Blog Credit : Trupti Thakur
Image Courtesy : Google
The Digital Threat Report 2024
Why in News?
India has released its first-ever Digital Threat Report 2024, aimed at strengthening cybersecurity in the Banking, Financial Services, and Insurance (BFSI) sector. The report highlights evolving cyber risks and outlines strategic measures to protect the nation’s financial infrastructure, crucial for its digital economy.
What is the Digital Threat Report 2024?
- The Digital Threat Report 2024is a collaborative initiative by SISA (Strategic Information Services Agreement), a global cybersecurity firm, along with the Computer Emergency Response Team (CERT-In), and CSIRT-Fin.
- It provides a comprehensive analysis of the escalating cybersecurity risks within India’s BFSI sector and guides organizations to adopt stronger security measures, improve compliance protocols, and enhance threat detection capabilities.
What are the Key Highlights of the Cyber Threat Report 2024?
- Surge in Cyberattacks and Data Breach Costs: In 2024, the BFSI sector witnessed a surge incyberattacks, with global data breach costs rising to USD 4.88 million (a 10% increase from 2023) and USD 2.18 million in India.
- BFSI’s digital growth, projected to reach USD 3.1 trillion in payments by 2028, is widening its cyber threat exposure.
- Phishing attacks in India surged by 175% in June 2024 compared to 2023.
- Crypto Attacks: Crypto exchanges have been targeted by cybercriminals and new malware variants also threaten crypto wallets by extracting private keys for unauthorized access.
- Social Engineering Attacks: Business Email Compromise (BEC)and phishing are rising cyber threats, with 54% of BEC cases involving pretexting.
- AI and deep fake technologies are making these attacks more convincing by impersonating executives to manipulate financial transactions or steal sensitive data.
- Impact of AI on Phishing: AI is making phishing attacks more convincing by generating emails that mimic trusted entity’s tone, style, and branding.
- AI-driven chatbot phishing scams engage victims interactively to extract personal data.
- Large language models (LLMs)like Worm GPT and Fraud GPT bots are lowering the barrier for cybercriminals, enabling the creation of more convincing phishing emails and malware.
- Stolen Credentials and Malware: Hackers are using stolen login details and malware using techniques like session hijacking, brute-force attacks, deep fake technology, and BOLA vulnerabilities to bypass Multi-Factor Authentication (MFA), mainly targeting SaaS platforms like email and VPN services.
- SaaS platforms are a type of digital platform that facilitates the selling, distribution, and management of cloud-based software and services.
- Cloud Security Weaknesses: Misconfigured cloud services, such as publicly accessible storage and weak access controls, are major targets.
- There has been a 180% increase in attacks exploiting cloud vulnerabilities.
- Key Recommendations:
- It includes adopting a human-centric, leadership-driven approach to cybersecurity, backed by continuous employee training and cyber-awareness to counter emerging threats like AI phishing and deep fakes.
- Implement regular Automated Vulnerability Scans, real-time threat intelligence sharing, and a multi-layered “defense-in-depth” strategy with firewalls, endpoint protection and Zero Trust architecture.
- Leveraging Technology to ensure timely patching (updates), AI-based threat detection and use of MFA for access control.
What is the Current Framework for Cybersecurity in India?
- Legislative Measures:
- Information Technology Act, 2000 (IT Act)
- Digital Personal Data Protection Act, 2023
- Institutional Framework:
- Indian Computer Emergency Response Team(CERT-In)
- National Critical Information Infrastructure Protection Centre(NCIIPC)
- Indian Cyber Crime Coordination Centre(I4C)
- Cyber Swachhta Kendra
- Strategic Initiatives:
- Bharat National Cybersecurity Exercise 2024
- National Cyber Security Policy, 2013:Provides vision and strategies for securing cyberspace and protecting critical information infrastructure.
Conclusion
As cyber threats evolve, adopting a proactive, multi-layered cybersecurity approach is crucial for safeguarding critical infrastructure. Prioritizing early vulnerability assessments, AI-driven detection, strong authentication, and securing applications enhances resilience. Embedding cybersecurity into organizational strategies will strengthen India’s digital ecosystem and ensure long-term security.
Blog By : Trupti Thakur