InfoSecBulletin Cybersecurity for mankind
India has made strides in cybersecurity by clarifying ministerial roles in September 2024 and implementing a National Security Directive that limits telecom infrastructure procurement to trusted sources. It is also considering similar protocols for other vital sectors like power.
To address the shortage of cybersecurity professionals, the government is investing in education by adding cybersecurity modules to school curriculums and offering specialized BTech and MTech degrees in the field.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
The Quality Council of India (QCI) is developing minimum security standards for networked devices to enhance security in the device ecosystem nationwide.
A Shift in Threat Patterns:
Chakravarthy T. Kannan, Secretary General of QCI, noted a shift in cyberattacks from urban centers to smaller cities. Now, 50% of cyber incidents happen outside the top 10 metropolitan areas, unlike before when 80% targeted just 20% of key markets.
Mandar Kulkarni, Microsoft’s National Security Officer, stated that his team tracks 600 million cyberattacks each day, primarily focused on identity-based threats. He mentioned that simple steps like multi-factor authentication could prevent 99% of these attacks. Additionally, he highlighted that since March 2024, Distributed Denial of Service (DDoS) attacks have evolved from volume-based to more complex application-level threats.
Cybersecurity: A Growing Market Opportunity
At CyberComm 2025, Suprakash Chaudhuri, Country Head of Digital Industries at Siemens Ltd and Co-Chair of FICCI’s Technology Committee, discussed the financial aspects of cybersecurity. He noted that India’s cybersecurity market is expected to grow from USD 5.56 billion in 2025 to USD 12.9 billion by 2030, with a compound annual growth rate (CAGR) of 18.33%.
“Cyberattacks are cheap, fast, and highly profitable for perpetrators. Yet the impact they leave on businesses and governments is devastating,” Chaudhuri remarked.
He emphasized the need for proactive threat detection, solid policies, and workforce development. Businesses should use advanced technologies like AI for threat intelligence and encourage collaboration across sectors to combat complex cyber threats.
The Road to Data Protection:
India is advancing in data protection. In January 2025, the government released draft rules under the Digital Personal Data Protection (DPDP) Act, 2023, for public feedback until February 18. These rules seek to establish clear guidelines for managing personal data.
India has reached a major milestone in its ten-year effort to establish data protection laws. The DPDP Act reflects the recommendations of a 2011 expert committee headed by former Delhi High Court Chief Justice A.P. Shah.
The draft suggests a phased rollout. Rules for the Data Protection Board will take effect immediately, while consent management, notice requirements, and government data access will be implemented gradually.
Strengthening India’s Cybersecurity Future:
India faces significant cybersecurity challenges due to its many connected devices, growing digital economy, and changing threats. A comprehensive strategy needs cooperation among government, industry, and academia.
India is building a secure digital future through policy frameworks, trusted supply chains, educational initiatives, and industry solutions. Success relies on the active involvement of all stakeholders.
As Lieutenant General Nair aptly put it, “Cybersecurity is not just a technological challenge; it is a mission-critical priority that demands collective action.”
