InfoSecBulletin Cybersecurity for mankind
India has made strides in cybersecurity by clarifying ministerial roles in September 2024 and implementing a National Security Directive that limits telecom infrastructure procurement to trusted sources. It is also considering similar protocols for other vital sectors like power.
To address the shortage of cybersecurity professionals, the government is investing in education by adding cybersecurity modules to school curriculums and offering specialized BTech and MTech degrees in the field.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
The Quality Council of India (QCI) is developing minimum security standards for networked devices to enhance security in the device ecosystem nationwide.
A Shift in Threat Patterns:
Chakravarthy T. Kannan, Secretary General of QCI, noted a shift in cyberattacks from urban centers to smaller cities. Now, 50% of cyber incidents happen outside the top 10 metropolitan areas, unlike before when 80% targeted just 20% of key markets.
Mandar Kulkarni, Microsoft’s National Security Officer, stated that his team tracks 600 million cyberattacks each day, primarily focused on identity-based threats. He mentioned that simple steps like multi-factor authentication could prevent 99% of these attacks. Additionally, he highlighted that since March 2024, Distributed Denial of Service (DDoS) attacks have evolved from volume-based to more complex application-level threats.
Cybersecurity: A Growing Market Opportunity
At CyberComm 2025, Suprakash Chaudhuri, Country Head of Digital Industries at Siemens Ltd and Co-Chair of FICCI’s Technology Committee, discussed the financial aspects of cybersecurity. He noted that India’s cybersecurity market is expected to grow from USD 5.56 billion in 2025 to USD 12.9 billion by 2030, with a compound annual growth rate (CAGR) of 18.33%.
“Cyberattacks are cheap, fast, and highly profitable for perpetrators. Yet the impact they leave on businesses and governments is devastating,” Chaudhuri remarked.
He emphasized the need for proactive threat detection, solid policies, and workforce development. Businesses should use advanced technologies like AI for threat intelligence and encourage collaboration across sectors to combat complex cyber threats.
The Road to Data Protection:
India is advancing in data protection. In January 2025, the government released draft rules under the Digital Personal Data Protection (DPDP) Act, 2023, for public feedback until February 18. These rules seek to establish clear guidelines for managing personal data.
India has reached a major milestone in its ten-year effort to establish data protection laws. The DPDP Act reflects the recommendations of a 2011 expert committee headed by former Delhi High Court Chief Justice A.P. Shah.
The draft suggests a phased rollout. Rules for the Data Protection Board will take effect immediately, while consent management, notice requirements, and government data access will be implemented gradually.
Strengthening India’s Cybersecurity Future:
India faces significant cybersecurity challenges due to its many connected devices, growing digital economy, and changing threats. A comprehensive strategy needs cooperation among government, industry, and academia.
India is building a secure digital future through policy frameworks, trusted supply chains, educational initiatives, and industry solutions. Success relies on the active involvement of all stakeholders.
As Lieutenant General Nair aptly put it, “Cybersecurity is not just a technological challenge; it is a mission-critical priority that demands collective action.”
