Home »  blog »  Unveiling-the-Future--Cymulate---s------Predictions-in-Cybersecurity-and-Technology---By-Shailendra-Shyam-Sahasrabudhe--Country-Manager--India--UAE-and-South-East-Asia--Cymulate-Ltd

Unveiling the Future: Cymulate’s 2024 Predictions in Cybersecurity and Technology - By Shailendra Shyam Sahasrabudhe, Country Manager, India, UAE and South East Asia, Cymulate Ltd

In anticipation of the cybersecurity landscape in 2024, organizations are gearing up to face new challenges and regulations. Earlier this year, Gartner anticipated that end-user spending on security and risk management in India would reach $2.65 billion in 2023, reflecting an 8.3% increase from 2022.

This upswing is attributed to the growing adoption of digitalization and cloud infrastructure, coupled with mounting apprehensions about the escalating number of ransomware attacks. While China, Iran, North Korea, and the US continue to dominate the global threat landscape, India has also witnessed a notable rise in cybersecurity incidents.

Threats to the Region Continue to Rise

Whether facing ransomware or state-sponsored attacks, India emerged as the primary target for cybercriminals in 2023. According to CYFIRMA's India Threat Landscape Report 2023, it stands as the most targeted country, accounting for 13.7% of all attacks, followed by the US at 9.6%, and Indonesia and China at 9.3% and 4.5%, respectively.

Stringent government measures on digital data protection and security breach reporting are compelling Chief Information Security Officers (CISOs) to augment their spending on security and risk management in 2023. Despite these efforts, cyberattacks in India are on the rise. In what could potentially be the most extensive data breach in the country, the data of approximately 81.5 million Indian citizens from the Indian Council of Medical Research (ICMR) was reportedly compromised. 

New Regulations

2024 is poised to witness a cascade of changes triggered by newly adopted SEC regulations. States like California and New York have led the charge in implementing their own rules, with other local governments in other countries expected to follow suit.

A similar situation is likely to play out in India where the focus will particularly intensify on data control and privacy. Moreover, countries with securities and exchange regulatory bodies will roll out their regulations, demanding stringent notification schedules and detailed annual reports. And Indian companies will have to follow this trail.

AI Will Take Centre Stage

No matter if an organization loves or loathes the growth of Artificial Intelligence, it will become a part of cybersecurity – both in terms of defense and threat activity alike. Threat actors will continue to utilize generative AI systems to enhance their ability to create realistic and difficult to detect phishing, scam texts, and potentially even voice interactions.  Anti-malware and other defensive platforms have been utilizing AI to create better predictive and analytic algorithms to detect malicious activities as they occur. Both areas of advancement look to be likely to continue and accelerate in the year to come.

Legal Landscape Will Take Centre Stage

Following the conviction of Uber’s former CSO and SolarWinds receiving two Wells Notices, law firms are expected to escalate individual and class-action lawsuits. Organizations facing perceived or actual harm may find themselves entangled in legal battles as law practices become more proactive in seeking damages.

Countries worldwide are projected to introduce their security and exchange regulations to tighten their cybersecurity frameworks, enforcing strict notification schedules and comprehensive annual reports. The Securities and Exchange Board of India (SEBI) has established a cybersecurity mechanism to prevent cyber threats and attacks at stock exchanges and clearing corporations. These measures aim to enhance the resilience of the market infrastructure, and other sector are expected to take this lead.

Accelerated Conversations on Cybersecurity at Leadership Levels

In 2024, senior leadership and board-level discussions around cybersecurity will gain unprecedented momentum. The SEC's new regulations will be a focal point of these conversations, as organizations grapple with what it takes to comply and shield leadership and board members from federal crimes indictment.

Boards play a crucial role in fostering and cultivating a culture of cybersecurity excellence, particularly within the leadership team they interact with directly. When engaging in discussions about cybersecurity at the board level, it is inevitable to involve the CISO or the senior executive overseeing cybersecurity within the organization.

40% of Indian cybersecurity teams are understaffed, according to the State of Cybersecurity 2023 report by ISACA with 54% of organisations having job openings for non-entry level roles, compared to 20% with job openings for entry-level positions. This underlines that Indian companies will focus on bridging the talent gap zeroing in on soft skills, cloud computing and security controls.

However, rather than concentrating solely on the cybersecurity program, it is essential to broaden the conversation to highlight how cybersecurity contributes to supporting other crucial components of the organization.

LOOKING BACK TO PLAN AHEAD

Before delving into the future, it's crucial to reflect on the accuracy of predictions made for 2023. Cymulate's foresight last year anticipated key trends, and the outcomes showcase the dynamism of the cybersecurity landscape.

1. Operating Systems as Prime Targets

Prediction: Operating systems would be prime targets in 2023, with attackers exploiting fundamental issues and legacy components.

Results: In 2024, attackers are likely to exploit fundamental issues and legacy components in operating systems due to two key reasons: outdated security measures and widespread system dependencies. Legacy components, often present in long-standing operating systems, may harbor known vulnerabilities that haven't been adequately addressed through updates or patches. Attackers can leverage these weaknesses to compromise systems easily.

Moreover, fundamental issues arise from the core design and architecture of older operating systems, making them susceptible to modern cyber threats. As technology advances, new attack vectors emerge, and legacy systems may lack the necessary security features to counter these evolving threats. Attackers target these inherent vulnerabilities to gain unauthorized access, execute malicious code, or launch sophisticated attacks.

The combination of outdated security measures, unaddressed vulnerabilities in legacy components, and fundamental design flaws makes operating systems lucrative targets for cyber attackers in 2024.

2. Rise in Abuse of Secrets and Elevated Accounts Management

Prediction: Successful attacks exploiting flaws in secrets and elevated accounts management would surge in 2023.

Results: Almost every day, a new headline surfaces, revealing yet another significant data breach. However, many such incidents go unnoticed, mainly because organizations lack the expertise to detect them. The recent validation of Cymulate's prediction came through phishing attacks, specifically targeting Microsoft Teams.

Threat actors capitalized on vulnerabilities in collaboration tools, contributing to a rise in cyber threats. In an Indian context, these incidents underscore the need for heightened cybersecurity awareness and robust measures to protect against evolving threats in the digital landscape.

3. Improved Omnichannel Phishing and MFA Bypassing Techniques

Prediction: Phishing attacks would evolve with improved omnichannel techniques in 2023.

Results: A recent report from Acronis highlights ransomware as the foremost threat confronting small and medium-sized businesses in India. Although there has been a decline in the creation of new ransomware variants, the gravity of ransomware attacks remains a substantial concern.

Moreover, the emergence of data stealers presents a troubling threat, as these malicious actors leverage pilfered credentials to gain unauthorized access to sensitive information. Non-email-based phishing techniques have seen a notable increase, with attacks targeting popular social media platforms, aligning with the earlier predictions. This underscores the pressing need for Indian businesses to fortify their cybersecurity measures and stay vigilant against evolving threats in the digital landscape.

4. Prevalence of Off-the-Shelf Attack Tools

Prediction: Misuse of off-the-shelf attack kits would continue to rise in 2023.

Results: The prevalence of cyber-attacks orchestrated by states has become a defining feature in contemporary Indian geopolitics. Escalating international tensions have significantly contributed to a surge in such attacks, aligning with earlier predictions.

In terms of financial ramifications, organizations in India are estimating a cumulative cost of $1.6 million per cyber incident. This underscores the urgent need for Indian businesses and governmental entities to enhance their cybersecurity measures, recognizing the evolving nature of cyber threats, especially those driven by nation-states, to safeguard national security and economic interests.

As we navigate the intricate landscape of cybersecurity, these insights provide a roadmap for organizations to fortify their defences against emerging threats in 2024. The intersection of technology and security demands continuous vigilance and proactive measures, ensuring a resilient cybersecurity posture in the face of evolving challenges.