Companies play catch-up as cybersecurity attacks rise in digital India
A rise in cyberattacks poses a vital risk to India’s economic ambitions, with industries from manufacturing to pharmaceuticals becoming more vulnerable as they digitise operations, according to a Google subsidiary.
Attacks have spiked significantly in the past six months, said Amit Pradhan, India consulting leader for the cybersecurity firm Mandiant, which is owned by Alphabet Inc.’s Google Cloud. A breach at Suzuki Motorcycle India forced the company to halt production in May, and India’s largest pharmaceutical company said in March a ransomware attack will have an impact on revenue.
“Every company in India wants to go digital,” Pradhan said. “The risks are also rising with it.”
The breaches underscore how companies in the world’s most populous nation may have neglected cybersecurity as they’ve rapidly built out their digital infrastructure. India is aggressively pushing to become a global force in industries such as electronics manufacturing and an alternative to China, which has lost some of its allure as the world’s factory amid tensions with the US.
Ransomware attacks, where a hacker encrypts files and demands a ransom payment, rose 53% in India in 2022, according to a report by CERT-In, the country’s agency for cyberthreats. Ransomware groups have broadened their attacks across critical sectors, according to the report.
The increase in high-profile incidents has boosted demand for security software. Companies are now approaching Mandiant not just during emergencies but also to implement preventive measures, Pradhan said. Yet budget constraints mean that Indian companies are still spending less on protection than their counterparts in many other regions.
“The country is far behind developed nations when it comes to the importance given to cybersecurity,” Pradhan said.
To be sure, some firms are taking steps to reduce vulnerabilities. L&T Technology Services Ltd. is planning to increase spending on cybersecurity by as much as 50% next year, according to chief operating officer Abhishek Sinha. He said the company is moving to a “zero-trust architecture” where it restricts employees’ and vendors’ access to only the data they need.
The growing popularity of artificial intelligence is proving to be both a boon and a bane, cybersecurity experts said. Security software companies such as Crowdstrike Holdings Inc. are using AI to detect loopholes in IT systems. But on the other hand, hackers are using ChatGPT and other tools to write malware code and convincing phishing emails, said Smit Kotadiya, a CrowdStrike consultant.
“There used to be grammatical errors that we could spot in phishing emails,” Kotadiya said. “Hackers are now smarter than ever before.” DM