Indian firms must avoid complacency as cyber incidents mount: Experts

NEW DELHI: As cybercriminals are constantly adapting and learning from the cybersecurity landscape, experts on Sunday said that given the increasing frequency and complexity of cyber incidents, Indian organisations must avoid complacency.

New technologies, such as artificial intelligence (AI), offer new opportunities but also give birth to new challenges. According to cybersecurity researchers, cybercriminals are constantly adapting and learning from the cybersecurity landscape, and they try to exploit these new technologies to avoid being caught or noticed.

"AI in cybersecurity is like a double-edged sword. While it offers defensive capabilities, it can also be exploited by malicious actors. Ransomware attacks show that encryption can also be used against us by attackers, which essentially means that our tools are being turned into weapons," Dr Sanjay Katkar, Joint Managing Director, Quick Heal Technologies, told IANS.

"However, several detection technologies are exclusive to cybersecurity professionals and cannot be used by hackers. They help defend critical digital infrastructure and discover anomalies," he added.

In 2023, researchers at the malware analysis lab Seqrite Labs analysed approximately 400 million malware detections from over 8.5 million endpoint installations in India.

As per the recent report by the cloud-enabled security solutions provider Barracuda Network, the average annual cost of responding to compromises exceeded $5 million.

The report also raised the alarm over hackers exploring how they can use generative AI (GenAI) technology to increase the volume, sophistication, and effectiveness of their attacks.

To counter AI-driven attacks, the experts suggested that deploying AI-based defences tailored to match evolving threat patterns is essential.

"Implementing ethical frameworks to govern AI development and cyber use cases could mitigate potential damage. Regular software updates, access isolation, and ongoing user training against evolving social engineering techniques are imperative as these attacks continue to evolve," Raj Sivaraju, President, APAC, Arete, told IANS.

"Priorities such as expanded training, security partnerships, automation, and resilience principles like zero trust are essential in maturing defensive strategies throughout 2024," he added.

The experts also noted that through urgency, collaboration, and strategic technology investments, cyber defenders can effectively confront adversary challenges for a more secure digital future.