As cyber threats grow more sophisticated and pervasive, ‘cyber security awareness month,’ serves as a timely call to action for governments, industries and the public

Celebrated annually for over two decades now, the world now observes October as “Cybersecurity Awareness Month”. Initiated by the US Cybersecurity and Infrastructure Security Agency (CISA) in 2004, it aims to promote cybersecurity awareness and encourage both public and private sectors to take proactive steps in securing their digital landscapes.

In its 21st year, Cybersecurity Awareness Month remains focused on fostering collaboration between governments, industries and the public to enhance awareness about cyber threats, promote safe online behaviour, and equip organisations with the necessary tools to combat emerging digital risks. This month-long campaign is not just a reminder to stay vigilant but a call to action — a time for every nation to bolster its defences against the ever-evolving cyber threat landscape.

India: A Prime Target for Cybercriminals as India’s digital economy continues its rapid expansion, the country has become an attractive target for cybercriminals looking to exploit vulnerabilities. According to Rubrik Zero Labs research, 75 per cent of Indian organisations reported they experienced an increase in ransomware attacks in the past year, with 96 per cent of these reported incidents specifically targeting backups—74 per cent of which were at least partially successful.

The report further revealed that: 69 per cent of Indian IT and security leaders identified SaaS platforms as the most common targets for cyberattacks in 2023. 98 per cent of these leaders experienced a loss of sensitive information due to cyber incidents. 55 per cent of companies reported paying a ransom because of data extortion threats.

53 per cent confirmed that malicious actors successfully damaged their backup and recovery options. These figures are alarming, to say the least, positioning India among the top three most targeted countries in the Asia-Pacific region.

Since September 2022, ransomware attacks in India have surged by a staggering 195 per cent. This increase is not just in volume but also in sophistication, as attackers adapt their strategies to evade detection and increase their chances of success.

The Rising Cost of Data Breaches in India The financial implications of these attacks are becoming more severe. According to recent studies, the average cost of a data breach in India now stands at a staggering Rs 19.5 crore — an all-time high.

Since 2020, the financial impact of these breaches has soared by 39 per cent, reflecting the increasing complexity and disruptive nature of modern cyber threats. Critical infrastructure industries such as healthcare, financial services, and energy have been hit the hardest, with breach costs in these sectors ranking among the highest globally. However, the financial ramifications are just one part of the equation.

The reputational damage caused by data breaches can have long-lasting effects on customer trust and business sustainability. In today’s digital world, data is the new currency, and its protection should be a top priority for every organisation. Unfortunately, the reactive approach of defending against threats is no longer sufficient. As cybercriminals continue to evolve and become more sophisticated, businesses must shift their focus to building a proactive and resilient cybersecurity posture.

Understanding Cyber Resilience:

The Key to a Safer Digital Future To effectively combat the growing threat landscape, organisations need to embrace the concept of cyber resilience. Cyber resilience goes beyond traditional cybersecurity measures, emphasising not only the defence against attacks but also the ability to recover quickly and continue operations in the face of an incident.

This approach is vital in a world where threats are not only becoming more frequent but also more damaging. Cyber resilience is no longer just a technical requirement but a strategic imperative. Cyber threats are constantly evolving, making it crucial for businesses to understand and implement effective strategies for cyber resilience. Its importance in the modern digital landscape has been accentuated due to the evolving threat landscape and common cyber threats.

Building a Strong Cyber Posture

Creating a resilient organisation starts with developing a robust cyber posture. This involves conducting comprehensive risk assessments, defining clear frameworks, and implementing methodologies to identify strengths and weaknesses within the digital ecosystem. Understanding the role of risk assessment is critical in developing a strong cyber posture. Organisations must evaluate their existing security measures, identify potential vulnerabilities, and develop a strategic roadmap to address these gaps.

A resilient cyber posture is not just about deploying advanced technologies; it’s about integrating cybersecurity into every aspect of the organisation’s operations and culture. Employee training and awareness programmes are essential to instil a mindset that prioritises security across all levels of the organisation. Building a culture of security is pivotal, as it helps transform cybersecurity from a mere compliance requirement into a core business priority.

The Role of Regulatory MeasuresIn response to the rising threat landscape, regulatory bodies like the Reserve Bank of India (RBI) have stepped up their efforts to strengthen the nation’s cyber resilience.

The RBI has issued comprehensive guidelines on Cyber Resilience, requiring financial organisations to implement robust governance frameworks for identifying, assessing, monitoring, and managing cyber risks.

These regulations also mandate the adoption of baseline security measures to ensure system resiliency and secure digital transactions. The RBI’s guidelines are designed to address the unique challenges faced by the financial sector, which remains one of the most targeted industries globally. Financial institutions are now required to migrate to the latest security standards, deploy advanced monitoring systems, and establish strong incident response protocols to safeguard customer data and ensure business continuity.

Learning from Real-World Cyber Resilience Examples

Governments and companies need to learn from real-world examples to understand the impact of cyber resilience strategies.

The consequences of cyberattacks on organisations are well documented, and businesses can gain insights from real-world examples of successful and unsuccessful cyber resilience.

One of the key lessons from these examples is the need to focus on the outcome. Cyber resilience is not just about preventing an attack; it’s about minimising the impact and ensuring that the organisation can bounce back quickly. We don’t just want people to be aware; we want people to be resilient and become, along with their organisation, harder targets for cybercriminals. Resilient is the new black!

(The writer is vice president, Asia Rubrik; views are personal)