Information Technology Updates and Services 
As we move into 2023, building a cyber-resilient organization against a constantly changing global threat landscape remains difficult for cybersecurity leaders. This cover story analyzes the ways to be prepared, given the intricacy of the threat landscape. Let’s deep dive into the new security challenges and opportunities in 2023 and beyond
India’s technology leadership in the Techade will primarily depend on how effectively enterprises manage cyber security and privacy. India has significant potential for growth and technology leadership in the coming years, however, security and privacy could not be taken for granted.
Sumnesh Joshi, Deputy Director General, Unique Identification Authority of India, Govt of India, highlights the need to visualize the upcoming threats and get ahead of the perpetrators. “It’s a game we need to win.”
He mentions that the role of technology is quite crucial as specified in the Digital India mission to make India a digital economy by 2025. “India is going to lead the world in digital technologies. As we progress digitally, security and privacy have become crucial and not to be taken for granted. There is no meaning of technical progress without security and resilience.”
Joshi states that it is important to identify who owns the data in the current scenario. “Aadhaar has played a significant role in providing a digital identity to every citizen using biometric deduplication. This adds to the layer of security. In fact, given the criticality of the personal data residing with UIDAI, we have taken an island approach to data security.”
However, despite using multiple security approaches, educating the last-mile user across the country with over 1.3 billion population is a massive challenge. “With UPI seeing 8 billion transactions in a month and UIDAI having 60 million Aadhaar authentication per day, we need to see how we can use technology to mitigate any unintended sharing of data by the end-users. We can have a multi-factor authentication process depending on the criticality or worth of the transaction. In fact, in India’s Techade, security and privacy have become much more critical for our tech leadership,” Joshi explains.
Cyber tension adds to the skill gap
With the blurring of our digital and ‘real’ lives with each new technological feat, the surface area for malicious cyber activities is growing more than ever. On the one hand, this is what makes cyber security such a fascinating subject to work in since the journey is always more important than the destination, and each day presents new obstacles. On the other hand, the ever-changing nature of cyber security, along with the significant risk that comes with being poorly protected, creates high-stakes uncertainty in the cyber security scene.
Cybersecurity workers are experiencing unsustainable levels of stress as a result of the high level of uncertainty. The psychological impact of this has a direct impact on the decision-making quality and performance of cyber security leaders and their teams. According to a Gartner report, nearly half of the cyber security leaders will shift positions by 2025, with 25 percent changing roles totally owing to several work-related pressures.
This will very certainly contribute to the expansion of the cybersecurity workforce gap. To fill the worldwide cyber security employment deficit, an estimated 3.14 million specialists are required. According to a recent Fortinet report, 84 percent of firms in India suffer additional cyber risks as a result of unfilled IT roles due to a cyber-skills shortage. Increased breaches are one resulting cyber risk, with 92 percent of firms in India suffering one or more cyber security incursions in the last 12 months, up from 80 percent last year. According to the survey, more than 94 percent of Indian boards support hiring more IT security personnel, highlighting the demand for security talent.
Struggle to get the required support
As per a recent research report from Trellix, Indian CISOs struggle to get the support required to be resilient against cyber attacks.
· Not enough support. All CISOs in India surveyed said they struggle at some level to get support from the executive board for the resources needed to maintain cyber security strength. 62 percent think their jobs would be easier if all employees across the entire business were better aware of the challenges of cyber security. In addition, 30 percent of CISOs cite a lack of skilled talent on their team as a primary challenge.
· The pressure is high. 84 percent of CISOs in India have managed a major cyber security incident once, and 44 percent report this has happened more than once. 84 percent of respondents feel fully or mostly accountable for the incidents and 52 percent experienced major attrition from the Security Operations team as a direct result.
· Working with too many of the wrong solutions. With organizations reporting using an average of 25 individual security solutions, 34 percent say a top hurdle is having too many pieces of technology without a sole source of truth. CISOs can find the number of security solutions available to them overwhelming, unnecessary, and challenging.
· The right solutions would make a difference. 98 percent agree having the right tools in place would save them considerable time. 50 percent want access to a single integrated enterprise tool to optimize security investments.
“Along with their core responsibility of keeping a company and its assets safe, today CISOs in India are fighting stringent IT budgets, scarcity of skilled cyber security professionals, and having the right IT security systems in place. There is simply too much to do with too few resources. To make their lives easier, security leaders must adopt a unified IT security solution that is constantly evolving to protect against the most sophisticated cyber threats along with encouraging a culture of cyber awareness for a resilient organization,” says Mahipal Nair, Managing Director, Trellix India & Vice President/Head of Human Resources APJ.
Widening attacks
Making matters worse, the increase in digitization has had the unforeseen consequence of broadening attack opportunities, giving malevolent actors new avenues to strike. The number of cyber-attacks in India has climbed by 256 percent since 2019, with 1,402,809 incidents reported in 2021, according to the India Computer Emergency Response Team (CERT). The government registered 674,021 cyber occurrences until June 2022, and experts predict that the size and creativity of digital attacks would only increase in 2023.
Phishing has evolved into one of the most common threat vectors used by cybercriminals to breach worldwide enterprises. Year after year, we notice a growth in the number of phishing assaults that are growing more complex. According to a recent report, the majority of modern phishing attacks rely on stolen credentials, and the growing threat from Adversary-in-the-Middle (AitM) attacks, increased use of the InterPlanetary File System (IPFS), and reliance on phishing kits obtained from black markets and AI tools like ChatGPT are all factors. Adversary-in-the-Middle attacks employ tactics that can circumvent traditional multi-factor authentication mechanisms.
Vishing, or voicemail-themed phishing efforts, on the other hand, emerged from SMS or SMiShing attacks. In these Vishing assaults, attackers use authentic voice fragments of the executive team by leaving a voicemail of these pre-recorded messages. The recipients are then coerced into taking action, such as transferring funds or supplying credentials. Vishing attacks have attacked many US-based companies.
Scams on LinkedIn and other job-search websites are also on the rise. Unfortunately, many large corporations will be forced to shrink around 2022 and 2023. As a result, fraudsters used bogus job advertising, websites, portals, and forms to lure in job searchers. Victims were frequently subjected to an extensive questioning procedure, with some even being requested to purchase materials in order to be reimbursed afterward.
Newer threats
Logging in to websites and services utilizing third-party authentication, such as a user’s existing Google or Facebook accounts, has been normal practice in recent years. These trends indicate a widespread desire for convenience, speed, and personalization at every level of the digital journey. These functionalities are frequently enabled by Application Programming Interfaces (APIs), which aid in efficiency and are applicable to practically all firms that perform digital transactions. These APIs, like any web service, can be exploited and abused if not adequately safeguarded, resulting in security breaches and fraud, putting entire digital ecosystems in danger.
According to F5, 74 percent of Indian consumers are willing to give corporations access to personal data in exchange for better utility and customer service, and 93 percent are willing to save sensitive data into websites and applications for a more efficient procedure. API technology may be more vulnerable as a result of rapid data sharing. APIs are quickly becoming an entrance point for security hacks and data breaches since every minor feature is integrated with other applications for a seamless user experience.
Building resilience by design
Adding onto the cyber security conversation and offering a prominent solution, Pushpendra Kumar Gupta, CTO and Global Architects Lead for Global Alliances Presales, Dell Technologies, stressed that amid the high focus on cyber security, the due focus on recovery gets missed out.
“The recovery pillar is the most critical aspect of the entire cyber security framework because no solution is full-proof. As the data is exploding so do the attacks with a 400 percent increase in the number of cyber-attacks,” said Gupta.
He adds that being cyber resilient is letting go of the belief that an organization can create an impenetrable barrier between it and cybercriminals. Instead, cyber resiliency assumes that attacks will happen, and operations will be disrupted so safety precautions must be implemented to respond to and recover from cyber-attacks.
Gupta highlights that almost 93 percent of the companies have 3-5 different clouds. Moreover, almost 75 percent of the data will be on the edge by 2025. “So the attack surface has become unlimited further complicating the security. This scenario would require modern security solutions. What we have been doing in the past will not work.”
He further adds that the modern approach gears down to modernization, hardening, and trusted isolation. “While the majority of organizations are well on track to modernizing their security and DR infrastructure, the hardening of security solutions with encryption, retention lock, and 2-person authentication is still crucial. The idea is to move towards network isolation and air gap approach, and At-Rest analytics,” Gupta elaborates.
Harish Soni, Director – Resiliency and Security Practice, Kyndryl, adds that the change in focus from data protection to data resilience is part of a journey that focuses on business outcomes. “Enterprises have been extensively using traditional tools including backups, DR, and continuous data protection. However, in the current circumstances, we need advanced tools to protect against and enable recovery from cyber disruptions. These can start with immutability and move into more sophisticated capabilities such as vaults and clean rooms.”
Closing notes
On the one hand, 2023 is set out to be a favorable year for cyber security, with privacy-centric policies dominating the regulatory landscape and big technological breakthroughs just around the corner. On the other, a looming recession is forcing companies to cut their cyber security spending. As we move further into 2023, building a cyber-resilient organization against the backdrop of a constantly changing global threat landscape remains a difficult undertaking for cyber security leaders.
