InfoSecBulletin Cybersecurity for mankind
India has made strides in cybersecurity by clarifying ministerial roles in September 2024 and implementing a National Security Directive that limits telecom infrastructure procurement to trusted sources. It is also considering similar protocols for other vital sectors like power.
To address the shortage of cybersecurity professionals, the government is investing in education by adding cybersecurity modules to school curriculums and offering specialized BTech and MTech degrees in the field.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
The Quality Council of India (QCI) is developing minimum security standards for networked devices to enhance security in the device ecosystem nationwide.
A Shift in Threat Patterns:
Chakravarthy T. Kannan, Secretary General of QCI, noted a shift in cyberattacks from urban centers to smaller cities. Now, 50% of cyber incidents happen outside the top 10 metropolitan areas, unlike before when 80% targeted just 20% of key markets.
Mandar Kulkarni, Microsoft’s National Security Officer, stated that his team tracks 600 million cyberattacks each day, primarily focused on identity-based threats. He mentioned that simple steps like multi-factor authentication could prevent 99% of these attacks. Additionally, he highlighted that since March 2024, Distributed Denial of Service (DDoS) attacks have evolved from volume-based to more complex application-level threats.
Cybersecurity: A Growing Market Opportunity
At CyberComm 2025, Suprakash Chaudhuri, Country Head of Digital Industries at Siemens Ltd and Co-Chair of FICCI’s Technology Committee, discussed the financial aspects of cybersecurity. He noted that India’s cybersecurity market is expected to grow from USD 5.56 billion in 2025 to USD 12.9 billion by 2030, with a compound annual growth rate (CAGR) of 18.33%.
“Cyberattacks are cheap, fast, and highly profitable for perpetrators. Yet the impact they leave on businesses and governments is devastating,” Chaudhuri remarked.
He emphasized the need for proactive threat detection, solid policies, and workforce development. Businesses should use advanced technologies like AI for threat intelligence and encourage collaboration across sectors to combat complex cyber threats.
The Road to Data Protection:
India is advancing in data protection. In January 2025, the government released draft rules under the Digital Personal Data Protection (DPDP) Act, 2023, for public feedback until February 18. These rules seek to establish clear guidelines for managing personal data.
India has reached a major milestone in its ten-year effort to establish data protection laws. The DPDP Act reflects the recommendations of a 2011 expert committee headed by former Delhi High Court Chief Justice A.P. Shah.
The draft suggests a phased rollout. Rules for the Data Protection Board will take effect immediately, while consent management, notice requirements, and government data access will be implemented gradually.
Strengthening India’s Cybersecurity Future:
India faces significant cybersecurity challenges due to its many connected devices, growing digital economy, and changing threats. A comprehensive strategy needs cooperation among government, industry, and academia.
India is building a secure digital future through policy frameworks, trusted supply chains, educational initiatives, and industry solutions. Success relies on the active involvement of all stakeholders.
As Lieutenant General Nair aptly put it, “Cybersecurity is not just a technological challenge; it is a mission-critical priority that demands collective action.”
