Most Indian businesses make cybersecurity decisions without attacker’s insights: Study

A majority of businesses in India make cybersecurity decisions without insights into the threat actor targeting their infrastructures, according to a study published on Tuesday. The claims come from Google-owned threat analytics company Mandiant, which said that 75% respondents make most of their cybersecurity decisions without attacker’s insights, which proves to be dangerous for their organisations. 

The latest Mandiant report compiled after a global survey of 1,350 cybersecurity decision makers across 13 countries, including 100 decision makers from India, and across 18 sectors, also said that while 66% of cybersecurity decision makers it surveyed, believe senior leadership teams continue to underestimate cyber-threats and 68% agree their organisation needs to improve its understanding of the threat landscape. 

The report also said that more than half (57%) of security decision-makers are not very confident that their organisation is fully prepared to defend itself against a significant cybersecurity event caused due to hacktivist actors. And just over half (54%) of the respondents expressed confidence to defend themselves against financially motivated attacks, such as ransomware. 

When respondents were asked to rank which countries their organisation would be unable to fully defend itself against, more than half of respondents globally (57%) said Russia, followed by China (53%), North Korea (52%) and Iran (44%), the study said. Given the geopolitical sentiments in India, the Mandiant report said, 68% organisations in India believe that they would not be able to fully defend against attack from China, followed by Russia (61%). 

Furthermore, cyber security, globally, is only discussed on average once every four or five weeks with various departments within organisations, including the board, members of the C-suite and other senior stakeholders. Besides, globally, only 38% of security teams share threat intelligence with a wider group of employees for risk awareness, said the study. 

Notably, 50% of respondents in India - as against 33% globally - reported that their organisation had suffered a ‘significant’ cyber-attack in the past 12 months, which has caused demonstrable harm. 

Another report by Indusface, a Tata Capital-funded software-as-a-service security (SaaS) firm, published on December 27, 2022, echoed similar trend. It showed that cybersecurity teams’ inability to plug vulnerabilities is accelerating cyber-attacks across Indian organisations across size and sector and that the country is one of the top targets for cybercriminals. 

The report revenue-wise, mid-market companies with revenues between $10 million to $1 billion have been subjected to 45% of the cyber-attacks and only 21% were large enterprises with over $1 billion in revenue, which implies that companies need to be proactively defend their organisation again rising cyber threats.  

On a separate report by BlackBerry published on February 2, 2023, security researchers have shown that several security leaders are also worried about ChatGPT, the popular AI-powered chatbot developed by the Artificial Intelligence (AI) research company OpenAI, expecting the AI model to complete a successful cyber-attack within a year.