New Delhi: Information security company, CyberArk, on Sunday said that more than 91 percent of the Indian organisations experienced ransomware attacks in 2022 while 55 percent of the affected organisations reported paying up twice or more to allow recovery, signalling that they were likely victims of double extortion campaigns.
CyberArk, in its report said that Indian organisations experienced growing cyber debt in 2022 where security spending over the pandemic period lagged investment in broader digital business initiatives.
In 2023, levels of cyber debt are expected to rise as a result of an economic downturn, increased staff turnover, a drop in consumer spending, and an uncertain global environment.
“New environments create new identities and, consequently, compromising identities will remain the most preferred method for attackers to evade cyber defences and gain access to critical data and assets,” said Rohan Vaidya, regional director, India & SAARC, CyberArk.
Moreover, the report showed that all (100 percent) organisations in India expect identity-related compromise this year, stemming from economic-driven cutbacks, geopolitical factors, cloud adoption and hybrid working.
About 84 percent said that this will happen as part of a digital transformation initiative such as cloud adoption or legacy app migration.
Nearly 61 percent of security professionals expect AI-enabled threats to affect their organisation in 2023, with AI-powered malware cited as the top concern.
Further, the report said that about 92 percent of organisations feel code/malware injection into their software supply chain is one of the biggest security threats their organisations face.
“Business transformation, driven by digital and cloud initiatives, continues to result in a surge in new enterprise identities. While attackers are constantly innovating, compromising identities remains the most effective way to circumvent cyber defences and access sensitive data and assets,” said Matt Cohen, chief executive officer, CyberArk.
Credential access remains the number one risk for respondents (cited by 45 percent), followed by defence evasion (34 percent), execution (34 percent), initial access (31 percent) and privilege escalation (26 percent).
