Adarsh's Guide to Cybersecurity, AI and CAREER Advancement

A recent survey conducted by CyberArk, a global identity security company, has shed light on the increasing challenges faced by Indian organizations. The survey reveals that a staggering 91 percent of the organizations surveyed in India have fallen victim to ransomware attacks within the past year. This marks a significant rise from the 70 percent reported in the previous year’s survey. What’s more alarming is that 55 percent of the affected organizations reported paying ransoms twice or more, suggesting they were targeted in double extortion campaigns.

According to CyberArk’s Report, the combination of challenging economic conditions and rapid technological advancements, including the evolution of artificial intelligence (AI), has contributed to the growth of identity-led cybersecurity risks. The report warns of a compounding effect known as “cyber debt,” where investments in digital and cloud initiatives outpace cybersecurity spending, leaving organizations with an expanding and vulnerable identity-centric attack surface. Unfortunately, many Indian organizations are frugal, when it comes to the matter of cybersecurity.

The report further highlights the upcoming areas of concern for identity and cybersecurity in 2023. A significant finding is that 61 percent of security professionals surveyed anticipate AI-enabled threats affecting their organizations, with AI-powered malware ranking as the top concern. This indicates the need for organizations to prepare for increasingly sophisticated threats leveraging AI technology.

The report summarizes the expectations and concerns of Indian organizations. Shockingly, 100 percent of these organizations anticipate suffering an identity-related compromise in 2023. Factors such as economic-driven cutbacks, geopolitical influences, cloud adoption, and hybrid working contribute to this concern. Among the organizations, 80 percent expect cybersecurity issues arising from layoffs and workforce churn, while 92 percent worry about code and malware injection into their software supply chains.

The report emphasizes that identities, both human and machine, play a central role in nearly all cyber attacks. It reveals that 75 percent of organizations admit their highest-sensitivity employee access is inadequately secured. Notably, India ranks higher in terms of machines having sensitive access compared to humans, with 42 percent versus 38 percent, respectively. Credential access remains the most significant risk, followed by defense evasion, execution, initial access, and privilege escalation.

Business-critical applications such as revenue-generating customer-facing apps, enterprise resource planning (ERP), and financial management software pose the highest risk due to unknown and unmanaged identities that access them. Although 70 percent of organizations have identity security controls in place to protect these applications, third parties like partners, consultants, and service providers are considered the riskiest human identity type, as cited by 44 percent of respondents.

Call For Action: Despite economic pressures and the ever-present need for business efficiency and innovation, organizations must prioritize cybersecurity. Compromising identities remains the most effective way for attackers to bypass defenses and gain access to sensitive data. To prevent the compounding of cyber debt and establish long-term cyber resilience, organizations should focus on building trust, implementing risk-based strategies, and consolidating operations with trusted partners and solutions.

As Indian organizations grapple with the escalating threats of ransomware attacks and identity security risks, it becomes imperative to take proactive measures. By addressing vulnerabilities, securing critical assets, and fostering a culture of resilience, organizations can fortify their defenses and mitigate the impact of cyber threats. The battle against cybercrime requires a collective effort, and it’s crucial for organizations to stay vigilant, adapt to evolving threats, and prioritize cybersecurity to safeguard their future.

Ransomware Playlist: