By Kartik Shahani, Country Manager, Tenable India
The past year has been a lucrative one for cybercriminals who have relentlessly taken advantage of vulnerabilities and misconfigurations in the cloud, software supply chains and critical infrastructure. Ransomware-as-a-Service continued to thrive with gangs such as Lapsus$ and Conti causing major financial implications to businesses. In India alone, lost business costs accounted for nearly 40% of the average total cost of a data breach.
Cyberattacks had debilitating effects on several businesses resulting in low customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to diminished reputation.
It comes as no surprise that, as organizations adopted new technologies, the attack surface expanded. With India’s 5G rollout in October 2022, and organizations eager to embrace this new technology, the attack surface will atomize. If organizations don’t have complete holistic visibility into the breadth and depth of cyber risk, prioritize efforts and remediate these risks, it’s only a matter of time before they witness a cyberattack. A good place to start would be to gain visibility into what the attack surface would look like in the year ahead.
The 5G conundrum: More connections, more risk
The rollout of 5G promises to be transformative, with unprecedented levels of speed, capacity and potential. More than half (52%) of Indian enterprises want to start using 5G within the next 12 months. With 5G, manufacturing, energy, information and communication technology and retail industries are expected to generate $17 billion in incremental revenue by 2030.
5G is expected to increase the adoption of IoT and IIoT, opening up organizations to more cyber risk than ever. Given how 5G will greatly contribute to the country’s Make In India initiative aimed at boosting the manufacturing sector, the additional cyber risk posed by 5G adoption is especially relevant in industrial environments. History has proven that anytime emerging technologies are widely adopted, adversaries will find profitable ways to exploit flaws and misconfigurations to launch attacks. If organizations in India utilize devices with poor security configurations.
In that case, there will be an increase in zero-day attacks due to supply chain vulnerabilities, securing proprietary technology and misconfigurations arising from the 5G
network itself. Organizations must not trust underlying infrastructures and be diligent in the implementation of zero-trust infrastructures and secure their people, processes and technologies.
Cloud security will be critical for organizations
Cloud misconfigurations are proving to be an easy attack pathway for threat actors. Misconfigured cloud servers were the most common initial attack vector for cybercriminals targeting Indian organizations in 2022. Breaches due to cloud misconfigurations cost organizations an average of $4.41 million. Heading into 2023, cloud migration among Indian organizations is inevitable, not just for the private sector, but for governments too.
The Indian government recently announced its intention towards cloud adoption. This adds more risk if organizations are relying on legacy technologies to secure cloud environments.
In 2023, we anticipate attackers to target cloud-managed service providers. This is because the cloud service provider (CSP) managed service market is projected to grow to $117.65 billion by 2028. While there are numerous benefits to cloud adoption and outsourcing cloud services to an MSP, the opportunities for compromise are also vast.
Big SaaS breaches are a high possibility
Home to over 90 unicorns across different sectors, India is witnessing an entrepreneurial boom and is rapidly becoming a hub for SaaS start-ups. SaaS revenues in India accrued an annual growth of 20% in 2022 with rising adoption of these solutions from Indian SMBs and enterprises across sectors. A large portion of businesses (82%) have already adopted SaaS platforms on their digitalization journey. Given the high adoption rate of SaaS applications, the shared responsibility model and limited monitoring, the attack surface is bound to be compromised if not secured properly.
The reason is that businesses today use multiple SaaS platforms for varied functions like collaboration, customer support, supply chain management or human resources. This naturally leads to hundreds of global settings and thousands of roles and permissions for configuring, monitoring, and updating regularly. With so many apps running constantly and the data gathered from each of these bespoke tools residing in siloed spreadsheets, organizations aren’t able to see where their risks lie and strategize on how to effectively mitigate them. Organizations must take adequate measures to understand and tackle the complex threat landscape surrounding the security of SaaS apps they use.
The expected economic downturn could give rise to cryptocurrency scams Economic conditions around the world remain uncertain owing to geopolitical realities and increasing oil prices and disruptions to supply chains. In India, unemployment and the rising cost of living are the biggest concerns for people. During such uncertain times, get-rich-quick schemes involving fake cryptocurrency investments through social media and online dating will become increasingly successful.
In 2022, cryptocurrency scams ran rampant and this trend is expected to continue in 2023. Scammers are expected to use dating apps, chat messaging apps, social media and other avenues to lure users in by giving falsified promises to steal money from victims. These types of scams are likely to increase and cryptocurrency investors must be aware of elements such as choosing a compliant exchange that follows proper KYC verification methods. Identify a reliable exchange, and audit information of the exchange as they help in understanding the financial health of a company.