2021 and the year before were dominated by cybersecurity breaches and data leaks, albeit with higher intensity and frequency. From corporate data leaks to the leak of critical personal information of Indian citizens, the scenario was further intensified with more businesses activating their online mode of operations.
Till June 2021, The Indian Computer Emergency Response Team (CERT-In) had already observed over 600,000 cyber security incidents in India, of which about 12,000 incidents were related to government organizations. As per 'The State of Ransomware 2021' report by Sophos, 82% of Indian companies suffered a ransomware attack in 2020. Alarmingly, the cost of recovering from the impact of a ransomware attack in India tripled in 12 months, going up from US$1.1 million in 2020 to US$3.38 million in 2021. The report indicates that India is one of the most affected countries witnessing ransomware attacks.
Unfortunately, cybersecurity threats in 2022 will not be any different, with frequent data breaches that continue to plague business operations coupled with the entry of the Omicron variant of Coronavirus. Against this backdrop, there are some critical strategic steps that the CIO and CISO community in India should consider for tackling security roadblocks next year.
Let's begin by understanding the expected impact that key government regulations are likely to have on India Inc. next year. India's new National Cyber Security Strategy, likely to be released in the first half of 2022, will lay down a basic cyber security framework for every business to implement.
In the past, prominent emerging businesses in India have been victims of cyber hacking, exposing their users' data. Ironically, there is still no law to take care of consumers' data and protect their privacy, despite the Government issuing alerts and advisories regarding the data breach incidents. The Personal Data Protection Bill introduced in the Parliament in December 2019 has been approved by the Joint Parliament Committee (JPC). The bill should be tabled in the Parliament soon. On its implementation, any industrial organization collecting customer data will have to comply with the provisions of the Act, especially on misuse of data and audit of data security infrastructure. Additional policies such as guidelines for Cyber Security in Power Sector prepared by the Central Electricity Authority, are scheduled to be issued by the Government of India in 2022. Upon implementation, relevant companies will have to ensure execution to safeguard critical information infrastructure at the national level.
To address key cybercrime and cyber security formats in 2022, CIO and CISO would need to face up to the challenges and ensure cybersecurity systems can pre-emptively address attacks before they become major incidents.
Ransomware attacks will continue to target both business organizations and personal users of the internet. CIO's or CISO's cannot make the mistake of treating ransomware attacks like any other cyber-attack. To prevent a ransomware attack from encrypting data, a CISO will have to use AI/ML-based Anomaly Detection and Malware scanning techniques.Multi-Factor Authentication and AI-based authentication tools will become the order of the day in 2022. Cloud Access Security Broker (CASB) is an excellent counter to ransomware for companies using cloud services for data storage.
More and more companies will accept zero-trust architecture for their cyber security requirements in 2022. Companies will deploy capabilities based on the principle of 'Never trust, Always verify' i.e. treat every user, device, application, workload, and data flow as untrusted. They must be validated before access to an enterprise resource is granted, even for a legitimate operation like encryption. Increased automation of corporate data can eliminate risk points and better support a zero-trust strategy.
As companies become aware of the need for data protection, their leaders are likely to increase the adoption of encryption; which will find its way into organizations' basic cyber security architecture in 2022. This will have a ripple effect, and we can expect newer and updated applications providing data encryption solutions to be launched for businesses in the coming year. One of the most disruptive technologies in decades, blockchain technology will be at the heart of shifting from a centralized server-based internet system to transparent cryptographic networks.
AI has matured from an experimental topic to mainstream technology. As a result, 2022 will see better accessibility of Artificial Intelligence (AI) based tools for creating robust cybersecurity protocols within an organization. In addition, we expect the new lineup of technology tools to be more cost-effective and yet more effective than ever before.
Last but not least, 2022 will see a mix of remote work and on-site physical presence, thereby continuing with the trends of cybersecurity adapted during 2021. Employees hear fewer warnings about cybersecurity in the home setting, making it harder for them to make good security decisions. This is more pronounced, especially with modern Bring Your Own Device (BYOD) arrangements with many asymmetrical devices and networks. Tech leaders will have to ensure the configuration of endpoint management to enable infosec teams to protect organizational data from being accessed from anywhere (internal or external). Additionally, newer techniques such as Digital Distancing will find their way for better cybersecurity in the hybrid work model.
Technology leaders ought to pay close attention to upcoming trends and challenges in the cybersecurity landscape to not just survive but thrive in the future. 2022 is expected to usher in another wave of complexities in the security sector. India-based corporates will have to be prepared to evolve operations to stay ahead of new risks. Industry must build new adaptability and flexibility into their security processes to improve their overall risk mitigation requirements.
Author
Col. Sanjeev Relia (Retd.), Senior Advisor and Head-Cybersecurity Practice at Alea Consulting
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.