‘Generative AI poses a challenge to some fundamental notions of security

Vinayak Godse, the Chief Executive Officer of Data Security Council of India (an industry body set up by Nasscom), is a cybersecurity though leader. He was instrumental in developing DSCI Security Framework (DSF) and DSCI Privacy Framework (DPF). Godse, who led the National Centre of Excellence (NCoE) for Cybersecurity Technology and Entrepreneurship, speaks on the emerging threats and opportunities in the cybersecurity space. Edited excerpts.

How was the year 2023 in the cybersecurity space?

The year 2023 was quite eventful for cyber security. Ransomware emerged as a potent threat vector, leading to ramifications across sectors, especially in non-BFSI and technology sectors. Rising exploitation and extortion cases have awoken the economy’s sectors to the importance of cyber security. It is also a year of increased privacy concerns. Generative AI posed a challenge to some fundamental notions of security, raising the threat landscape to a level where flaws and vulnerabilities, revealed even for a brief instant, may be exploited. It also introduced a new set of privacy concerns. In 2023, misinformation, fake information and deep fake on the one hand, and a spike in cybercrime on the other, made their mark. DSCI Seqrite India Cyber Threat Report highlights dominance of ransomware as a service, AI powered malware, compromise or exploitation of MFA authentications in the year 2023.

It is also a year in which the ecosystem is seen banding together to counter assault campaigns during major events such as the G20 conference. India’s total cybersecurity domestic market now stands close to $6 billion, up from $2 billion in 2019.

What are going to be the key challenges and opportunities in 2024?

Advanced persistent threats and sophisticated ransomware are predicted to strike economic sectors in 2024. They’d both come with zero-day attacks. MFA (multifactor authentication) fatigue, particularly OTPs, will lead to an increase in social engineering attacks. AI-powered attack vectors and payloads, deep fakes, exploitation of supply chain vulnerabilities, hacktivism targeting major national and international events, spillage of techniques used in combat to commercial sectors, increased underground and dark network activities, and targeting mobile apps would be dominant in 2024.

Increased awareness of security dangers, stricter compliance requirements and obligations and liabilities related to data protection will generate enormous opportunities for security market participants, both products and services. From $6 billion, we believe the domestic cyber security market size will grow with CAGR to more than 25 per cent.

Deepfakes have arrived in 2023. How to protect yourself?

You need to have a two-pronged approach. To begin with, do not fall into the trap of deepfake. Be sceptical of sensational-looking content before sharing and reacting to it, pay attention to details, and try to fact-check. Secondly, for you own safety, be diligent about your online presence, especially about the visual aspects (photo and videos). Use strong passwords, activate two-factor authentication and follow practices of cyber hygiene. You should also be informed on deepfakes, dangers they pose, legal challenges they create, reporting mechanism on the platforms and quick remedies.  

How prepared are we in terms of solutions and building cybersecurity manpower?

The cybersecurity ecosystem is matured in India. We have a presence in all leading and innovative global security providers in the country in the market.

The MeitY programmes like Information Security Education and Awareness (IESA), NASSCOM-MeitY FutureSkills platform, DSCI’s professional credentials and steering focused and diversity-led training programme CyberShikshaa, and over 200 universities or colleges offering specialisation in cyber security would help build skilled manpower.

Published on December 29, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *