Rewind 2020: How remote working changed cybersecurity needs in India
Amid the rise in adoption of cloud and rapid digitisation, security has become more critical than ever for enterprises, SMEs and startups in India. As enterprises now have to keep data and processes secure, they also need a robust security framework to accelerate innovation and disruption.
Around 62% of Indian business leaders felt security challenges have changed drastically since the onset of the pandemic, according to a recent survey by tech giant Microsoft. Investments in cloud security are a key priority for 43% of the survey respondents. “The shift to remote work is fundamentally changing security architecture by focusing on identities over perimeter security via zero trust strategies,” the Microsoft report stated.
While enterprises scale up their digitisation significantly, hackers and cybercriminals have also raised their game with techniques and tools that are harder to detect and dodge.
TechCircle identifies four top 2020 trends that changed the cybersecurity landscape in India and will steer the future of cybersecurity in 2021 and beyond.
1. Ransomware attacks get sophisticated
2020 was a year when even cybercriminals transformed their own sophistication routines, adapting to newer and complex methods of attacks such as Ransomware as a Service (RaaS), ‘leave behind a code’, machine learning poisoning and AI fuzzing, among others.
“Even if there is detailed incident response and eradication, the slightest miss will cause the attackers to come back and establish a foothold into the network. So the persistence has become more complicated,” Srinivas Prasad, vice president and security practice head at NTT-Netmagic, told TechCircle.
RaaS hackers have access to these malware for lease, backed with intuitive dashboards and support, whereas with ‘leave behind a code,’ remnants of malicious code are nestled in parts of the user’s hard drive, which get activated later. Other methods that could become popular in 2021 are double extortion, crypto-mining and ethical hacking techniques, courses for which are widely available online.
"Ransomware today first exfiltrates data out of the network and then encrypts it. This puts the customer at risk of not only losing data, but also the data being leaked," Prasad said.
Singapore-based cybersecurity firm Cyfrima said in a recent report that ransomware attacks spiked by 120% between January and November this year. Another report by QuickHeal backed Seqrite showed that in India, Ransomware attacks had increased two-fold in the April-June quarter to 4 lakh instances. The common perpetrators included Maze, Ryuk, Netwalker, Gigabyte, RagnarLocker and others.
Networking major Cisco released its study on cybercrime in India, which found that about 73% of businesses had experienced a jump in cyber threats and alerts since the lockdown in March. To counter the onslaught, 95% of companies have made changes to their cybersecurity policies, while 77% plan to increase their investments in cybersecurity for the future, the Cisco report stated.
Notable cyberattacks this year: Some of the infamous attacks included breach of the likes of edtech platform Unacademy. Over 20 million of its user accounts were breached in January, exposing usernames, SHA-256 algorithmic passwords, email address, full names and other details.
Ticket reservation application RailYatri also suffered an exploitation of one of its un-encrypted servers, with over 7 lakh user data to the tune of 43 GB getting exposed. According to cybersecurity think-tank Cyberpeace Foundation, Chinese hackers targeted millions of Indian online shoppers in October and November, utilising malicious links on WhatsApp as the main dissemination engine.
Other global attacks included the likes of Twitter, which faced a spear-phishing attack in July, with over 130 accounts reportedly compromised—the attackers tweeted these from over 45 accounts.
Video-conferencing sites were also a hot target with Zoom allegedly suffering a breach in over 5 lakh accounts, with the data being placed for sale in the dark web in April this year.
“Encryption algorithms that are now being used, it's not just normal malware, but cryptographic malware. Starting from Wannacry to the Maze ransomware, there has been a lot of shift, and this will keep on increasing,” Karmesh Gupta, CEO and co-founder of WiJungle, a unified network security gateway startup, told TechCircle.
With all the news around an increase in cyberattacks, the message is clearer: companies need to up their guard more than ever.
2. Cloud security gains ground
As 2020 accelerated cloud adoption, the importance of cloud security also took front seat and will continue to be a key priority for CISOs and CIOs going into 2021.
Technology major IBM launched the Cloud Pak for Security platform in 2020 to detect and protect against threats in hybrid cloud environments. “Cloud Pak for Security is built on open, cloud native technologies from the ground up to connect any tool within the security ecosystem,” said Justin Youngblood, vice president at IBM Security, about the new cloud solution, launched in October.
Another security firm, Check Point Software, announced that it has invested in local geo-fenced cloud capabilities in India to help companies keep their cloud workloads safe along with meeting compliance requirements. These are just two of the many cloud security deployments that vendors and buyers have built and are investing in currently.
“Organizations will need to have a strong cyber resilience plan pivoted around a zero trust strategy to manage their needs across identity, security, management and compliance. This means a shift to more robust security tools and protocols, powered by cloud-based threat monitoring and analytics,” Keshav Dhakad, group head and assistant general counsel for corporate, external and legal affairs, Microsoft India, said.
However, there is still poor awareness about the need for cloud security in India. Only 33% of CXO-level respondents in a survey by security firm Sophos said they were worried about convincing senior management on the importance of investments in cloud security.
Only 55% of Indian organisations see cloud security as a joint responsibility between them and cloud vendors, according to Sophos, with 24% agreeing that there is a lack of visibility in their cloud infrastructures.
3. Security takes the pay as you use approach
As Cloud and SaaS go hand in hand, security isn’t far behind in adopting the pay-as-you-use approach. “Security-as-a-Service can help with the maintenance and operationalisation of the security controls, thereby driving security through an SLA-driven program rather than a traditional path of consuming an on-Prem security solution,” wrote Sudeep Das, technical leader, IBM Security Systems, IBM India/South Asia, in an authored post.
Cloud data protection and management solution provider Druva, which has a significant footprint in India, rode the need for enhanced cloud security. It reported a 70% increase in recurring revenue for its data centre workload protection. “The spring of 2020 will be forever remembered as the inflection point of the cloud era when years of planning and discussion transformed into action and massive migration efforts nearly overnight,” said Jaspreet Singh, founder and CEO of Druva. Close to 1,000 companies picked the SaaS-security vendor as an alternative to legacy-based data protection solution providers in the past year.
“There is a huge skills gap in cybersecurity, which is causing organisations to increasingly rely on managed security service providers, security-as-a-service, and similar solutions, so that so that it will be easier for them to focus on their core business functions rather than only on security,” NTT’s Prasad said.
In August this year, MeitY and Nasscomm put out a list of homegrown startups that provide cyber security solutions for the current work from home scenario. The list included SaaS-based security providers such as server-to-server communications provider Cyqurex, Accops with its desktop-as-a-service solution. Others in the list included digital risk monitoring solution provider Cloudsek in Bengaluru, insider threat management solution provider Data Resolve in Gurugram, and analytics-based security solution provider DNIF in Mumbai.
Another Nasscom report showed that the Software-as-a-Service industry in India had grown by 30% year on year to touch $3.5 billion of revenue in 2019-2020. With the numbers expected to hit between $13 billion and$15 billion by 2025, security will be a key imperative.
4. Automation and AI/ML to be security mainstays
As ransomware and hackers attack in more complex and sophisticated ways, conventional methods of detecting cyber-threats are getting obsolete faster. Enterprises will need to harness AI/ML and automation to aid security systems and stay ahead of security threats. AI helps minimise response-times by analysing data from myriad sources of attacks.
“I think if somebody says their solution does threat detection, but they don't utilise AI/ML, it means it is hardly effective. They may be avoiding 2%-5% of the attacks, while 95% of the attacks are not getting prevented,” WiJungle’s Gupta said.
Goldman Sachs-backed cybersecurity organisation Cyfrima was one such company that launched an AI-powered cybersecurity platform, which can help businesses spot threats and decode signals to gain insights. The AI engine even tracks threat indications from the deep/dark web, hackers’ forums and other closed communities, and utilises the feedback to constantly improve its security capabilities.
“ML and AI engines are increasingly helping security analysts to improve detection and response speeds. EDR (endpoint detection and response) technologies is one such example where ML is increasingly used for behavioural analytics for malware detection,” NTT’s Prasad said.
Arishti, a startup in Pune that was also featured on Meity and Nasscom’s list of WFH cybersecurity startups, provides a messaging application based on artificial intelligence and quantum cryptography.
There are many such companies coming up in India focused solely on security. According to the Data Security Council of India’s ‘Indian Cybersecurity Product Landscape 2.0’, the number of Indian product startups focused on cybersecurity has increased from 175 in 2018 to currently more than 225.
The revenues of these startups also witnessed a rise to over $1billion, while the number stood at $475 in 2018, according to DSCI. As the landscape shifts dramatically and threat actors look to take advantage of the situation, enterprises that continue to invest in the right security strategies will reap the safe benefits.
“With cybercriminals and nation-state attacks becoming more sophisticated, a strong industry collaboration is required for sharing threat intelligence and protecting against cyberattacks. It will need multiple parts, but perhaps most important, it must start with the recognition that governments and the tech sector will need to act together,” Microsoft India’s Dhakad said.