The “Cybersecurity Playbook for Partners in Asia Pacific and Japan” report highlights significant risks as AI-driven cyberattacks, credential theft, and complex ransomware attacks surge. Bhaswati Guha Majumder of CXO News and APAC News Network investigates the threats and how the DPDP Act 2023 can mitigate the challenges.
In its latest “Cybersecurity Playbook for Partners in Asia Pacific and Japan,” Sophos has unveiled concerning findings about the cybersecurity resilience of Indian businesses. Conducted by Tech Research Asia, the study reveals that only 39% of Indian companies feel prepared to withstand a prolonged ransomware event. This vulnerability highlights significant risks as AI-driven cyberattacks, credential theft, and complex ransomware attacks surge.
Sophos reports that Indian firms are particularly wary of cyber threats amplified by AI and credential theft, with 18% identifying AI-augmented attacks as a primary concern. Other threats include account takeovers and phishing, which exploit the growing digital footprints of enterprises.Â
To tackle these issues, Indian businesses are focusing on key areas like financial operations, digital transformation, risk management, and marketing. Currently, 70% of organizations have implemented a cloud security strategy, and 56% are investing in AI-enhanced security systems. Yet, gaps remain evident: only 49% of firms have adopted security maturity frameworks, and just 44% meet security standards.
Sunil Sharma, Sophosâ Vice President of Sales for India and SAARC, commented on the evolving cybersecurity landscape, stating: âIndiaâs AI mission is taking shape as enterprises view it both as a powerful ally and a potential threat. The significant increase in cybersecurity budgets reflects a commitment to protecting Indiaâs digital infrastructure. Investments in threat detection, incident recovery, and data protection showcase a proactive stance, highlighting a readiness to address AI-driven cyber challenges.”
Despite these investments, Sharma noted, companies still face challenges in dealing with prolonged cyber threats. Many lack sufficient in-house skills, with 45% planning to outsource cybersecurity and 49% looking to upskill through partner-supported training. In line with these needs, Sharma observed an opportunity for Managed Security Service Providers (MSPs) to deliver tailored solutions, as 71% of Indian businesses already employ three or more vendors to meet their diverse security requirements.
In light of rising cyber risks, Indian organizations are adopting global frameworks like the NIST Cybersecurity Framework and Cloud Control Matrix (CCM) to bolster defences. The study found that nearly all (98%) respondents are tightening performance standards and SLAs, particularly with vendors that have experienced breaches, emphasizing a zero-tolerance approach to vendor vulnerabilities.
DPDP Act, 2023
The report noted that the government has made proactive efforts to counter cyber threats through the Digital Personal Data Protection (DPDP) Act 2023, designed to safeguard Indiaâs personal data from unauthorized retention, use, and distribution. But the delayed formulation of specific rules under the Act may be slowing progress in strengthening Indiaâs cybersecurity posture. Â
However, Ravindra Baviskar, Director of Sales Engineering at Sophos commenting on the DPDP Act, emphasized the importance of in-country data storage and long-term data retention for incident investigations. Baviskar stated, âThe delay in DPDP guidelines isnât helpful, but vendors must collaborate on recommendations. A clear mandate on cross-border data transfer and enhanced log retention could strengthen defences. Cert-Inâs current 180-day mandate could ideally extend to one year, given the critical role data plays in incident response.”
He further highlighted the need for organizations, especially in government sectors, to consider outsourcing cybersecurity operations. “Offloading cybersecurity management allows continuous monitoring and better defence against nation-state attacks, a rising concern in todayâs threat landscape,â Baviskar added.
Meanwhile, Sharma stated: “The government is doing their best to what they can. But the best thing is that we need to protect ourselves first. Instead of waiting for the guidelines to come up, I think we need to know what we are supposed to be doing with our organization, with our data and how we can protect that.”
Indiaâs cybersecurity landscape is marked by an unprecedented 46% year-on-year increase in attacks, with malware and ransomware posing threats across sectors like automotive supply chains, government, and education. In the first half of 2024, nearly 600 cybersecurity incidents were reported, with data breaches impacting millions. To address these challenges, the DPDP Act 2023 aims to secure personal data from unauthorized usage and distribution, a timely intervention given Indiaâs projected 5% share in the global cybersecurity market by 2028.
Sophosâ report concludes that Indian businesses are recognizing the importance of robust cybersecurity partnerships, with demand for managed security services on the rise. As adversaries continuously evolve, particularly through AI and credential theft, Indian enterprises are seeking MSPs that can align technical expertise with business needs.
Also Read: Govtâs ChipIN Centre Extends Submission Deadline for MPW Shuttle-1 Design Fabrication
Discussion about this post