In recent years, cyber security attacks have started to become more prominent and far more vicious. A Tenable Report reveals India's alarming 20% share of exposed data records in 2022, placing the nation in the second position for data breaches.
LocalCircles' August survey indicates that seven in 10 citizens believe their personal data has been compromised. An IBM report from July underscores the soaring cost of data breaches in India, hitting an all-time high of Rs 17.9 crore in 2023, signifying a 28% increase since 2020.
Government platforms like CoWIN and Aadhaar have also experienced security breaches, highlighting the vulnerability of critical data systems. As Cybersecurity Awareness Month concludes, CNBC-TV18 engages with industry experts to dissect key insights from these breaches and explore strategies for safeguarding data and personnel against such attacks.
Robust cybersecurity policies need of the hour
Teja Manakame, Vice President, IT, India, Dell Technologies, noted the inevitability of data breaches, emphasising the urgency of robust cybersecurity policies. He stressed the need for fostering consumer awareness to counter common threats, asserting that resilience against cyberattacks hinges on strong policies and standards.
Zero Trust principles, including vulnerability scanning, employee training, regulatory compliance, and secure development practices, are gaining ground in this shifting threat landscape.
This approach involves continuous vulnerability scanning, employee and customer training, compliance with regulatory mandates, and secure development practices. Dell Technologies, for instance, believes in being committed to helping its customers align with the Zero Trust paradigm through a network of partners and threat management solutions, as per Manakame. Manakame stressed the importance of proactively identifying and hardening attack surfaces, "addressing the time-intensive burden of remediation."
Stronger passwords, employee awareness needed
Furthermore, Mathivanan Venkatachalam, Vice-President, ManageEngine, outlined the key takeaways from data breaches in the previous year. Stolen credentials and vulnerabilities were recurring entry points for breaches, highlighting the need for strong password management policies and employee awareness.
Venkatachalam recommended a layered security approach, combining threat prevention policies with incident response mechanisms and employee awareness programs. He emphasised attack surface reduction, robust incident detection and response, and addressing the human factor as essential components of a holistic cybersecurity strategy.
To support these insights, data from the 2023 Verizon Data Breach Investigations Report was referenced, revealing that "74% of all breaches in 2022 involved a human touch — either by error, use of stolen credentials, or social engineering." This indicates the critical role of employee training and awareness.
Vivek Chudgar, Mandiant JAPAC Head of Consulting at Google Cloud, recommended implementing Two-Factor Authentication (2FA), proactive ransomware preparedness, and scalable security operations platforms to fortify defences against modern threats. Ransomware attacks in the Asia Pacific and Japan region are on the rise. “The Asia Pacific and Japan region accounted for 68% of the total of the 2.29 billion records exposed globally,” Tenable added in its report.
Role of AI-driven security analytics
Finally, Mohammad Wasim, Group VP Technology, Publicis Sapient, pointed out the global financial impact of data breaches, with the average cost reaching $4.45 million in 2023. He highlighted the role of AI-driven security analytics in processing vast volumes of data and providing real-time insights.
Wasim highlighted Publicis Sapient's data security strategy, which prioritises governance and compliance, trade secrets protection, and automation for rigorous checks and balances. He also discussed the potential of Gen AI in democratising AI technology for enhanced cybersecurity.
IBM, in its “Security's annual Cost of a Data Breach” report also stated that companies with extensive use of AI and automation experienced a data breach lifecycle that was 153 days shorter compared to studied organisations that have not deployed these technologies (225 days versus 378 days).
Moreover, studied organisations that extensively deployed security AI and automation saw nearly Rs 9.50 crore lower data breach costs than organisations that didn’t deploy these technologies — the biggest cost saver identified in the report.
However, 80 percent of studied organisations in India have limited (37 percent) or no use (43 percent) of AI and automation.
Vinod Jayaprakash, Cybersecurity Leader at EY GDS, also highlighted the growing sophistication of adversaries and their use of technologies like Cloud, AI, and IoT. EY's global survey identified leading organisations, "Secure Creators," as quicker in detecting and responding to incidents. These organisations emphasise simplifying cybersecurity technologies and addressing cyber risk quantification.
As cyber threats continue to evolve, organisations must adapt, staying ahead of adversaries to protect their data and safeguard their businesses and employees. Cybersecurity Awareness Month serves as a reminder of the ongoing need for vigilance and resilience in the face of digital threats.
First Published: Oct 30, 2023 11:31 AM IST
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
I.N.D.I.A. bloc committed to predictable and stable tax environment: Jairam Ramesh
May 21, 2024 6:33 PM
Exclusive | INDIA bloc will ensure stable policy framework, simple GST, end tax terrorism: Jairam Ramesh
May 21, 2024 5:02 PM
Cong leaders 'failed' to protect party's constitution says FM Nirmala Sitharaman in Bihar
May 21, 2024 4:01 PM
Who will succeed Modi? Oppn thinks Amit Shah will, but PM said this
May 21, 2024 2:38 PM