The rise of Metaverse is likely to pose cybersecurity challenges, while the professionisalisation of cyber crimes and ransomware-as-a-service (RaaS) is expected to become more lethal in the new year.

Rohan Vaidya, Regional Director (India and SAARC) at cybersecurity solutions company CyberArk, said that the expanding digital ecosystem would pose more significance as it has increased the attack surface considerably.

Quoting Boston Consulting Group, Vaidya said that the country’s digital payments market would touch the $10-trillion mark by 2026 from the present level of $3 trillion.

He added that India would increasingly be in the cross-hairs of international hacking groups, who will be attracted to its fast-expanding digital population. The attackers would continue to harm critical infrastructure as these had proven to be the most profitable.

Vaidya said, “We witnessed attacks on the power grid outage in Mumbai and the flood monitoring system at Goa’s water resource department. As more critical infrastructure gets connected, we can expect attacks on critical infrastructure to grow in scale and number.”

Metaverse challenges

He predicted the rise of the Metaverse could pose new security challenges. “It is still an emerging and nascent space with no structured best practices or regulations to ensure security or privacy,” he said.

Vaidya said the availability of ransomware kits allowed lesser-skilled cybercriminals to launch attacks. “The would-be attackers can simply browse a marketplace, fill their carts with cheap lists of stolen credentials and cookies or off-the-shelf ransomware, phishing and exploit kits and check out,” he added.

How to be safe

Vaidya also noted that companies must be highly vigilant and adopt the latest tools, technologies and processes to improve their security posture.

Stating that Computer Emergency Response Team (CERT-IN) mandated companies to report cybersecurity incidents within six hours of their occurrence, he wanted the organisations to continuously re-evaluate their internal and external cybersecurity controls and ensure security processes are in place.