Strengthening India’s Cyber Defense

The recent cyberattack on Marks & Spencer (M&S) underscores the escalating threat of cybercrime in India, where digital infrastructure is rapidly expanding. The breach, attributed to the hacker group Scattered Spider, exploited human vulnerabilities through social engineering tactics, leading to significant financial and reputational damage. This incident highlights the urgent need for robust cybersecurity measures, including employee training and advanced threat detection systems. As cyber threats become more sophisticated, India's preparedness to combat such attacks is crucial to safeguard its growing digital economy.

What are the Key Emerging Cybersecurity Threats Confronting India?  

• Sophistication of AI-Driven Phishing and Social Engineering Attacks: Phishing attacks have evolved using AI-generated content and real-time social engineering, bypassing traditional filters and deceiving employees effectively.  
  • These attacks exploit human vulnerabilities, as seen in the recent Marks & Spencer breach attributed to social engineering by Scattered Spider.  
  • Recent data shows a 175% increase in phishing attacks in India’s BFSI sector in early 2024, with 54% involving pretexting tactics.  
    • Daily cybercrime complaints rose by 113.7% in 2024, underscoring this growing threat. 
• Exploitation of Cloud and API Vulnerabilities: Rapid cloud adoption has created new attack surfaces through misconfigured environments and weak API security.  
  • Attackers exploit publicly accessible cloud buckets and poorly secured admin consoles, enabling unauthorized access to sensitive data and disrupting services. This reflects a critical gap in securing evolving digital infrastructures in India’s expanding economy. 
  • For instance, CERT-In reported a 180% rise in exploits targeting cloud misconfigurations and APIs in 2024, highlighting increasing adversarial focus on these vectors. 
• Surge in Supply Chain Attacks Targeting Critical Ecosystems: Cybercriminals increasingly infiltrate trusted vendors and third-party providers to bypass primary defenses, threatening entire supply chains.  
  • This indirect attack method jeopardizes the integrity of critical financial and governmental networks, requiring enhanced cross-sector coordination for defense.  
  • Supply chain attacks can also be disrupted by DDoS attacks, as seen a few years ago when Sudanese hackers took down airport and hospital websites, severely affecting their operations for an extended period. 
  •  The Digital Threat Report 2024 underscores supply chain risks as a major challenge, with malicious code libraries and compromised vendor software as common entry points. 
• AI-Powered Deepfakes and Chatbot Phishing: The emergence of AI-generated deepfake audio and video for impersonation and chatbot-based phishing campaigns significantly raise fraud sophistication.  
  • These technologies enable large-scale credential theft and social manipulation, undermining trust in digital communications. The threat landscape now demands AI-aware detection and response mechanisms. 
  • Incidents involving malicious LLMs like WormGPT and FraudGPT have been reported, with AI-enabled fraud causing multifaceted risks in finance and governance sectors. 
• Proliferation of Mobile Malware and Monetization Schemes: Mobile platforms, especially Android, face high infection rates from malware, adware, and potentially unwanted programs (PUPs), driven by commercial motives. 
  • Mobile security remains a weak link in India’s cybersecurity posture. Seqrite’s telemetry reveals 42% of mobile threats are malware, with 32% PUPs and 26% adware, stressing urgent need for enhanced mobile defenses. 
  • Recently, a case in Rajasthan highlighted the danger of steganography attacks—where a seemingly harmless picture sent via WhatsApp was downloaded, resulting in the phone being hacked and money stolen. 
• IoT Vulnerabilities in Critical Sectors: India’s accelerating adoption of IoT devices introduces complex security challenges due to widespread use of outdated and vulnerable technology.  
  • Exploitation of known IoT vulnerabilities can cause high-impact breaches, especially in BFSI and healthcare sectors where device security is often neglected.  
  • For instance, 99% of IoT attacks exploit known flaws, with 34% costing Banking, Financial Services, and Insurance entities between $5-10 million, revealing severe financial and operational risks. 
• Escalating Financial Frauds via Digital Platforms: Financial frauds, including online investment scams, illegal lending apps, Telegram task frauds and trading scams, are soaring, exploiting regulatory and technological gaps.  
  • Such frauds drain consumer wealth and erode confidence in digital finance, demanding integrated efforts between regulators, fintechs, and law enforcement. India’s rapid fintech growth paradoxically expands this attack surface. 
  • In 2024 alone, cybercriminals caused losses of over ₹1,750 crore through digital frauds, with 740,000 complaints on the National Cybercrime Reporting Portal, illustrating the gravity of this threat. 
• Growing Threat of Digital Arrest Scams and Social Manipulation: Cybercriminals impersonating law enforcement agencies conduct digital arrest scams, blackmail, and extortion, exploiting public trust in authorities. 
  • These scams have caused significant financial losses and psychological distress, especially targeting vulnerable groups.  
    • For instance, in Haryana’s Nuh village, there have been numerous reports of such frauds (including OTP scams), highlighting the widespread impact of these scams in rural areas. 
  • The Indian government blocked over 83,000 WhatsApp accounts linked to digital arrest scams in 2024, and losses of ₹120 crore were reported, reflecting the scale of the problem. 

 

Why India's Current Security Framework is Inadequate for the Rising Threats?  

• Fragmented Coordination Among Agencies and Jurisdictions: India’s cybersecurity ecosystem suffers from fragmented coordination across central and state agencies, leading to delayed response and enforcement gaps.  
  • Overlapping mandates and lack of unified protocols weaken rapid threat containment and intelligence sharing. Effective cybersecurity demands seamless inter-agency collaboration, which remains a work in progress. 
  •  Despite the establishment of I4C and Joint Cybercrime Coordination Teams (JCCT), cybercrime complaints surged to over 1.5 million in 2023, revealing systemic coordination challenges in timely mitigation. 
• Inadequate Skilled Cyber Workforce and Training: The rapid evolution of cyber threats outpaces the availability of skilled cybersecurity professionals, resulting in critical talent shortages.  
  • Training initiatives like CyTrain have helped but remain insufficient to meet the vast demand for experts across public and private sectors.  
  • This gap hampers effective threat detection, incident response, and proactive defense strategies. 
  • About 76,000 police officers have completed cybercrime training via MOOC platforms, still a major portion remains without specialized training..  
• Insufficient Adoption of Advanced Threat Detection Technologies: India’s security infrastructure largely relies on signature-based detection, inadequate against emerging sophisticated threats like zero-day exploits and AI-driven attacks.  
  • Slow adoption of behavior-based, AI-powered threat intelligence leaves critical vulnerabilities exposed.  
  • Modern cybersecurity demands cutting-edge technology integration to stay ahead of adaptive adversaries. 
  • Recent Seqrite data shows 85% reliance on signature-based detection, while only 14.5% of threats are identified through behavior-based methods, reflecting technology gaps. 
• Limited Focus on Cloud and API Security Governance: The surge in cloud adoption is not matched by robust governance frameworks to secure APIs and cloud configurations, creating widespread exposure.  
  • Many Indian enterprises lack comprehensive policies for continuous monitoring and patch management in cloud environments. 
  •  CERT-In recorded a 180% rise in cloud and API exploits in 2024, showing glaring deficiencies in cloud security posture. 
• Inadequate Regulation and Enforcement in Emerging Digital Domains: Rapid fintech, IoT, and digital payments growth outpaces regulatory frameworks, leaving critical sectors exposed to novel cyber threats.  
  • Existing laws are often reactive and fail to comprehensively address new attack vectors like AI-enabled fraud and IoT vulnerabilities. Regulatory agility and enforcement need urgent strengthening. 
  • The Digital Personal Data Protection Act, 2023 exempts AI tools from its provisions when processing personal data for research, archiving, or statistical purposes, as long as no decisions are made about individuals and prescribed standards are followed — a clause that opens the scope for potential exploitation. 
• Lack of a Proactive Cyber Offensive Strategy: India currently emphasizes defensive cybersecurity, but the absence of a well-articulated offensive cyber capability leaves adversaries unchallenged in cyberspace. 
  • Cyber deterrence through active countermeasures and threat hunting is critical to disrupt sophisticated attacks early. The “Super Cyber Force” concept is yet to be operationalized. 
  • PRAHAR’s report warns of cyberattacks rising to 1 trillion annually by 2033, stressing the urgency of strategic offensive capabilities. 
• Insufficient Investment in Cutting-Edge Cybersecurity Infrastructure:  India’s investments in AI-based threat detection, blockchain for data integrity, and next-gen firewalls lag behind global peers, undermining the defense against emerging multi-vector attacks.  
  • Budgetary constraints and prioritization issues delay the deployment of critical infrastructure enhancements. 

What Measures can India Adopt to Enhance Cyber Resilience?  

• Sovereign Cybersecurity Command with Integrated Threat Fusion: Create a high-powered, sovereign cybersecurity command center that acts as a nerve center for seamless integration of intelligence from CERT-In, I4C, Computer Security Incident Response Team, law enforcement, and private sector entities.  
  • This command should leverage real-time threat fusion, coordinated tactical responses, and strategic cyber deterrence policies to neutralize adversaries swiftly.  
  • Such a centralized architecture will transcend jurisdictional silos and create a resilient national cyber defense ecosystem with rapid decision-making capabilities. 
• Mandatory Sector-Specific Cyber Hygiene: Develop rigorous, industry-tailored cybersecurity compliance mandates that encompass continuous risk assessments, penetration testing, and incident reporting mechanisms.  
  • Frameworks should align with global standards like NIST but calibrated for India’s unique threat environment, especially targeting BFSI, healthcare, and critical infrastructure.  
  • Public disclosure of compliance levels can drive transparency, stakeholder accountability, and elevate baseline cyber hygiene nationwide. 
• National Cyber Talent Acceleration Ecosystem: Design and deploy a comprehensive national cyber workforce development initiative blending academia, industry, and government resources.  
  • Cybersecurity education goes beyond teaching technology; it enriches holistic learning by fostering critical thinking and problem-solving skills.  
  • In today’s digital age, where children’s lives are deeply connected to screens amid rising cybercrime, incorporating cybersecurity into school curriculums is essential.  
    • Ultimately, cybersecurity education strengthens children’s mental resilience against cyber threats and supports their overall social and cognitive development. 
• Invest in AI-Enabled Proactive Cyber Threat Hunting:  Develop state-of-the-art AI systems capable of ingesting vast, heterogeneous threat data streams to generate predictive threat intelligence and automate containment protocols.  
  • Leveraging deep learning models for advanced anomaly detection (like Mulehunter.AI of RBI), these systems should reduce mean time to detect (MTTD) and respond (MTTR), enabling preemptive disruption of advanced persistent threats (APTs) and zero-day exploits at scale. 
• Conduct Pan-India Cyber Literacy Drives: Scale up culturally nuanced cyber hygiene campaigns leveraging regional languages, folklore, and digital influencers to embed cybersecurity awareness deeply within diverse communities.  
  • Incorporate gamification, mobile learning, and school curricula integration to cultivate lifelong cyber-resilient behavior from grassroots.  
  • RBI’s collaboration with Panchayats and inclusion of celebrities like Amitabh Bachchan in automated phone warnings that alert callers about cyber fraud risks—a powerful step in protecting communities at the grassroots level. 
• Propel Indigenous Cybersecurity Innovation:  Create dedicated innovation hubs and accelerators that fund R&D in frontier cybersecurity technologies including quantum-safe encryption, AI-driven threat intelligence, blockchain for secure identity management, and hardware-based security modules.  
  • Foster cross-border research partnerships and knowledge exchange to position India as a global cybersecurity innovation leader while reducing dependence on foreign technology imports. 
• Institutionalize Multi-Domain Cyber Crisis Simulations: Regularly orchestrate large-scale, realistic cyber crisis simulations that incorporate cyber, physical infrastructure, financial systems, and supply chains.  
  • These exercises should engage all stakeholders—government agencies, critical infrastructure operators, fintech firms, telecom providers, and civil society—to identify systemic vulnerabilities, test crisis communications, and refine coordinated incident response strategies under high-pressure scenarios. 

Conclusion

The Marks & Spencer cyberattack highlights the urgent need for India to strengthen its cybersecurity posture amid rising sophisticated threats. The upcoming Digital India Act offers an optimistic path forward by aiming to enhance regulation, enforcement, and cyber resilience comprehensively building upon the Budapest Convention on Cybercrime.  

Drishti Mains Question: “Cybersecurity threats are increasingly becoming sophisticated and pose a significant challenge to India’s digital economy and national security. Discuss and suggest measures to strengthen India’s cyber resilience.”