Express Computer
Home  »  Guest Blogs  »  India is patching slower while cyber attackers move faster: What’s the fix?

India is patching slower while cyber attackers move faster: What’s the fix?

0 4

By Rajnish Gupta, MD & Country Manager, Tenable India

In January 2026, the Sinobi ransomware group broke into an Indian IT services company and walked away with Hyper-V server access, virtual machine images, customer backups and claimed more than 150GB of stolen data. A few months earlier, one of India’s largest stockbroking platforms disclosed that attackers had accessed an unsecured AWS storage bucket, exposing data tied to 7.9 million users. Prior to that, a major asset and offshore management company suffered a cyberattack that shut down its website, portal and mobile app, cutting off investors from their own accounts during a period of market volatility.

In each one of these attacks, threat actors exploited known, documented vulnerabilities like misconfigurations, unpatched systems and exposed cloud resources that weren’t addressed in time. Vulnerability exploitation has become the single largest initial access vector in data breaches, accounting for 31% of all incidents. The median time organisations take to patch a known vulnerability grew from 32 to 43 days in one year. That’s a 34% increase in the wrong direction.

Even as organisations wonder if their technology failed them, the sheer number of vulnerabilities is making patching impossible because organisations simply don’t know which threats to plug first and fast. This prioritisation crisis is becoming India’s defining cybersecurity problem.

The challenge today isn’t the lack of visibility. It’s the inability to prioritise which exposure matters the most.

Stop trying to patch everything, master preventive prioritisation

The most important shift security leaders must make is a cognitive one of abandoning the idea that patching all vulnerabilities is achievable and the right goal. With over 300,000 vulnerabilities in existence and AI models like Claude Mythos accelerating vulnerability discovery, this number is only going to increase dramatically.

No security team can address all of them. Attempting to do so guarantees that these teams exhaust themselves on low-risk items while genuinely dangerous exposures queue behind them.

Tenable Research found that in any given period, only approximately 3% of disclosed vulnerabilities are actively weaponised against real environments. The operational implication is not “What is vulnerable?” but “What is being actively exploited, by whom, and against systems like ours?” Answering that question requires shifting from a scan-and-patch workflow to a preventive, intelligence-led approach that incorporates real-time exploitation data, threat actor activity, and the specific context of an organisation’s own environment.

Exposure management does just that. It uses vulnerability priority rating (VPR) to help prioritise which exposures pose the greatest risk to business continuity. VPR doesn’t need a CVSS score from NIST to tell you which vulnerabilities matter. It uses real-time exploitation telemetry and ground-truth data from actual environments to help prioritise patching.

Context is the missing variable for prioritisation

A vulnerability on an internet-facing system with weak authentication and exposed credentials doesn’t carry the same risk as a vulnerability on an isolated internal server with no external exposure.

Traditional vulnerability scoring systems treat them identically. That is precisely where Indian security teams are losing time and attention. Effective prioritisation calls for four pieces of information working together: which assets are exposed to the internet, which credentials associated with those assets are compromised or weakened, which vulnerabilities on those assets are actively exploited in the wild and which toxic combinations of these factors create the most dangerous attack pathways.

Development tools, virtualisation platforms, and remote monitoring and management software showed the highest rates of unremediated assets globally, because context-free scoring makes it hard to distinguish the urgent from the merely important. This is the insight that makes patching such a challenging task.

Exposure management platforms are the right solution to providing the much-needed context. The attack path analysis capabilities of exposure management provide visibility into how threat actors chain together vulnerabilities, misconfigurations, and excessive permissions to reach critical assets. This attack path mapping enables organisations to prioritise which gaps to close first and preemptively disrupt the attacker’s journey.

Counter AI with AI

AI is fundamentally changing the speed and scale of cyberattacks. Attackers can now use AI to identify entry points, automate reconnaissance, move laterally across environments, escalate privileges, and exploit known vulnerabilities much faster than before.

For the modern defender, the number of vulnerabilities keeps increasing. Manual triage, spreadsheet-based remediation, and siloed tools cannot win a race against machine-speed exploitation.

That’s why organisations must counter AI-driven attacks with agentic AI-powered cyber defence by leveraging it to prioritise which threats to plug first. It organises the attack surface information and performs asset inventory and tailors security data to specific business needs, ensuring raw metrics are transformed into prioritized intelligence. It even bridges the gap between identifying a risk and resolving it. With this, security teams can understand how vulnerabilities, identities, assets, configurations, and AI systems across an attack surface interact to create exposure; determine which exposures create the most risk for the organization; validate the real security posture of the environment; and orchestrate the steps required to close the organization’s highest-risk exposures in minutes, not months.

India’s enterprises are operating under the same pressures that are straining security teams worldwide. But India’s pace of digital growth, the scale of its IT services sector, and the approaching enforcement of DPDP create a window of urgency that is closing. The recent cyberattacks were the predictable consequence of known vulnerabilities that were not prioritised in time. The data needed to prevent the next one already exists. The discipline to act on it is what Indian organisations need to build now. They can make it happen with agentic AI-powered exposure management.

Leave A Reply

Your email address will not be published.