Mandar Kulkarni ,
National Security Officer (India & South Asia),
Microsoft,
In the ever-evolving digital era, India stands at a critical juncture of technological advancement and cybersecurity challenges. The rise in cyber threats, ranging from ransomware and phishing attacks to sophisticated nation-state operations, underscores the necessity for robust cybersecurity framework. This article delves into the multifaceted cybersecurity threat landscape in India, drawing insights from the Microsoft Digital Defense Report (MDDR) 2024, ENISA Threat Landscape 2024, Global Cybersecurity Index 2024, IBM X-Force Threat Intelligence Index 2024, and other key sources and also presents recommendations on how we can address these challenges.
Historical Context of Cybersecurity Threats in India
India has faced several Cyberattacks in the past with ransomware and DDoS being most prevalent ones. Below are couple that remained in our memory for the last few years.
The Wannacry Ransomware Attack
The Wannacry ransomware attack in 2017 serves as a stark reminder of the devastating impact of cyber threats. Affecting numerous organizations in India, particularly in healthcare and manufacturing sectors, the attack highlighted the importance of timely patch management and vulnerability assessment. It underscores the need for regular security updates and robust incident response plans to mitigate the impact of such attacks.
The SolarWinds Supply Chain Attack
Discovered in 2020, the SolarWinds supply chain attack underscored the vulnerabilities in third-party software and the importance of securing the supply chain. Indian organizations that relied on SolarWinds software were also impacted by this breach. This attack highlighted the need for comprehensive supply chain risk management frameworks and continuous monitoring of third-party vendors to detect and mitigate potential threats.
Type of Threat Actors
We are dealing with 6 type of threat actors:
• The Nation State – most impactful attackers, with all the resources and motivation.
• Script Kiddies – Limited skills, use offensive tools, resourceful but careless.
• Security Researchers – Bug bounty hunters, researchers, academics, etc. They end up creating tools and are most vocal.
• Fraudsters – financially motivated, creators of ransomware / malicious sites, spammers.
• Compromised Employees – Rogue employees or employees with compromised devices, ex-employees.
• Hacktivists – politically or socially motivated, leakers, very collaborative.
Current Cybersecurity Threat Landscape
What we are dealing with now is a very sophisticated threat landscape. Some of the key threats are:
Advanced Persistent Threats (APTs) and Nation-State Actors
Advanced Persistent Threats (APTs) have become a significant concern for Indian cybersecurity. Nation-state actors, often motivated by espionage and intellectual property theft, have been increasingly targeting critical infrastructure in India. The Global Cybersecurity Index 2024 highlights that state-nexus actors are well-funded and sophisticated, making them formidable adversaries.
India has witnessed a marked increase in the sophistication and frequency of Advanced Persistent Threats (APTs). These threats are characterized by their ability to infiltrate and remain undetected within networks for prolonged periods. According to the MDDR 2024, APT groups originating from nation-states are increasingly targeting critical infrastructure in India, including energy, telecommunications, and financial services. These groups employ techniques such as zero-day exploits, spear-phishing, and social engineering to gain access to sensitive data.
Ransomware and Extortion
Ransomware remains one of the most pervasive threats in India’s cybersecurity landscape. The IBM X-Force Threat Intelligence Index 2024 highlights a significant rise in ransomware attacks, with attackers employing more sophisticated encryption methods and double extortion tactics. Sectors such as healthcare, manufacturing, and education have been particularly affected, with ransomware groups demanding exorbitant ransoms to decrypt data and prevent the public release of sensitive information. As per Microsoft Security Research, in 92% of successful ransom attacks, the attacker had to go through unmanaged devices that were on the network we witnessed. We witnessed a 2.75X increase year over year in human-operated ransom-linked encounters, but a threefold decrease in ransom attacks reaching the encryption stage over the past two years. So certainly, two things seem to be working well against ransomware:
• The implementation of automatic attack disruption means attacks are being stopped early in the process
• The effectiveness of enrolling devices into management or excluding unmanaged devices from the network.
Supply Chain Attacks
Supply chain attacks continue to pose a significant threat. The MDDR 2024 details incidents where backdoor codes were introduced into widely used software, compromising the security of numerous organizations. The ENISA Threat Landscape 2024 also stresses the importance of securing software development processes and ensuring the integrity of software updates. Actors like Midnight Blizzard also targeted the IT sector, suggesting it was in part planning supply chain attacks to gain access to these companies’ client’s networks for follow-on operations.
Phishing and Social Engineering
Phishing attacks continue to be a major concern for Indian organizations. These attacks exploit human vulnerabilities by tricking individuals into divulging confidential information such as login credentials and financial details. The Radware Global Threat Analysis Report 2024 indicates a rise in phishing attacks, often leveraging current events and crises to lure victims, with attackers employing more sophisticated encryption methods and double extortion tactics. Social engineering tactics have also become more sophisticated, making it imperative for organizations to invest in regular training and awareness programs. The widespread adoption of remote work has further exacerbated this issue, as employees are more susceptible to phishing attacks outside the controlled environment of corporate networks.
When it comes to phishing lures, 54% of phishing campaigns targeting consumers impersonated software and online service brands. By compromising consumer accounts on these platforms, attackers seek to exploit their targets’ social media, cloud storage, email, e-commerce, and more. India saw a variant of impersonation as Digital Arrests where fraudsters are impersonating Law Enforcement agents.
Microsoft observed a surge in election-related homoglyph domains delivering phishing and malware payloads. It believes that these domains are examples of cybercriminal activity driven by profit and reconnaissance by nation-state threat actors in pursuit of their own political objectives. Homoglyph domains are fraudulent domains that exploit the similarities of alphanumeric characters to create deceptive domains to impersonate legitimate organizations.
Insider Threats
Insider threats, both malicious and unintentional, pose a significant risk to Indian enterprises. The Global Cybersecurity Index 2024 points out that insider threats can stem from disgruntled employees, contractors, or partners who have legitimate access to critical systems and data. Additionally, negligent employees who fall victim to phishing attacks or mishandle sensitive information can inadvertently compromise organizational security.
Emerging Cybersecurity Trends
Quantum Computing and Its Implications
Quantum computing, while still in its nascent stages, poses both opportunities and challenges for cybersecurity. The potential to break traditional encryption algorithms is a significant concern, necessitating the development of quantum-resistant encryption methods. The ENISA Threat Landscape 2024 highlights the importance of investing in research and development to prepare for the quantum era and ensure the resilience of cryptographic systems.
5G Technology and Its Security Implications
The rollout of 5G technology promises to revolutionize connectivity and enable a new wave of digital transformation. However, it also introduces new security challenges, particularly in terms of securing the expanded attack surface. The Global Cybersecurity Index 2024 emphasizes the need for robust security standards, continuous monitoring, and collaboration between telecom operators, device manufacturers, and regulators to address the security implications of 5G technology.
Internet of Things (IoT) and Operational Technology (OT)
Threat actors exploit OT devices to do everything from accessing critical and operational networks, to enabling lateral movement, establishing a foothold in a supply chain, or disrupting the target’s OT operations. The proliferation of Internet of Things (IoT) devices has expanded the attack surface for cyber threats. IoT devices, often deployed with insufficient security measures, can be exploited to launch distributed denial-of-service (DDoS) attacks, infiltrate networks, and exfiltrate data. The Global Cybersecurity Index 2024 emphasizes the need for stringent IoT security standards and continuous monitoring to mitigate these risks. Security of IoT (Internet of Things) and OT (Operational Technology) has not kept pace with other IT hardware and software.
Artificial Intelligence and Machine Learning
Artificial Intelligence (AI) and Machine Learning (ML) are increasingly being leveraged for both offensive and defensive cyber operations. The IBM X-Force Threat Intelligence Index 2024 discusses the rise of AI-driven malware and the use of ML for threat detection and response. The report suggests that while AI can enhance cybersecurity defences, it also poses risks as threat actors adopt AI to automate and scale their attacks. Behind every bot is a real person. As AI is increasingly used to help people get more efficient, threat actors are learning that they can use the same AI efficiencies as a force multiplier in their targeting efforts.
The same benefits that AI gives to defenders, it can give to attackers. AI has been observed enabling threat actors to do more sophisticated (thorough and detailed) research on high value targets in a fraction of the time it would otherwise have taken. While AI defensive tools will neutralize some of this risk, organizations need to create and deploy AI infrastructure.
The Rise of Hacktivism
Hacktivism has gained momentum, with groups leveraging cyber-attacks to promote political and social causes. The Radware Global Threat Analysis Report 2024 highlights the activities of hacktivist groups targeting Indian government and corporate websites. These attacks often involve Distributed Denial of Service (DDoS) attacks, website defacements, and data breaches.
Recommendations for Strengthening Cybersecurity
Adopting a Multi-Faceted Approach
As India continues its digital transformation journey, it is imperative to adopt a multi-faceted approach to cybersecurity that includes technological innovations, robust policies, continuous training, and international collaboration. Leveraging insights from major cybersecurity reports and implementing proactive strategies can enhance India's resilience against cyber threats. Effective threat intelligence is crucial for proactive cybersecurity. By gathering, analysing, and sharing information about potential threats, organizations can better anticipate and respond to attacks. The ENISA Threat Landscape 2024 underscores the importance of collaboration between industry, government, and academia in building robust threat intelligence frameworks
Adopting a Zero-Trust Security Model
The zero-trust security model, which operates on the principle of “never trust, always verify,” is gaining traction as an effective strategy to counter advanced cyber threats. This approach requires continuous verification of user identities, device integrity, and network activity, irrespective of whether the users are inside or outside the corporate network. The MDDR 2024 highlights the benefits of zero-trust architecture in preventing unauthorized access and minimizing the impact of breaches. The cornerstone of any resilience plan is to limit impact of an attack on an organization using:
• Explicitly verify. Ensure users and devices are in good state before allowing access to resources.
• Use least privilege access. Allow only the privilege that is needed for access to a resource and no more (Just Enough Access / JEA). Allow access only for the time required (Just in Time / JIT).
• Assume breach. Assume system defences have been breached, and systems may be compromised. This means constantly monitoring the environment for possible attack.
Strengthening Identity and Access Management (IAM) and Enable Multi-factor Authentication
As enterprise boundaries are blurred due to use of Cloud, IT supplier and vendors, APIs, etc, identities have become new security frontier. For many years now, Password attacks constitute the most identity related attacks, approximately 99% and MFA blocks most of the password-based attacks, making is single most important solution to deploy in any organization. MFA protects against compromised user passwords and provides extra resilience to identities,
Identity and Access Management (IAM) plays a critical role in protecting sensitive information and ensuring that only authorized individuals have access to critical systems. The IBM X-Force Threat Intelligence Index 2024 highlights the growing importance of IAM in mitigating the risks associated with credential theft and unauthorized access. Implementing multi-factor authentication (MFA), role-based access control (RBAC), and continuous monitoring of user activities are essential components of a strong IAM strategy.
Implement Robust Data Security measures
As organizations create and deal with an ever-increasing amount of data, accountability for that data is becoming crucial, as is data security.
• In our experience, the most successful data security implementation strategies consider visibility, risk detection, classification, labeling, data protection, and data leakage prevention
• A comprehensive data security policy must be dynamic and consider both data and user context so that organizations can balance protection and productivity
• AI can help define the data perimeter and help data management, but it can also result in overexposure
• Implement data security and privacy tools – regulations like EU GDPR and India DPDPA makes it even more imperative.
Use of Extended Detection and Response (XDR), SIEM and antimalware solutions
Implement solutions to detect and automatically respond to block attacks and provide insights to security operations (SOC). Monitoring insights from threat detection systems is essential for being able to respond to threats in a timely manner. Security Information and Event Management (SIEM) has become a critical part of Cybersecurity. SIEM collects, aggregates, and analyses large volumes of data from organization-wide applications, devices, servers, and users in real time. By consolidating this vast array of data into a single, unified platform, SIEM solutions provide a comprehensive view of an organization's security posture, empowering security operation centers (SOC) to detect, investigate, and respond to security incidents swiftly and effectively.
Enhancing Supply Chain Security
Securing the supply chain is critical to mitigating the risk of supply chain attacks. Organizations should implement comprehensive supply chain risk management frameworks and continuously monitor third-party vendors. The MDDR 2024 recommends conducting regular security assessments and ensuring the integrity of software development processes.
Investing in Quantum-Resistant Encryption
Regulators, Institutions and Organizations should start exploring and implementing quantum-resistant cryptographic algorithms to safeguard their data. World over, experts and regulators are working on post-Quantum cryptographic standards. In July-2024, NIST announced first four Quantum-Resistant Cryptographic Algorithms. The four selected encryption algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.
Addressing 5G Security Challenges
The security of 5G networks is paramount as they become the backbone of future digital infrastructure. The Global Cybersecurity Index 2024 recommends establishing robust security standards, conducting continuous monitoring, and fostering collaboration between telecom operators, device manufacturers, and regulators. Implementing these measures can help address the security challenges posed by 5G technology.
Leveraging Artificial Intelligence for Defence
Artificial Intelligence and Machine Learning can be powerful tools for enhancing cybersecurity defences. The IBM X-Force Threat Intelligence Index 2024 suggests using AI-driven threat detection and response systems to identify and mitigate threats in real-time. The frequency and severity of cyberattacks have increased significantly in recent years. Addressing large volumes of attacks requires automation engines beyond the current rules-based approach. But volume isn’t the only thing changing. There is also a huge growth in the types and complexity of attacks. Generative AI allows defenders to use the narrative context of the threat as a qualifier to defensive actions and remediation. Instead of classifying an alert into a known set of categories, the differentiation is now built from all surrounding contextual information, with remediation dependent on the factual findings and not by abstraction into a bucket (categorization). The “automated ingenuity” of generative AI can be applied broadly across the defence chain, from initial detection of anomalies to prompt triage and response, by:
• Enabling persistent systems to monitor for anomalies longer and in more detail than human systems
• Centralizing, transforming, and sharing data efficiently
The application of AI for defence brings a much-needed resources to cybersecurity teams already operating at their limits
• On average it takes 277 days to identify and contain a breach
• In a 2023 study, novice users were able to perform 26% faster and were 44% more accurate using Copilot for Security.
Building a Culture of Cybersecurity Awareness
Human error remains a significant factor in cybersecurity breaches. Building a culture of cybersecurity awareness through regular training and awareness programs is crucial. Organizations should educate employees about the latest threats and best practices for protecting sensitive information. The Radware Global Threat Analysis Report 2024 underscores the importance of phishing simulations and social engineering awareness training.
The Journey Into Industry
Mandar is an Industry Leader in the areas of Cloud, Datacenter, Security, Digital Transformation, IT Service Management, Hybrid / Edge, Disaster Recovery/BCP and Artificial Intelligence. He has delivered complex IT solutions for large organizations in India and overseas, over last 27 years. Mandar is currently National Security Officer at Microsoft for India and South Asia. In this role, Mandar works with National Cybersecurity agencies to build capabilities to be at the national level cyber-safe and resilient, as well as prepare for the next generation of attacks and effectively mitigate current threats. He also leads Microsoft’s local compliance and certification strategy for Cloud and AI. His charter is to keep the country, citizens, customer and company safe working closely with Cybersecurity, Cyber defense, Cybercrime and regulatory ecosystem in India and South Asia to enhance both technology and policy framework of these agencies.
Earlier, Mandar led building and go-to-market of Microsoft’s cloud services in India, including rolling out of new datacenters, Azure, Office365, Dynamics CRM and Hybrid Cloud business. He also performed various leadership roles at Microsoft including Leading Customer Success Function at Azure Infrastructure, Modern Work, Business Application, Security, Digital Applications and Data and AI for manufacturing and conglomerates, leading Specialist Solutions Sales Team for Azure, led Azure Hybrid Cloud Business and spearheaded Technology transformation of Microsoft’s partner ecosystem as Partner Technology Lead.
Before joining Microsoft, Mandar was Chief Product Officer at Jio Platforms Ltd. – India’s leading Digital and Telecommunications Services company, helping them build India’s largest cloud portfolio from Edge to Multi-Cloud, from Sensors to SaaS.
He has 27+ years of experience in performing leadership roles in Strategy, Engineering, Product Management, Sales Leadership, Solutions, Operations and Delivery. His key areas of strength are creating new products & services and building a scalable organization to support growth of these. His expertise is processes improvement, technology solution architecting and strong emphasis on automation.
His earlier assignments were as Senior Vice President at Netmagic Solutions, part of NTT Communications group, Tata Communications, CyberTech / Corliant (acquired by Accenture), Indian Express, etc. He has done his education including various professional courses from prestigious institutions like University of Pune, IIM-Kolkata, The Wharton School, University of Texas McCombs School, etc. He has numerous industry certifications from Microsoft, Cisco, Security and is a certified lead Information Security auditor.
Mandar is a sought-after speaker on Security, Cloud, AI, Edge, DR/BCP, IT Service Management and automation in India, have spoken at many industry events and have authored many white papers and articles in these areas. He has been visiting industry expert at management institutions like SP Jain Institute of Management and Research, HVPM Collage of Engineering and other institutions.
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
