The year 2023 is a watershed year in the cybersecurity space for several reasons. As the nation-state attacks continue to increase in the backdrop of geopolitical conflicts, the emergence of Generative AI poses a fresh set of challenges, which threatens to further make the cybersecurity landscape more complex. India featured among the top 10 destinations facing cyberattacks.

As the country goes for general elections in 2024, cybersecurity experts have warned of a spate of cyberattacks in the country, particularly deepfakes, which could cause an uproar, and raise privacy concerns. There is some good news. The Generative AI and AI as a whole, which can be used for malicious purposes, can also be used to thwart such attacks.

That the cybersecurity defenders detected 400 million instances of malware spread across a network of 8.5 million endpoints in 2023 alone reflected the enormity of the problem. Every day, over half a million malware are discovered, adding to the already staggering one billion circulating malware programs, according to DSCI, the data protection industry body.

Info compromised

“In 2023, India experienced a surge in these cyberattacks, leaving a trail of compromised personal information, disrupted operations, and eroded public trust. In 2024, we expect a sharp uptick in data breaches as the digital landscape expands, primarily because of the scale and diversity of attacks, which have impacted almost every sector, from government to healthcare to start-ups,” Rohan Vaidya, Regional Director, India, and SAARC of CyberArk, says.

He said that a rise in cloud adoption could lead to a surge of identity-based attacks. “The overall Indian public cloud services market is expected to gallop to $17.8 billion by 2027. As organisations migrate their data, applications, and workloads to the cloud, the attack surface widens, providing a broader canvas for threat actors to exploit,” he points out.

New challenges

The birth and rise of Generative AI and other AI solutions open up a new set of challenges for defenders. These solutions made the attacks sophisticated with hackers sharpening their arsenal and crafting new attack vectors that exploit vulnerabilities in novel ways. 

The AI also led to creation of deepfakes. Morphed videos of Prime Minister Narendra Modi doing a garba dance and obscene depictions of film actresses Kajol and Rashmika Mandanna shocked the nation. That the Prime Minister had to take note of the deepfake attack reflects the shape of things to come.

Deepfake audio crimes too have been reported in some parts of the country.

Sonit Jain, CEO of GajShield Infotech, feels that the cyber attacks would be automated in 2024. “With the surge in sophisticated cyber attacks and the constant evolution of threat landscapes we are standing at the forefront, anticipating the automation of cyberattacks,” he said.

Kumar Ritesh, Founder and CEO of external threat landscape management company CYFIRMA, felt that there wouldn’t be any let-up in ransomware attacks. “The ransomware attackers are likely to continue enhancing the sophistication of their attacks using AI. This could involve more advanced encryption algorithms and evasion techniques,” he said. “We are also concerned that cybercriminals will escalate and intensify their attacks on critical infrastructure, such as energy, healthcare and transportation sectors, causing widespread disruption,” he said.

RaaS models

Cybersecurity experts also expect the evolution of Ransomware-as-a-Service (RaaS) models where hackers would put these solutions in the Dark Web, bringing down the threshold levels for launching attacks.

Hackers are also expected to employ advanced evasion techniques to bypass traditional security solutions, making detection and mitigation more challenging. “2023 was the year that AI exploded on the public stage with the growth of large language models (LLMs) like ChatGPT. This trend will extend into 2024 as both hackers and cybersecurity professionals continue to evolve the use of artificial intelligence (AI) and machine learning (ML),” Harshil Doshi, Country Director (India & SAARC) of Securonix, said.

Quoting a survey, he said that 47 per cent of Indians have been affected by or know someone who has been a victim of AI-based attacks. “These technologies also have wider social and political ramifications as they become more convincing and eliminate obviously identifiable artefacts making it harder to distinguish real information from fraudulent or artificially-generated content,” he said.

Sundar Balasubramanian, Managing Director (India & SAARC) of Check Point Software Technologies, has said that one in 34 companies have experienced an attempted ransomware attack in the first three quarters of 2023 in India, showing an increase of 4 per cent over last year. “Cyberthreats are not only more numerous, but increasingly complex, effective, and harder to detect as they are driven by artificial intelligence, organised ransomware groups and hacktivism. While cyberattacks are often related to data destruction and theft, cybercriminals often use the creation of fake data and impersonation to spread chaos and misinformation,” he pointed out.

The New Year is expected to see the rolling out of the provisions of the Digital Personal Data Protection Bill, 2023, which was cleared by the Rajya Sabha. While passing the Bill, the government said that the provisions would come into force over the next 8-10 months. 

The Data Security Council of India (DSCI), a data protection industry body set by the Nasscom, said that top-10 cities in the country accounted for more than 50 per cent of the detections, while the remaining detections are spread across tier-II and III cities and towns in India. This may be due to the rise of work-from-home culture amid the pandemic. It said that Mumbai, Pune, Chennai and Bengaluru have the highest number of detections in absolute terms.

In any scenario, the experts say, the following are the mantras for staying safe:

Implement multi-factor authentication

Zero trust at the core. Trust no one when it comes to securing data.

Go for real-time threat detection solutions.

Cybersecurity and AI hand in hand.

Always update the software

Train the staff.