91% of Indian firms faced ransomware attacks in 2022

New Delhi Information security company, CyberArk, on Sunday said that more than 91 per cent of the Indian organisations experienced ransomware attacks in 2022 while 55 per cent of the affected organisations reported paying up twice or more to allow recovery, signalling that they were likely victims of double extortion campaigns.

CyberArk, in its report said that Indian organisations experienced growing cyber debt in 2022 where security spending over the pandemic period lagged investment in broader digital business initiatives. In 2023, levels of cyber debt are expected to rise as a result of an economic downturn, increased staff turnover, a drop in consumer spending, and an uncertain global environment.

“New environments create new identities and, consequently, compromising identities will remain the most preferred method for attackers to evade cyber defences and gain access to critical data and assets,” said Rohan Vaidya, regional director, India & SAARC, CyberArk.

Moreover, the report showed that all (100 per cent) organisations in India expect identity-related compromise this year, stemming from economic-driven cutbacks, geopolitical factors, cloud adoption and hybrid working. About 84 per cent said that this will happen as part of a digital transformation initiative such as cloud adoption or legacy app migration.

Nearly 61 per cent of security professionals expect AI-enabled threats to affect their organisation in 2023, with AI-powered malware cited as the top concern. Further, the report said that about 92 per cent of organisations feel code/malware injection into their software supply chain is one of the biggest security threats their organisations face.

“Business transformation, driven by digital and cloud initiatives, continues to result in a surge in new enterprise identities. While attackers are constantly innovating, compromising identities remains the most effective way to circumvent cyber defences and access sensitive data and assets,” said Matt Cohen, chief executive officer, CyberArk.

Credential access remains the number one risk for respondents (cited by 45 per cent), followed by defence evasion (34 per cent), execution (34 per cent), initial access (31 per cent) and privilege escalation (26 per cent).

Cybersecurity in 2023

• In 2023, levels of cyber debt are expected to rise

• Identity-related compromise is expected to be a major threat in 2023

• AI-enabled threats and code/malware injection into the software supply chain are also major concerns